X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=server%2Fruntime%2Forg.argeo.server.jcr%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fjcr%2Fsecurity%2FJcrAuthorizations.java;h=ddccf571935196f714b6760ca83197cf00e21e81;hb=0450e423bd759c9e27b43044670e659271392d71;hp=f6741624c007c0a59f304b6a9cb1cef6e9ff63d7;hpb=18c8ea2376fe85245d50a98ea7c0a95a51b17370;p=lgpl%2Fargeo-commons.git
diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
index f6741624c..ddccf5719 100644
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.argeo.jcr.security;
import java.security.Principal;
@@ -9,10 +24,7 @@ import java.util.Map;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.commons.logging.Log;
@@ -26,6 +38,7 @@ public class JcrAuthorizations implements Runnable {
private final static Log log = LogFactory.getLog(JcrAuthorizations.class);
private Repository repository;
+ private String workspace = null;
/**
* key := privilege1,privilege2/path/to/node
@@ -36,7 +49,7 @@ public class JcrAuthorizations implements Runnable {
public void run() {
Session session = null;
try {
- session = repository.login();
+ session = repository.login(workspace);
initAuthorizations(session);
} catch (Exception e) {
JcrUtils.discardQuietly(session);
@@ -78,10 +91,13 @@ public class JcrAuthorizations implements Runnable {
for (String principalName : principalNames.split(",")) {
Principal principal = getOrCreatePrincipal(session,
principalName);
- addPrivileges(session, principal, path, privs);
+ JcrUtils.addPrivileges(session, path, principal, privs);
}
}
- session.save();
+
+ if (log.isDebugEnabled())
+ log.debug("All authorizations applied on workspace "
+ + session.getWorkspace().getName());
}
/**
@@ -94,40 +110,52 @@ public class JcrAuthorizations implements Runnable {
return new SimplePrincipal(principalName);
}
- public static void addPrivileges(Session session, Principal principal,
- String path, List privs) throws RepositoryException {
- AccessControlManager acm = session.getAccessControlManager();
- // search for an access control list
- AccessControlList acl = null;
- AccessControlPolicyIterator policyIterator = acm
- .getApplicablePolicies(path);
- if (policyIterator.hasNext()) {
- while (policyIterator.hasNext()) {
- AccessControlPolicy acp = policyIterator
- .nextAccessControlPolicy();
- if (acp instanceof AccessControlList)
- acl = ((AccessControlList) acp);
- }
- } else {
- AccessControlPolicy[] existingPolicies = acm.getPolicies(path);
- for (AccessControlPolicy acp : existingPolicies) {
- if (acp instanceof AccessControlList)
- acl = ((AccessControlList) acp);
- }
- }
-
- if (acl != null) {
- acl.addAccessControlEntry(principal,
- privs.toArray(new Privilege[privs.size()]));
- acm.setPolicy(path, acl);
- if (log.isDebugEnabled())
- log.debug("Added privileges " + privs + " to " + principal
- + " on " + path);
- } else {
- throw new ArgeoException("Don't know how to apply privileges "
- + privs + " to " + principal + " on " + path);
- }
- }
+ // public static void addPrivileges(Session session, Principal principal,
+ // String path, List privs) throws RepositoryException {
+ // AccessControlManager acm = session.getAccessControlManager();
+ // // search for an access control list
+ // AccessControlList acl = null;
+ // AccessControlPolicyIterator policyIterator = acm
+ // .getApplicablePolicies(path);
+ // if (policyIterator.hasNext()) {
+ // while (policyIterator.hasNext()) {
+ // AccessControlPolicy acp = policyIterator
+ // .nextAccessControlPolicy();
+ // if (acp instanceof AccessControlList)
+ // acl = ((AccessControlList) acp);
+ // }
+ // } else {
+ // AccessControlPolicy[] existingPolicies = acm.getPolicies(path);
+ // for (AccessControlPolicy acp : existingPolicies) {
+ // if (acp instanceof AccessControlList)
+ // acl = ((AccessControlList) acp);
+ // }
+ // }
+ //
+ // if (acl != null) {
+ // acl.addAccessControlEntry(principal,
+ // privs.toArray(new Privilege[privs.size()]));
+ // acm.setPolicy(path, acl);
+ // session.save();
+ // if (log.isDebugEnabled()) {
+ // StringBuffer buf = new StringBuffer("");
+ // for (int i = 0; i < privs.size(); i++) {
+ // if (i != 0)
+ // buf.append(',');
+ // buf.append(privs.get(i).getName());
+ // }
+ // log.debug("Added privilege(s) '" + buf + "' to '"
+ // + principal.getName() + "' on " + path
+ // + " from workspace '"
+ // + session.getWorkspace().getName() + "'");
+ // }
+ // } else {
+ // throw new ArgeoException("Don't know how to apply privileges "
+ // + privs + " to " + principal + " on " + path
+ // + " from workspace '" + session.getWorkspace().getName()
+ // + "'");
+ // }
+ // }
@Deprecated
public void setGroupPrivileges(Map groupPrivileges) {
@@ -142,4 +170,8 @@ public class JcrAuthorizations implements Runnable {
this.repository = repository;
}
+ public void setWorkspace(String workspace) {
+ this.workspace = workspace;
+ }
+
}