]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.jcr/src/org/argeo/jcr/JcrAuthorizations.java
2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.jcr
;
18 import java
.security
.Principal
;
19 import java
.util
.ArrayList
;
20 import java
.util
.HashMap
;
21 import java
.util
.List
;
24 import javax
.jcr
.Repository
;
25 import javax
.jcr
.RepositoryException
;
26 import javax
.jcr
.Session
;
27 import javax
.jcr
.security
.AccessControlManager
;
28 import javax
.jcr
.security
.Privilege
;
29 import javax
.naming
.InvalidNameException
;
30 import javax
.naming
.ldap
.LdapName
;
32 /** Apply authorizations to a JCR repository. */
33 public class JcrAuthorizations
implements Runnable
{
34 // private final static Log log =
35 // LogFactory.getLog(JcrAuthorizations.class);
37 private Repository repository
;
38 private String workspace
= null;
40 private String securityWorkspace
= "security";
43 * key := privilege1,privilege2/path/to/node<br/>
44 * value := group1,group2,user1
46 private Map
<String
, String
> principalPrivileges
= new HashMap
<String
, String
>();
49 String currentWorkspace
= workspace
;
50 Session session
= null;
52 if (workspace
!= null && workspace
.equals("*")) {
53 session
= repository
.login();
54 String
[] workspaces
= session
.getWorkspace().getAccessibleWorkspaceNames();
55 JcrUtils
.logoutQuietly(session
);
56 for (String wksp
: workspaces
) {
57 currentWorkspace
= wksp
;
58 if (currentWorkspace
.equals(securityWorkspace
))
60 session
= repository
.login(currentWorkspace
);
61 initAuthorizations(session
);
62 JcrUtils
.logoutQuietly(session
);
65 session
= repository
.login(workspace
);
66 initAuthorizations(session
);
68 } catch (Exception e
) {
69 JcrUtils
.discardQuietly(session
);
70 throw new ArgeoJcrException(
71 "Cannot set authorizations " + principalPrivileges
+ " on workspace " + currentWorkspace
, e
);
73 JcrUtils
.logoutQuietly(session
);
77 protected void processWorkspace(String workspace
) {
78 Session session
= null;
80 session
= repository
.login(workspace
);
81 initAuthorizations(session
);
82 } catch (Exception e
) {
83 JcrUtils
.discardQuietly(session
);
84 throw new ArgeoJcrException(
85 "Cannot set authorizations " + principalPrivileges
+ " on repository " + repository
, e
);
87 JcrUtils
.logoutQuietly(session
);
91 /** @deprecated call {@link #run()} instead. */
97 protected void initAuthorizations(Session session
) throws RepositoryException
{
98 AccessControlManager acm
= session
.getAccessControlManager();
100 for (String privileges
: principalPrivileges
.keySet()) {
102 int slashIndex
= privileges
.indexOf('/');
103 if (slashIndex
== 0) {
104 throw new ArgeoJcrException("Privilege " + privileges
+ " badly formatted it starts with /");
105 } else if (slashIndex
> 0) {
106 path
= privileges
.substring(slashIndex
);
107 privileges
= privileges
.substring(0, slashIndex
);
113 List
<Privilege
> privs
= new ArrayList
<Privilege
>();
114 for (String priv
: privileges
.split(",")) {
115 privs
.add(acm
.privilegeFromName(priv
));
118 String principalNames
= principalPrivileges
.get(privileges
);
120 new LdapName(principalNames
);
121 // TODO differentiate groups and users ?
122 Principal principal
= getOrCreatePrincipal(session
, principalNames
);
123 JcrUtils
.addPrivileges(session
, path
, principal
, privs
);
124 } catch (InvalidNameException e
) {
125 for (String principalName
: principalNames
.split(",")) {
126 Principal principal
= getOrCreatePrincipal(session
, principalName
);
127 JcrUtils
.addPrivileges(session
, path
, principal
, privs
);
128 // if (log.isDebugEnabled()) {
129 // StringBuffer privBuf = new StringBuffer();
130 // for (Privilege priv : privs)
131 // privBuf.append(priv.getName());
132 // log.debug("Added privileges " + privBuf + " to "
133 // + principal.getName() + " on " + path + " in '"
134 // + session.getWorkspace().getName() + "'");
140 // if (log.isDebugEnabled())
141 // log.debug("JCR authorizations applied on '"
142 // + session.getWorkspace().getName() + "'");
146 * Returns a {@link SimplePrincipal}, does not check whether it exists since
147 * such capabilities is not provided by the standard JCR API. Can be
148 * overridden to provide smarter handling
150 protected Principal
getOrCreatePrincipal(Session session
, String principalName
) throws RepositoryException
{
151 return new SimplePrincipal(principalName
);
154 // public static void addPrivileges(Session session, Principal principal,
155 // String path, List<Privilege> privs) throws RepositoryException {
156 // AccessControlManager acm = session.getAccessControlManager();
157 // // search for an access control list
158 // AccessControlList acl = null;
159 // AccessControlPolicyIterator policyIterator = acm
160 // .getApplicablePolicies(path);
161 // if (policyIterator.hasNext()) {
162 // while (policyIterator.hasNext()) {
163 // AccessControlPolicy acp = policyIterator
164 // .nextAccessControlPolicy();
165 // if (acp instanceof AccessControlList)
166 // acl = ((AccessControlList) acp);
169 // AccessControlPolicy[] existingPolicies = acm.getPolicies(path);
170 // for (AccessControlPolicy acp : existingPolicies) {
171 // if (acp instanceof AccessControlList)
172 // acl = ((AccessControlList) acp);
176 // if (acl != null) {
177 // acl.addAccessControlEntry(principal,
178 // privs.toArray(new Privilege[privs.size()]));
179 // acm.setPolicy(path, acl);
181 // if (log.isDebugEnabled()) {
182 // StringBuffer buf = new StringBuffer("");
183 // for (int i = 0; i < privs.size(); i++) {
186 // buf.append(privs.get(i).getName());
188 // log.debug("Added privilege(s) '" + buf + "' to '"
189 // + principal.getName() + "' on " + path
190 // + " from workspace '"
191 // + session.getWorkspace().getName() + "'");
194 // throw new ArgeoJcrException("Don't know how to apply privileges "
195 // + privs + " to " + principal + " on " + path
196 // + " from workspace '" + session.getWorkspace().getName()
202 public void setGroupPrivileges(Map
<String
, String
> groupPrivileges
) {
203 this.principalPrivileges
= groupPrivileges
;
206 public void setPrincipalPrivileges(Map
<String
, String
> principalPrivileges
) {
207 this.principalPrivileges
= principalPrivileges
;
210 public void setRepository(Repository repository
) {
211 this.repository
= repository
;
214 public void setWorkspace(String workspace
) {
215 this.workspace
= workspace
;
218 public void setSecurityWorkspace(String securityWorkspace
) {
219 this.securityWorkspace
= securityWorkspace
;