X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.jcr%2Fsrc%2Forg%2Fargeo%2Fjcr%2FJcrAuthorizations.java;h=351929f8da176b2e607b9d829af67a9d138ccbf9;hb=46cc2039ac20703c484aa994b830a2da113f2c97;hp=22592fa178991a1d42f42837b6e19cd191947161;hpb=85688af22a77f82e7762e11e6eb38c6367eddb6c;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.jcr/src/org/argeo/jcr/JcrAuthorizations.java b/org.argeo.jcr/src/org/argeo/jcr/JcrAuthorizations.java index 22592fa17..351929f8d 100644 --- a/org.argeo.jcr/src/org/argeo/jcr/JcrAuthorizations.java +++ b/org.argeo.jcr/src/org/argeo/jcr/JcrAuthorizations.java @@ -1,18 +1,3 @@ -/* - * Copyright (C) 2007-2012 Argeo GmbH - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ package org.argeo.jcr; import java.security.Principal; @@ -26,6 +11,8 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.security.AccessControlManager; import javax.jcr.security.Privilege; +import javax.naming.InvalidNameException; +import javax.naming.ldap.LdapName; /** Apply authorizations to a JCR repository. */ public class JcrAuthorizations implements Runnable { @@ -49,8 +36,7 @@ public class JcrAuthorizations implements Runnable { try { if (workspace != null && workspace.equals("*")) { session = repository.login(); - String[] workspaces = session.getWorkspace() - .getAccessibleWorkspaceNames(); + String[] workspaces = session.getWorkspace().getAccessibleWorkspaceNames(); JcrUtils.logoutQuietly(session); for (String wksp : workspaces) { currentWorkspace = wksp; @@ -64,11 +50,10 @@ public class JcrAuthorizations implements Runnable { session = repository.login(workspace); initAuthorizations(session); } - } catch (Exception e) { + } catch (RepositoryException e) { JcrUtils.discardQuietly(session); - throw new ArgeoJcrException( - "Cannot set authorizations " + principalPrivileges - + " on workspace " + currentWorkspace, e); + throw new JcrException( + "Cannot set authorizations " + principalPrivileges + " on workspace " + currentWorkspace, e); } finally { JcrUtils.logoutQuietly(session); } @@ -79,10 +64,10 @@ public class JcrAuthorizations implements Runnable { try { session = repository.login(workspace); initAuthorizations(session); - } catch (Exception e) { + } catch (RepositoryException e) { JcrUtils.discardQuietly(session); - throw new ArgeoJcrException("Cannot set authorizations " - + principalPrivileges + " on repository " + repository, e); + throw new JcrException( + "Cannot set authorizations " + principalPrivileges + " on repository " + repository, e); } finally { JcrUtils.logoutQuietly(session); } @@ -94,16 +79,14 @@ public class JcrAuthorizations implements Runnable { run(); } - protected void initAuthorizations(Session session) - throws RepositoryException { + protected void initAuthorizations(Session session) throws RepositoryException { AccessControlManager acm = session.getAccessControlManager(); for (String privileges : principalPrivileges.keySet()) { String path = null; int slashIndex = privileges.indexOf('/'); if (slashIndex == 0) { - throw new ArgeoJcrException("Privilege " + privileges - + " badly formatted it starts with /"); + throw new IllegalArgumentException("Privilege " + privileges + " badly formatted it starts with /"); } else if (slashIndex > 0) { path = privileges.substring(slashIndex); privileges = privileges.substring(0, slashIndex); @@ -118,18 +101,24 @@ public class JcrAuthorizations implements Runnable { } String principalNames = principalPrivileges.get(privileges); - for (String principalName : principalNames.split(",")) { - Principal principal = getOrCreatePrincipal(session, - principalName); + try { + new LdapName(principalNames); + // TODO differentiate groups and users ? + Principal principal = getOrCreatePrincipal(session, principalNames); JcrUtils.addPrivileges(session, path, principal, privs); - // if (log.isDebugEnabled()) { - // StringBuffer privBuf = new StringBuffer(); - // for (Privilege priv : privs) - // privBuf.append(priv.getName()); - // log.debug("Added privileges " + privBuf + " to " - // + principal.getName() + " on " + path + " in '" - // + session.getWorkspace().getName() + "'"); - // } + } catch (InvalidNameException e) { + for (String principalName : principalNames.split(",")) { + Principal principal = getOrCreatePrincipal(session, principalName); + JcrUtils.addPrivileges(session, path, principal, privs); + // if (log.isDebugEnabled()) { + // StringBuffer privBuf = new StringBuffer(); + // for (Privilege priv : privs) + // privBuf.append(priv.getName()); + // log.debug("Added privileges " + privBuf + " to " + // + principal.getName() + " on " + path + " in '" + // + session.getWorkspace().getName() + "'"); + // } + } } } @@ -143,8 +132,7 @@ public class JcrAuthorizations implements Runnable { * such capabilities is not provided by the standard JCR API. Can be * overridden to provide smarter handling */ - protected Principal getOrCreatePrincipal(Session session, - String principalName) throws RepositoryException { + protected Principal getOrCreatePrincipal(Session session, String principalName) throws RepositoryException { return new SimplePrincipal(principalName); } @@ -188,7 +176,7 @@ public class JcrAuthorizations implements Runnable { // + session.getWorkspace().getName() + "'"); // } // } else { - // throw new ArgeoJcrException("Don't know how to apply privileges " + // throw new ArgeoJcrException("Don't know how to apply privileges " // + privs + " to " + principal + " on " + path // + " from workspace '" + session.getWorkspace().getName() // + "'");