Example 16 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project sling by apache.
the class DefaultContentCreator method createAce.
/* (non-Javadoc)
* @see org.apache.sling.jcr.contentloader.ContentCreator#createAce(java.lang.String, java.lang.String, java.lang.String[], java.lang.String[])
*/
public void createAce(String principalId, String[] grantedPrivilegeNames, String[] deniedPrivilegeNames, String order) throws RepositoryException {
final Node parentNode = this.parentNodeStack.peek();
Session session = parentNode.getSession();
PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session);
Principal principal = principalManager.getPrincipal(principalId);
if (principal == null) {
throw new RepositoryException("No principal found for id: " + principalId);
}
String resourcePath = parentNode.getPath();
if ((grantedPrivilegeNames != null) || (deniedPrivilegeNames != null)) {
AccessControlUtil.replaceAccessControlEntry(session, resourcePath, principal, grantedPrivilegeNames, deniedPrivilegeNames, null, order);
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
Node(javax.jcr.Node)
RepositoryException(javax.jcr.RepositoryException)
Principal(java.security.Principal)
Session(javax.jcr.Session)
Example 17 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project sling by apache.
the class ModifyAceServlet method modifyAce.
/* (non-Javadoc)
* @see org.apache.sling.jcr.jackrabbit.accessmanager.ModifyAce#modifyAce(javax.jcr.Session, java.lang.String, java.lang.String, java.util.Map, java.lang.String)
*/
public void modifyAce(Session jcrSession, String resourcePath, String principalId, Map<String, String> privileges, String order) throws RepositoryException {
if (jcrSession == null) {
throw new RepositoryException("JCR Session not found");
}
if (principalId == null) {
throw new RepositoryException("principalId was not submitted.");
}
PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(jcrSession);
Principal principal = principalManager.getPrincipal(principalId);
if (resourcePath == null) {
throw new ResourceNotFoundException("Resource path was not supplied.");
}
Item item = jcrSession.getItem(resourcePath);
if (item != null) {
resourcePath = item.getPath();
} else {
throw new ResourceNotFoundException("Resource is not a JCR Node");
}
// Collect the modified privileges from the request.
Set<String> grantedPrivilegeNames = new HashSet<String>();
Set<String> deniedPrivilegeNames = new HashSet<String>();
Set<String> removedPrivilegeNames = new HashSet<String>();
Set<Entry<String, String>> entrySet = privileges.entrySet();
for (Entry<String, String> entry : entrySet) {
String privilegeName = entry.getKey();
if (privilegeName.startsWith("privilege@")) {
privilegeName = privilegeName.substring(10);
}
String parameterValue = entry.getValue();
if (parameterValue != null && parameterValue.length() > 0) {
if ("granted".equals(parameterValue)) {
grantedPrivilegeNames.add(privilegeName);
} else if ("denied".equals(parameterValue)) {
deniedPrivilegeNames.add(privilegeName);
} else if ("none".equals(parameterValue)) {
removedPrivilegeNames.add(privilegeName);
}
}
}
// Make the actual changes.
try {
AccessControlUtil.replaceAccessControlEntry(jcrSession, resourcePath, principal, grantedPrivilegeNames.toArray(new String[grantedPrivilegeNames.size()]), deniedPrivilegeNames.toArray(new String[deniedPrivilegeNames.size()]), removedPrivilegeNames.toArray(new String[removedPrivilegeNames.size()]), order);
if (jcrSession.hasPendingChanges()) {
jcrSession.save();
}
} catch (RepositoryException re) {
throw new RepositoryException("Failed to create ace.", re);
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
Item(javax.jcr.Item)
Entry(java.util.Map.Entry)
RepositoryException(javax.jcr.RepositoryException)
ResourceNotFoundException(org.apache.sling.api.resource.ResourceNotFoundException)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Example 18 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project sling by apache.
the class AuthorizableResourceProvider method listChildren.
