X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=server%2Fruntime%2Forg.argeo.server.jcr%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fjcr%2Fsecurity%2FJcrAuthorizations.java;h=eb9da5fea6bab1fc7f9214d8e1e30f17e2de1cc0;hb=9884b3225a86b831917b10376925eebcbf99e513;hp=ce6ad6a2af372aee9af550603bbcad2debe790d4;hpb=fd4d04608728c25a4f625d268a12ed87881dd600;p=lgpl%2Fargeo-commons.git diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java index ce6ad6a2a..eb9da5fea 100644 --- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java +++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java @@ -1,3 +1,18 @@ +/* + * Copyright (C) 2007-2012 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.argeo.jcr.security; import java.security.Principal; @@ -9,10 +24,7 @@ import java.util.Map; import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; -import javax.jcr.security.AccessControlList; import javax.jcr.security.AccessControlManager; -import javax.jcr.security.AccessControlPolicy; -import javax.jcr.security.AccessControlPolicyIterator; import javax.jcr.security.Privilege; import org.apache.commons.logging.Log; @@ -41,6 +53,8 @@ public class JcrAuthorizations implements Runnable { initAuthorizations(session); } catch (Exception e) { JcrUtils.discardQuietly(session); + throw new ArgeoException("Cannot set authorizations " + + principalPrivileges + " on repository " + repository, e); } finally { JcrUtils.logoutQuietly(session); } @@ -79,10 +93,13 @@ public class JcrAuthorizations implements Runnable { for (String principalName : principalNames.split(",")) { Principal principal = getOrCreatePrincipal(session, principalName); - addPrivileges(session, principal, path, privs); + JcrUtils.addPrivileges(session, path, principal, privs); } } - session.save(); + + if (log.isDebugEnabled()) + log.debug("All authorizations applied on workspace " + + session.getWorkspace().getName()); } /** @@ -95,51 +112,52 @@ public class JcrAuthorizations implements Runnable { return new SimplePrincipal(principalName); } - public static void addPrivileges(Session session, Principal principal, - String path, List privs) throws RepositoryException { - AccessControlManager acm = session.getAccessControlManager(); - // search for an access control list - AccessControlList acl = null; - AccessControlPolicyIterator policyIterator = acm - .getApplicablePolicies(path); - if (policyIterator.hasNext()) { - while (policyIterator.hasNext()) { - AccessControlPolicy acp = policyIterator - .nextAccessControlPolicy(); - if (acp instanceof AccessControlList) - acl = ((AccessControlList) acp); - } - } else { - AccessControlPolicy[] existingPolicies = acm.getPolicies(path); - for (AccessControlPolicy acp : existingPolicies) { - if (acp instanceof AccessControlList) - acl = ((AccessControlList) acp); - } - } - - if (acl != null) { - acl.addAccessControlEntry(principal, - privs.toArray(new Privilege[privs.size()])); - acm.setPolicy(path, acl); - if (log.isDebugEnabled()) { - StringBuffer buf = new StringBuffer(""); - for (int i = 0; i < privs.size(); i++) { - if (i != 0) - buf.append(','); - buf.append(privs.get(i).getName()); - } - log.debug("Added privilege(s) '" + buf + "' to '" - + principal.getName() + "' on " + path - + " from workspace '" - + session.getWorkspace().getName() + "'"); - } - } else { - throw new ArgeoException("Don't know how to apply privileges " - + privs + " to " + principal + " on " + path - + " from workspace '" + session.getWorkspace().getName() - + "'"); - } - } + // public static void addPrivileges(Session session, Principal principal, + // String path, List privs) throws RepositoryException { + // AccessControlManager acm = session.getAccessControlManager(); + // // search for an access control list + // AccessControlList acl = null; + // AccessControlPolicyIterator policyIterator = acm + // .getApplicablePolicies(path); + // if (policyIterator.hasNext()) { + // while (policyIterator.hasNext()) { + // AccessControlPolicy acp = policyIterator + // .nextAccessControlPolicy(); + // if (acp instanceof AccessControlList) + // acl = ((AccessControlList) acp); + // } + // } else { + // AccessControlPolicy[] existingPolicies = acm.getPolicies(path); + // for (AccessControlPolicy acp : existingPolicies) { + // if (acp instanceof AccessControlList) + // acl = ((AccessControlList) acp); + // } + // } + // + // if (acl != null) { + // acl.addAccessControlEntry(principal, + // privs.toArray(new Privilege[privs.size()])); + // acm.setPolicy(path, acl); + // session.save(); + // if (log.isDebugEnabled()) { + // StringBuffer buf = new StringBuffer(""); + // for (int i = 0; i < privs.size(); i++) { + // if (i != 0) + // buf.append(','); + // buf.append(privs.get(i).getName()); + // } + // log.debug("Added privilege(s) '" + buf + "' to '" + // + principal.getName() + "' on " + path + // + " from workspace '" + // + session.getWorkspace().getName() + "'"); + // } + // } else { + // throw new ArgeoException("Don't know how to apply privileges " + // + privs + " to " + principal + " on " + path + // + " from workspace '" + session.getWorkspace().getName() + // + "'"); + // } + // } @Deprecated public void setGroupPrivileges(Map groupPrivileges) {