]> git.argeo.org Git - lgpl/argeo-commons.git/blob - server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Improve logging
[lgpl/argeo-commons.git] / server / runtime / org.argeo.server.jcr / src / main / java / org / argeo / jcr / security / JcrAuthorizations.java
1 package org.argeo.jcr.security;
2
3 import java.security.Principal;
4 import java.util.ArrayList;
5 import java.util.HashMap;
6 import java.util.List;
7 import java.util.Map;
8
9 import javax.jcr.Repository;
10 import javax.jcr.RepositoryException;
11 import javax.jcr.Session;
12 import javax.jcr.security.AccessControlList;
13 import javax.jcr.security.AccessControlManager;
14 import javax.jcr.security.AccessControlPolicy;
15 import javax.jcr.security.AccessControlPolicyIterator;
16 import javax.jcr.security.Privilege;
17
18 import org.apache.commons.logging.Log;
19 import org.apache.commons.logging.LogFactory;
20 import org.argeo.ArgeoException;
21 import org.argeo.jcr.JcrUtils;
22 import org.argeo.util.security.SimplePrincipal;
23
24 /** Apply authorizations to a JCR repository. */
25 public class JcrAuthorizations implements Runnable {
26 private final static Log log = LogFactory.getLog(JcrAuthorizations.class);
27
28 private Repository repository;
29 private String workspace = null;
30
31 /**
32 * key := privilege1,privilege2/path/to/node<br/>
33 * value := group1,group2,user1
34 */
35 private Map<String, String> principalPrivileges = new HashMap<String, String>();
36
37 public void run() {
38 Session session = null;
39 try {
40 session = repository.login(workspace);
41 initAuthorizations(session);
42 } catch (Exception e) {
43 JcrUtils.discardQuietly(session);
44 } finally {
45 JcrUtils.logoutQuietly(session);
46 }
47 }
48
49 /** @deprecated call {@link #run()} instead. */
50 @Deprecated
51 public void init() {
52 run();
53 }
54
55 protected void initAuthorizations(Session session)
56 throws RepositoryException {
57 AccessControlManager acm = session.getAccessControlManager();
58
59 for (String privileges : principalPrivileges.keySet()) {
60 String path = null;
61 int slashIndex = privileges.indexOf('/');
62 if (slashIndex == 0) {
63 throw new ArgeoException("Privilege " + privileges
64 + " badly formatted it starts with /");
65 } else if (slashIndex > 0) {
66 path = privileges.substring(slashIndex);
67 privileges = privileges.substring(0, slashIndex);
68 }
69
70 if (path == null)
71 path = "/";
72
73 List<Privilege> privs = new ArrayList<Privilege>();
74 for (String priv : privileges.split(",")) {
75 privs.add(acm.privilegeFromName(priv));
76 }
77
78 String principalNames = principalPrivileges.get(privileges);
79 for (String principalName : principalNames.split(",")) {
80 Principal principal = getOrCreatePrincipal(session,
81 principalName);
82 addPrivileges(session, principal, path, privs);
83 }
84 }
85 session.save();
86 }
87
88 /**
89 * Returns a {@link SimplePrincipal}, does not check whether it exists since
90 * such capabilities is not provided by the standard JCR API. Can be
91 * overridden to provide smarter handling
92 */
93 protected Principal getOrCreatePrincipal(Session session,
94 String principalName) throws RepositoryException {
95 return new SimplePrincipal(principalName);
96 }
97
98 public static void addPrivileges(Session session, Principal principal,
99 String path, List<Privilege> privs) throws RepositoryException {
100 AccessControlManager acm = session.getAccessControlManager();
101 // search for an access control list
102 AccessControlList acl = null;
103 AccessControlPolicyIterator policyIterator = acm
104 .getApplicablePolicies(path);
105 if (policyIterator.hasNext()) {
106 while (policyIterator.hasNext()) {
107 AccessControlPolicy acp = policyIterator
108 .nextAccessControlPolicy();
109 if (acp instanceof AccessControlList)
110 acl = ((AccessControlList) acp);
111 }
112 } else {
113 AccessControlPolicy[] existingPolicies = acm.getPolicies(path);
114 for (AccessControlPolicy acp : existingPolicies) {
115 if (acp instanceof AccessControlList)
116 acl = ((AccessControlList) acp);
117 }
118 }
119
120 if (acl != null) {
121 acl.addAccessControlEntry(principal,
122 privs.toArray(new Privilege[privs.size()]));
123 acm.setPolicy(path, acl);
124 if (log.isDebugEnabled()) {
125 StringBuffer buf = new StringBuffer("");
126 for (int i = 0; i < privs.size(); i++) {
127 if (i != 0)
128 buf.append(',');
129 buf.append(privs.get(i).getName());
130 }
131 log.debug("Added privilege(s) '" + buf + "' to '"
132 + principal.getName() + "' on " + path
133 + " from workspace '"
134 + session.getWorkspace().getName() + "'");
135 }
136 } else {
137 throw new ArgeoException("Don't know how to apply privileges "
138 + privs + " to " + principal + " on " + path
139 + " from workspace '" + session.getWorkspace().getName()
140 + "'");
141 }
142 }
143
144 @Deprecated
145 public void setGroupPrivileges(Map<String, String> groupPrivileges) {
146 this.principalPrivileges = groupPrivileges;
147 }
148
149 public void setPrincipalPrivileges(Map<String, String> principalPrivileges) {
150 this.principalPrivileges = principalPrivileges;
151 }
152
153 public void setRepository(Repository repository) {
154 this.repository = repository;
155 }
156
157 public void setWorkspace(String workspace) {
158 this.workspace = workspace;
159 }
160
161 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi