+
+ // protected synchronized void setSecurityHomeAuthorizations(User user) {
+ // // give read privileges on user security home
+ // String userId = "<not yet set>";
+ // try {
+ // userId = user.getID();
+ // Node userHome = SecurityJcrUtils.getUserHome(getSystemSession(), userId);
+ // if (userHome == null)
+ // throw new ArgeoException("No security home available for user "
+ // + userId);
+ //
+ // String path = userHome.getPath();
+ // Principal principal = user.getPrincipal();
+ //
+ // JackrabbitAccessControlManager acm = (JackrabbitAccessControlManager)
+ // getSystemSession()
+ // .getAccessControlManager();
+ // JackrabbitAccessControlPolicy[] ps = acm
+ // .getApplicablePolicies(principal);
+ // if (ps.length == 0) {
+ // // log.warn("No ACL found for " + user);
+ // return;
+ // }
+ //
+ // JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0];
+ //
+ // // add entry
+ // Privilege[] privileges = new Privilege[] { acm
+ // .privilegeFromName(Privilege.JCR_READ) };
+ // Map<String, Value> restrictions = new HashMap<String, Value>();
+ // ValueFactory vf = getSystemSession().getValueFactory();
+ // restrictions.put("rep:nodePath",
+ // vf.createValue(path, PropertyType.PATH));
+ // restrictions.put("rep:glob", vf.createValue("*"));
+ // list.addEntry(principal, privileges, true /* allow or deny */,
+ // restrictions);
+ // } catch (Exception e) {
+ // e.printStackTrace();
+ // throw new ArgeoException(
+ // "Cannot set authorization on security home for " + userId
+ // + ": " + e.getMessage());
+ // }
+ //
+ // }
+
+ @Override
+ protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() {
+ WorkspaceAccessManager wam = super
+ .createDefaultWorkspaceAccessManager();
+ return new ArgeoWorkspaceAccessManagerImpl(wam);
+ }
+
+ private class ArgeoWorkspaceAccessManagerImpl implements SecurityConstants,
+ WorkspaceAccessManager {
+ private final WorkspaceAccessManager wam;
+
+ // private String defaultWorkspace;
+
+ public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam) {
+ super();
+ this.wam = wam;
+ }
+
+ public void init(Session systemSession) throws RepositoryException {
+ wam.init(systemSession);
+ // defaultWorkspace = ((RepositoryImpl) getRepository()).getConfig()
+ // .getDefaultWorkspaceName();
+ }
+
+ public void close() throws RepositoryException {
+ }
+
+ public boolean grants(Set<Principal> principals, String workspaceName)
+ throws RepositoryException {
+ // everybody has access to all workspaces
+ // TODO: implements finer access to workspaces
+ return true;
+
+ // anonymous has access to the default workspace (required for
+ // remoting which does a default login when initializing the
+ // repository)
+ // Boolean anonymous = false;
+ // for (Principal principal : principals)
+ // if (principal instanceof AnonymousPrincipal)
+ // anonymous = true;
+ //
+ // if (anonymous && workspaceName.equals(defaultWorkspace))
+ // return true;
+ // else
+ // return wam.grants(principals, workspaceName);
+ }
+ }
+