X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=server%2Fruntime%2Forg.argeo.server.jcr%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fjcr%2Fsecurity%2FJcrAuthorizations.java;h=491f8a6fe4a4b36f07f9622462c62c09665a9a0d;hb=3a3d316af102ba410d1d9e6de349d0c8f7ac044f;hp=eb9da5fea6bab1fc7f9214d8e1e30f17e2de1cc0;hpb=d6689b6266b735baa0f9a2a0dcf14422a6a46377;p=lgpl%2Fargeo-commons.git
diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
index eb9da5fea..491f8a6fe 100644
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2012 Mathieu Baudier
+ * Copyright (C) 2007-2012 Argeo GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -27,19 +27,20 @@ import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
import org.argeo.ArgeoException;
import org.argeo.jcr.JcrUtils;
import org.argeo.util.security.SimplePrincipal;
/** Apply authorizations to a JCR repository. */
public class JcrAuthorizations implements Runnable {
- private final static Log log = LogFactory.getLog(JcrAuthorizations.class);
+ // private final static Log log =
+ // LogFactory.getLog(JcrAuthorizations.class);
private Repository repository;
private String workspace = null;
+ private String securityWorkspace = "security";
+
/**
* key := privilege1,privilege2/path/to/node
* value := group1,group2,user1
@@ -47,6 +48,37 @@ public class JcrAuthorizations implements Runnable {
private Map principalPrivileges = new HashMap();
public void run() {
+ String currentWorkspace = workspace;
+ Session session = null;
+ try {
+ if (workspace != null && workspace.equals("*")) {
+ session = repository.login();
+ String[] workspaces = session.getWorkspace()
+ .getAccessibleWorkspaceNames();
+ JcrUtils.logoutQuietly(session);
+ for (String wksp : workspaces) {
+ currentWorkspace = wksp;
+ if (currentWorkspace.equals(securityWorkspace))
+ continue;
+ session = repository.login(currentWorkspace);
+ initAuthorizations(session);
+ JcrUtils.logoutQuietly(session);
+ }
+ } else {
+ session = repository.login(workspace);
+ initAuthorizations(session);
+ }
+ } catch (Exception e) {
+ JcrUtils.discardQuietly(session);
+ throw new ArgeoException(
+ "Cannot set authorizations " + principalPrivileges
+ + " on workspace " + currentWorkspace, e);
+ } finally {
+ JcrUtils.logoutQuietly(session);
+ }
+ }
+
+ protected void processWorkspace(String workspace) {
Session session = null;
try {
session = repository.login(workspace);
@@ -94,12 +126,20 @@ public class JcrAuthorizations implements Runnable {
Principal principal = getOrCreatePrincipal(session,
principalName);
JcrUtils.addPrivileges(session, path, principal, privs);
+ // if (log.isDebugEnabled()) {
+ // StringBuffer privBuf = new StringBuffer();
+ // for (Privilege priv : privs)
+ // privBuf.append(priv.getName());
+ // log.debug("Added privileges " + privBuf + " to "
+ // + principal.getName() + " on " + path + " in '"
+ // + session.getWorkspace().getName() + "'");
+ // }
}
}
- if (log.isDebugEnabled())
- log.debug("All authorizations applied on workspace "
- + session.getWorkspace().getName());
+ // if (log.isDebugEnabled())
+ // log.debug("JCR authorizations applied on '"
+ // + session.getWorkspace().getName() + "'");
}
/**
@@ -176,4 +216,8 @@ public class JcrAuthorizations implements Runnable {
this.workspace = workspace;
}
+ public void setSecurityWorkspace(String securityWorkspace) {
+ this.securityWorkspace = securityWorkspace;
+ }
+
}