]> git.argeo.org Git - lgpl/argeo-commons.git/blob - jackrabbit/JackrabbitAuthorizations.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / jackrabbit / JackrabbitAuthorizations.java
1 package org.argeo.jackrabbit;
2
3 import java.util.ArrayList;
4 import java.util.HashMap;
5 import java.util.List;
6 import java.util.Map;
7 import java.util.concurrent.Executor;
8
9 import javax.jcr.Repository;
10 import javax.jcr.RepositoryException;
11 import javax.jcr.security.AccessControlList;
12 import javax.jcr.security.AccessControlPolicy;
13 import javax.jcr.security.AccessControlPolicyIterator;
14 import javax.jcr.security.Privilege;
15
16 import org.apache.commons.logging.Log;
17 import org.apache.commons.logging.LogFactory;
18 import org.apache.jackrabbit.api.JackrabbitSession;
19 import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
20 import org.apache.jackrabbit.api.security.user.Group;
21 import org.apache.jackrabbit.api.security.user.UserManager;
22 import org.argeo.ArgeoException;
23 import org.argeo.jcr.JcrUtils;
24
25 public class JackrabbitAuthorizations {
26 private final static Log log = LogFactory
27 .getLog(JackrabbitAuthorizations.class);
28
29 private Repository repository;
30 private Executor systemExecutor;
31
32 /**
33 * key := privilege1,privilege2/path/to/node<br/>
34 * value := group1,group2
35 */
36 private Map<String, String> groupPrivileges = new HashMap<String, String>();
37
38 public void init() {
39 systemExecutor.execute(new Runnable() {
40 public void run() {
41 JackrabbitSession session = null;
42 try {
43 session = (JackrabbitSession) repository.login();
44 initAuthorizations(session);
45 } catch (Exception e) {
46 JcrUtils.discardQuietly(session);
47 } finally {
48 JcrUtils.logoutQuietly(session);
49 }
50 }
51 });
52 }
53
54 protected void initAuthorizations(JackrabbitSession session)
55 throws RepositoryException {
56 JackrabbitAccessControlManager acm = (JackrabbitAccessControlManager) session
57 .getAccessControlManager();
58 UserManager um = session.getUserManager();
59
60 for (String privileges : groupPrivileges.keySet()) {
61 String path = null;
62 int slashIndex = privileges.indexOf('/');
63 if (slashIndex == 0) {
64 throw new ArgeoException("Privilege " + privileges
65 + " badly formatted it starts with /");
66 } else if (slashIndex > 0) {
67 path = privileges.substring(slashIndex);
68 privileges = privileges.substring(0, slashIndex);
69 }
70
71 if (path == null)
72 path = "/";
73
74 List<Privilege> privs = new ArrayList<Privilege>();
75 for (String priv : privileges.split(",")) {
76 privs.add(acm.privilegeFromName(priv));
77 }
78
79 String groupNames = groupPrivileges.get(privileges);
80 for (String groupName : groupNames.split(",")) {
81 Group group = (Group) um.getAuthorizable(groupName);
82 if (group == null)
83 group = um.createGroup(groupName);
84
85 AccessControlPolicy policy = null;
86 AccessControlPolicyIterator policyIterator = acm
87 .getApplicablePolicies(path);
88 if (policyIterator.hasNext()) {
89 policy = policyIterator.nextAccessControlPolicy();
90 } else {
91 AccessControlPolicy[] existingPolicies = acm
92 .getPolicies(path);
93 policy = existingPolicies[0];
94 }
95 if (policy instanceof AccessControlList) {
96 ((AccessControlList) policy).addAccessControlEntry(
97 group.getPrincipal(),
98 privs.toArray(new Privilege[privs.size()]));
99 acm.setPolicy(path, policy);
100 }
101 if (log.isDebugEnabled())
102 log.debug("Added privileges " + privileges + " to "
103 + groupName + " on " + path);
104 }
105 }
106 session.save();
107 }
108
109 public void setGroupPrivileges(Map<String, String> groupPrivileges) {
110 this.groupPrivileges = groupPrivileges;
111 }
112
113 public void setRepository(Repository repository) {
114 this.repository = repository;
115 }
116
117 public void setSystemExecutor(Executor systemExecutor) {
118 this.systemExecutor = systemExecutor;
119 }
120
121 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi