X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.ext.jackrabbit%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FArgeoSecurityManager.java;h=a1fe94cd870f683ade62070cc709429c00beee6a;hb=c073197a1199e7b376cad265cd9c612f3cf0b5b2;hp=046829fe51b6d3d8db552a85e4c0b7ca6c75e1b1;hpb=d039711d38e91f8d419e784f9b88f3a86bfc8538;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.ext.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/org.argeo.ext.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java index 046829fe5..a1fe94cd8 100644 --- a/org.argeo.ext.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java +++ b/org.argeo.ext.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java @@ -31,20 +31,19 @@ import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; import org.argeo.node.NodeConstants; import org.argeo.node.security.AnonymousPrincipal; +import org.argeo.node.security.DataAdminPrincipal; /** Integrates Spring Security and Jackrabbit Security users and roles. */ public class ArgeoSecurityManager extends DefaultSecurityManager { @Override - public AccessManager getAccessManager(Session session, AMContext amContext) - throws RepositoryException { + public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException { synchronized (getSystemSession()) { return super.getAccessManager(session, amContext); } } @Override - public UserManager getUserManager(Session session) - throws RepositoryException { + public UserManager getUserManager(Session session) throws RepositoryException { synchronized (getSystemSession()) { return super.getUserManager(session); } @@ -56,17 +55,18 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { * Security name and authorities. */ @Override - public String getUserID(Subject subject, String workspaceName) - throws RepositoryException { - Set anonymousPrincipal = subject - .getPrincipals(AnonymousPrincipal.class); - if(!anonymousPrincipal.isEmpty()) + public String getUserID(Subject subject, String workspaceName) throws RepositoryException { + Set anonymousPrincipal = subject.getPrincipals(AnonymousPrincipal.class); + if (!anonymousPrincipal.isEmpty()) return NodeConstants.ROLE_ANONYMOUS; - Set userPrincipal = subject - .getPrincipals(X500Principal.class); - if (userPrincipal.isEmpty()) + Set userPrincipal = subject.getPrincipals(X500Principal.class); + if (userPrincipal.isEmpty()) { + Set dataAdminPrincipal = subject.getPrincipals(DataAdminPrincipal.class); + if (!dataAdminPrincipal.isEmpty()) + return NodeConstants.ROLE_DATA_ADMIN; throw new IllegalStateException("Subject is neither anonymous nor logged-in"); -// return super.getUserID(subject, workspaceName); + } + // return super.getUserID(subject, workspaceName); if (userPrincipal.size() > 1) { StringBuilder buf = new StringBuilder(); for (X500Principal principal : userPrincipal) @@ -84,13 +84,11 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { @Override protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() { - WorkspaceAccessManager wam = super - .createDefaultWorkspaceAccessManager(); + WorkspaceAccessManager wam = super.createDefaultWorkspaceAccessManager(); return new ArgeoWorkspaceAccessManagerImpl(wam); } - private class ArgeoWorkspaceAccessManagerImpl implements SecurityConstants, - WorkspaceAccessManager { + private class ArgeoWorkspaceAccessManagerImpl implements SecurityConstants, WorkspaceAccessManager { private final WorkspaceAccessManager wam; public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam) { @@ -105,8 +103,7 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { public void close() throws RepositoryException { } - public boolean grants(Set principals, String workspaceName) - throws RepositoryException { + public boolean grants(Set principals, String workspaceName) throws RepositoryException { // TODO: implements finer access to workspaces return true; }