+
+ protected synchronized void setSecurityHomeAuthorizations(User user) {
+ // give read privileges on user security home
+ String userId = "<not yet set>";
+ try {
+ userId = user.getID();
+ Node userHome = JcrUtils.getUserHome(getSystemSession(), userId);
+ if (userHome == null)
+ throw new ArgeoException("No security home available for user "
+ + userId);
+
+ String path = userHome.getPath();
+ Principal principal = user.getPrincipal();
+
+ JackrabbitAccessControlManager acm = (JackrabbitAccessControlManager) getSystemSession()
+ .getAccessControlManager();
+ JackrabbitAccessControlPolicy[] ps = acm
+ .getApplicablePolicies(principal);
+ if (ps.length == 0) {
+ // log.warn("No ACL found for " + user);
+ return;
+ }
+
+ JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0];
+
+ // add entry
+ Privilege[] privileges = new Privilege[] { acm
+ .privilegeFromName(Privilege.JCR_READ) };
+ Map<String, Value> restrictions = new HashMap<String, Value>();
+ ValueFactory vf = getSystemSession().getValueFactory();
+ restrictions.put("rep:nodePath",
+ vf.createValue(path, PropertyType.PATH));
+ restrictions.put("rep:glob", vf.createValue("*"));
+ list.addEntry(principal, privileges, true /* allow or deny */,
+ restrictions);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new ArgeoException(
+ "Cannot set authorization on security home for " + userId
+ + ": " + e.getMessage());
+ }
+
+ }
+
+ @Override
+ protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() {
+ WorkspaceAccessManager wam = super
+ .createDefaultWorkspaceAccessManager();
+ return new ArgeoWorkspaceAccessManagerImpl(wam);
+ }
+
+ private class ArgeoWorkspaceAccessManagerImpl implements SecurityConstants,
+ WorkspaceAccessManager {
+ private final WorkspaceAccessManager wam;
+
+ // private String defaultWorkspace;
+
+ public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam) {
+ super();
+ this.wam = wam;
+ }
+
+ public void init(Session systemSession) throws RepositoryException {
+ wam.init(systemSession);
+ // defaultWorkspace = ((RepositoryImpl) getRepository()).getConfig()
+ // .getDefaultWorkspaceName();
+ }
+
+ public void close() throws RepositoryException {
+ }
+
+ public boolean grants(Set<Principal> principals, String workspaceName)
+ throws RepositoryException {
+ // everybody has access to all workspaces
+ // TODO: implements finer access to workspaces
+ return true;
+
+ // anonymous has access to the default workspace (required for
+ // remoting which does a default login when initializing the
+ // repository)
+ // Boolean anonymous = false;
+ // for (Principal principal : principals)
+ // if (principal instanceof AnonymousPrincipal)
+ // anonymous = true;
+ //
+ // if (anonymous && workspaceName.equals(defaultWorkspace))
+ // return true;
+ // else
+ // return wam.grants(principals, workspaceName);
+ }
+ }
+