-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
package org.argeo.jcr;
import java.security.Principal;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
+import javax.naming.InvalidNameException;
+import javax.naming.ldap.LdapName;
/** Apply authorizations to a JCR repository. */
public class JcrAuthorizations implements Runnable {
try {
if (workspace != null && workspace.equals("*")) {
session = repository.login();
- String[] workspaces = session.getWorkspace()
- .getAccessibleWorkspaceNames();
+ String[] workspaces = session.getWorkspace().getAccessibleWorkspaceNames();
JcrUtils.logoutQuietly(session);
for (String wksp : workspaces) {
currentWorkspace = wksp;
session = repository.login(workspace);
initAuthorizations(session);
}
- } catch (Exception e) {
+ } catch (RepositoryException e) {
JcrUtils.discardQuietly(session);
- throw new ArgeoJcrException(
- "Cannot set authorizations " + principalPrivileges
- + " on workspace " + currentWorkspace, e);
+ throw new JcrException(
+ "Cannot set authorizations " + principalPrivileges + " on workspace " + currentWorkspace, e);
} finally {
JcrUtils.logoutQuietly(session);
}
try {
session = repository.login(workspace);
initAuthorizations(session);
- } catch (Exception e) {
+ } catch (RepositoryException e) {
JcrUtils.discardQuietly(session);
- throw new ArgeoJcrException("Cannot set authorizations "
- + principalPrivileges + " on repository " + repository, e);
+ throw new JcrException(
+ "Cannot set authorizations " + principalPrivileges + " on repository " + repository, e);
} finally {
JcrUtils.logoutQuietly(session);
}
run();
}
- protected void initAuthorizations(Session session)
- throws RepositoryException {
+ protected void initAuthorizations(Session session) throws RepositoryException {
AccessControlManager acm = session.getAccessControlManager();
for (String privileges : principalPrivileges.keySet()) {
String path = null;
int slashIndex = privileges.indexOf('/');
if (slashIndex == 0) {
- throw new ArgeoJcrException("Privilege " + privileges
- + " badly formatted it starts with /");
+ throw new IllegalArgumentException("Privilege " + privileges + " badly formatted it starts with /");
} else if (slashIndex > 0) {
path = privileges.substring(slashIndex);
privileges = privileges.substring(0, slashIndex);
}
String principalNames = principalPrivileges.get(privileges);
- for (String principalName : principalNames.split(",")) {
- Principal principal = getOrCreatePrincipal(session,
- principalName);
+ try {
+ new LdapName(principalNames);
+ // TODO differentiate groups and users ?
+ Principal principal = getOrCreatePrincipal(session, principalNames);
JcrUtils.addPrivileges(session, path, principal, privs);
- // if (log.isDebugEnabled()) {
- // StringBuffer privBuf = new StringBuffer();
- // for (Privilege priv : privs)
- // privBuf.append(priv.getName());
- // log.debug("Added privileges " + privBuf + " to "
- // + principal.getName() + " on " + path + " in '"
- // + session.getWorkspace().getName() + "'");
- // }
+ } catch (InvalidNameException e) {
+ for (String principalName : principalNames.split(",")) {
+ Principal principal = getOrCreatePrincipal(session, principalName);
+ JcrUtils.addPrivileges(session, path, principal, privs);
+ // if (log.isDebugEnabled()) {
+ // StringBuffer privBuf = new StringBuffer();
+ // for (Privilege priv : privs)
+ // privBuf.append(priv.getName());
+ // log.debug("Added privileges " + privBuf + " to "
+ // + principal.getName() + " on " + path + " in '"
+ // + session.getWorkspace().getName() + "'");
+ // }
+ }
}
}
* such capabilities is not provided by the standard JCR API. Can be
* overridden to provide smarter handling
*/
- protected Principal getOrCreatePrincipal(Session session,
- String principalName) throws RepositoryException {
+ protected Principal getOrCreatePrincipal(Session session, String principalName) throws RepositoryException {
return new SimplePrincipal(principalName);
}
// + session.getWorkspace().getName() + "'");
// }
// } else {
- // throw new ArgeoJcrException("Don't know how to apply privileges "
+ // throw new ArgeoJcrException("Don't know how to apply privileges "
// + privs + " to " + principal + " on " + path
// + " from workspace '" + session.getWorkspace().getName()
// + "'");