1 package org
.argeo
.jcr
.security
;
3 import java
.security
.Principal
;
4 import java
.util
.ArrayList
;
5 import java
.util
.HashMap
;
9 import javax
.jcr
.Repository
;
10 import javax
.jcr
.RepositoryException
;
11 import javax
.jcr
.Session
;
12 import javax
.jcr
.security
.AccessControlList
;
13 import javax
.jcr
.security
.AccessControlManager
;
14 import javax
.jcr
.security
.AccessControlPolicy
;
15 import javax
.jcr
.security
.AccessControlPolicyIterator
;
16 import javax
.jcr
.security
.Privilege
;
18 import org
.apache
.commons
.logging
.Log
;
19 import org
.apache
.commons
.logging
.LogFactory
;
20 import org
.argeo
.ArgeoException
;
21 import org
.argeo
.jcr
.JcrUtils
;
22 import org
.argeo
.util
.security
.SimplePrincipal
;
24 /** Apply authorizations to a JCR repository. */
25 public class JcrAuthorizations
implements Runnable
{
26 private final static Log log
= LogFactory
.getLog(JcrAuthorizations
.class);
28 private Repository repository
;
29 private String workspace
= null;
32 * key := privilege1,privilege2/path/to/node<br/>
33 * value := group1,group2,user1
35 private Map
<String
, String
> principalPrivileges
= new HashMap
<String
, String
>();
38 Session session
= null;
40 session
= repository
.login(workspace
);
41 initAuthorizations(session
);
42 } catch (Exception e
) {
43 JcrUtils
.discardQuietly(session
);
45 JcrUtils
.logoutQuietly(session
);
49 /** @deprecated call {@link #run()} instead. */
55 protected void initAuthorizations(Session session
)
56 throws RepositoryException
{
57 AccessControlManager acm
= session
.getAccessControlManager();
59 for (String privileges
: principalPrivileges
.keySet()) {
61 int slashIndex
= privileges
.indexOf('/');
62 if (slashIndex
== 0) {
63 throw new ArgeoException("Privilege " + privileges
64 + " badly formatted it starts with /");
65 } else if (slashIndex
> 0) {
66 path
= privileges
.substring(slashIndex
);
67 privileges
= privileges
.substring(0, slashIndex
);
73 List
<Privilege
> privs
= new ArrayList
<Privilege
>();
74 for (String priv
: privileges
.split(",")) {
75 privs
.add(acm
.privilegeFromName(priv
));
78 String principalNames
= principalPrivileges
.get(privileges
);
79 for (String principalName
: principalNames
.split(",")) {
80 Principal principal
= getOrCreatePrincipal(session
,
82 addPrivileges(session
, principal
, path
, privs
);
89 * Returns a {@link SimplePrincipal}, does not check whether it exists since
90 * such capabilities is not provided by the standard JCR API. Can be
91 * overridden to provide smarter handling
93 protected Principal
getOrCreatePrincipal(Session session
,
94 String principalName
) throws RepositoryException
{
95 return new SimplePrincipal(principalName
);
98 public static void addPrivileges(Session session
, Principal principal
,
99 String path
, List
<Privilege
> privs
) throws RepositoryException
{
100 AccessControlManager acm
= session
.getAccessControlManager();
101 // search for an access control list
102 AccessControlList acl
= null;
103 AccessControlPolicyIterator policyIterator
= acm
104 .getApplicablePolicies(path
);
105 if (policyIterator
.hasNext()) {
106 while (policyIterator
.hasNext()) {
107 AccessControlPolicy acp
= policyIterator
108 .nextAccessControlPolicy();
109 if (acp
instanceof AccessControlList
)
110 acl
= ((AccessControlList
) acp
);
113 AccessControlPolicy
[] existingPolicies
= acm
.getPolicies(path
);
114 for (AccessControlPolicy acp
: existingPolicies
) {
115 if (acp
instanceof AccessControlList
)
116 acl
= ((AccessControlList
) acp
);
121 acl
.addAccessControlEntry(principal
,
122 privs
.toArray(new Privilege
[privs
.size()]));
123 acm
.setPolicy(path
, acl
);
124 if (log
.isDebugEnabled()) {
125 StringBuffer buf
= new StringBuffer("");
126 for (int i
= 0; i
< privs
.size(); i
++) {
129 buf
.append(privs
.get(i
).getName());
131 log
.debug("Added privilege(s) '" + buf
+ "' to '"
132 + principal
.getName() + "' on " + path
133 + " from workspace '"
134 + session
.getWorkspace().getName() + "'");
137 throw new ArgeoException("Don't know how to apply privileges "
138 + privs
+ " to " + principal
+ " on " + path
139 + " from workspace '" + session
.getWorkspace().getName()
145 public void setGroupPrivileges(Map
<String
, String
> groupPrivileges
) {
146 this.principalPrivileges
= groupPrivileges
;
149 public void setPrincipalPrivileges(Map
<String
, String
> principalPrivileges
) {
150 this.principalPrivileges
= principalPrivileges
;
153 public void setRepository(Repository repository
) {
154 this.repository
= repository
;
157 public void setWorkspace(String workspace
) {
158 this.workspace
= workspace
;