1 package org
.argeo
.jackrabbit
;
3 import java
.util
.ArrayList
;
4 import java
.util
.HashMap
;
7 import java
.util
.concurrent
.Executor
;
9 import javax
.jcr
.Repository
;
10 import javax
.jcr
.RepositoryException
;
11 import javax
.jcr
.security
.AccessControlList
;
12 import javax
.jcr
.security
.AccessControlPolicy
;
13 import javax
.jcr
.security
.AccessControlPolicyIterator
;
14 import javax
.jcr
.security
.Privilege
;
16 import org
.apache
.commons
.logging
.Log
;
17 import org
.apache
.commons
.logging
.LogFactory
;
18 import org
.apache
.jackrabbit
.api
.JackrabbitSession
;
19 import org
.apache
.jackrabbit
.api
.security
.JackrabbitAccessControlManager
;
20 import org
.apache
.jackrabbit
.api
.security
.user
.Authorizable
;
21 import org
.apache
.jackrabbit
.api
.security
.user
.Group
;
22 import org
.apache
.jackrabbit
.api
.security
.user
.UserManager
;
23 import org
.argeo
.ArgeoException
;
24 import org
.argeo
.jcr
.JcrUtils
;
26 /** Apply authorizations to a Jackrabbit repository. */
27 public class JackrabbitAuthorizations
{
28 private final static Log log
= LogFactory
29 .getLog(JackrabbitAuthorizations
.class);
31 private Repository repository
;
32 private Executor systemExecutor
;
35 * key := privilege1,privilege2/path/to/node<br/>
36 * value := group1,group2
38 private Map
<String
, String
> groupPrivileges
= new HashMap
<String
, String
>();
41 Runnable action
= new Runnable() {
43 JackrabbitSession session
= null;
45 session
= (JackrabbitSession
) repository
.login();
46 initAuthorizations(session
);
47 } catch (Exception e
) {
48 JcrUtils
.discardQuietly(session
);
50 JcrUtils
.logoutQuietly(session
);
55 if (systemExecutor
!= null)
56 systemExecutor
.execute(action
);
61 protected void initAuthorizations(JackrabbitSession session
)
62 throws RepositoryException
{
63 JackrabbitAccessControlManager acm
= (JackrabbitAccessControlManager
) session
64 .getAccessControlManager();
65 UserManager um
= session
.getUserManager();
67 for (String privileges
: groupPrivileges
.keySet()) {
69 int slashIndex
= privileges
.indexOf('/');
70 if (slashIndex
== 0) {
71 throw new ArgeoException("Privilege " + privileges
72 + " badly formatted it starts with /");
73 } else if (slashIndex
> 0) {
74 path
= privileges
.substring(slashIndex
);
75 privileges
= privileges
.substring(0, slashIndex
);
81 List
<Privilege
> privs
= new ArrayList
<Privilege
>();
82 for (String priv
: privileges
.split(",")) {
83 privs
.add(acm
.privilegeFromName(priv
));
86 String groupNames
= groupPrivileges
.get(privileges
);
87 for (String groupName
: groupNames
.split(",")) {
88 Group group
= (Group
) um
.getAuthorizable(groupName
);
90 group
= um
.createGroup(groupName
);
91 addPrivileges(session
, group
, path
, privs
);
97 public static void addPrivileges(JackrabbitSession session
,
98 Authorizable authorizable
, String path
, List
<Privilege
> privs
)
99 throws RepositoryException
{
100 JackrabbitAccessControlManager acm
= (JackrabbitAccessControlManager
) session
101 .getAccessControlManager();
102 AccessControlPolicy policy
= null;
103 AccessControlPolicyIterator policyIterator
= acm
104 .getApplicablePolicies(path
);
105 if (policyIterator
.hasNext()) {
106 policy
= policyIterator
.nextAccessControlPolicy();
108 AccessControlPolicy
[] existingPolicies
= acm
.getPolicies(path
);
109 policy
= existingPolicies
[0];
111 if (policy
instanceof AccessControlList
) {
112 ((AccessControlList
) policy
).addAccessControlEntry(
113 authorizable
.getPrincipal(),
114 privs
.toArray(new Privilege
[privs
.size()]));
115 acm
.setPolicy(path
, policy
);
117 if (log
.isDebugEnabled())
118 log
.debug("Added privileges " + privs
+ " to " + authorizable
122 public void setGroupPrivileges(Map
<String
, String
> groupPrivileges
) {
123 this.groupPrivileges
= groupPrivileges
;
126 public void setRepository(Repository repository
) {
127 this.repository
= repository
;
130 public void setSystemExecutor(Executor systemExecutor
) {
131 this.systemExecutor
= systemExecutor
;