@Override
public Iterator<Resource> listChildren(ResolveContext<Object> ctx, Resource parent) {
try {
String path = parent.getPath();
ResourceResolver resourceResolver = parent.getResourceResolver();
// handle children of /system/userManager
if (SYSTEM_USER_MANAGER_PATH.equals(path)) {
List<Resource> resources = new ArrayList<Resource>();
if (resourceResolver != null) {
resources.add(getResource(ctx, SYSTEM_USER_MANAGER_USER_PATH, null, null));
resources.add(getResource(ctx, SYSTEM_USER_MANAGER_GROUP_PATH, null, null));
}
return resources.iterator();
}
int searchType = -1;
if (SYSTEM_USER_MANAGER_USER_PATH.equals(path)) {
searchType = PrincipalManager.SEARCH_TYPE_NOT_GROUP;
} else if (SYSTEM_USER_MANAGER_GROUP_PATH.equals(path)) {
searchType = PrincipalManager.SEARCH_TYPE_GROUP;
}
if (searchType != -1) {
PrincipalIterator principals = null;
Session session = resourceResolver.adaptTo(Session.class);
if (session != null) {
PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session);
principals = principalManager.getPrincipals(searchType);
}
if (principals != null) {
return new ChildrenIterator(parent, principals);
}
}
} catch (RepositoryException re) {
throw new SlingException("Error listing children of resource: " + parent.getPath(), re);
}
return null;
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
ResourceResolver(org.apache.sling.api.resource.ResourceResolver)
ArrayList(java.util.ArrayList)
Resource(org.apache.sling.api.resource.Resource)
SyntheticResource(org.apache.sling.api.resource.SyntheticResource)
PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator)
SlingException(org.apache.sling.api.SlingException)
RepositoryException(javax.jcr.RepositoryException)
Session(javax.jcr.Session)
Example 19 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit by apache.
the class GroupImplTest method testEveryoneGroup.
public void testEveryoneGroup() throws RepositoryException, NotExecutableException {
Group g = null;
try {
g = userMgr.createGroup(EveryonePrincipal.NAME);
save(superuser);
assertEquals(EveryonePrincipal.NAME, g.getPrincipal().getName());
assertEquals(EveryonePrincipal.getInstance(), g.getPrincipal());
assertTrue(g.isDeclaredMember(getTestUser(superuser)));
assertTrue(g.isMember(getTestUser(superuser)));
Iterator<Authorizable> it = g.getDeclaredMembers();
assertTrue(it.hasNext());
Set<Authorizable> members = new HashSet<Authorizable>();
while (it.hasNext()) {
members.add(it.next());
}
it = g.getMembers();
assertTrue(it.hasNext());
while (it.hasNext()) {
assertTrue(members.contains(it.next()));
}
assertFalse(g.addMember(getTestUser(superuser)));
assertFalse(g.removeMember(getTestUser(superuser)));
PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
Principal everyone = pMgr.getEveryone();
assertTrue(everyone instanceof ItemBasedPrincipal);
assertEquals(everyone, EveryonePrincipal.getInstance());
} finally {
if (g != null) {
g.remove();
save(superuser);
}
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
Group(org.apache.jackrabbit.api.security.user.Group)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal)
Principal(java.security.Principal)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
HashSet(java.util.HashSet)
Example 20 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit by apache.
the class Entry method readEntries.
static List<Entry> readEntries(NodeImpl aclNode, String path) throws RepositoryException {
if (aclNode == null || !NT_REP_ACL.equals(aclNode.getPrimaryNodeTypeName())) {
throw new IllegalArgumentException("Node must be of type 'rep:ACL'");
}
SessionImpl sImpl = (SessionImpl) aclNode.getSession();
PrincipalManager principalMgr = sImpl.getPrincipalManager();
PrivilegeManagerImpl privilegeMgr = (PrivilegeManagerImpl) ((JackrabbitWorkspace) sImpl.getWorkspace()).getPrivilegeManager();
NodeId nodeId = aclNode.getParentId();
List<Entry> entries = new ArrayList<Entry>();
// load the entries:
NodeIterator itr = aclNode.getNodes();
while (itr.hasNext()) {
NodeImpl aceNode = (NodeImpl) itr.nextNode();
try {
String principalName = aceNode.getProperty(P_PRINCIPAL_NAME).getString();
boolean isGroupEntry = false;
Principal princ = principalMgr.getPrincipal(principalName);
if (princ != null) {
isGroupEntry = (princ instanceof Group);
}
InternalValue[] privValues = aceNode.getProperty(P_PRIVILEGES).internalGetValues();
Name[] privNames = new Name[privValues.length];
for (int i = 0; i < privValues.length; i++) {
privNames[i] = privValues[i].getName();
}
Value globValue = null;
if (aceNode.hasProperty(P_GLOB)) {
globValue = aceNode.getProperty(P_GLOB).getValue();
}
boolean isAllow = NT_REP_GRANT_ACE.equals(aceNode.getPrimaryNodeTypeName());
Entry ace = new Entry(nodeId, principalName, isGroupEntry, privilegeMgr.getBits(privNames), isAllow, path, globValue);
entries.add(ace);
} catch (RepositoryException e) {
log.debug("Failed to build ACE from content. {}", e.getMessage());
}
}
return entries;
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
NodeIterator(javax.jcr.NodeIterator)
Group(java.security.acl.Group)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ArrayList(java.util.ArrayList)
RepositoryException(javax.jcr.RepositoryException)
InternalValue(org.apache.jackrabbit.core.value.InternalValue)
Name(org.apache.jackrabbit.spi.Name)
NodeId(org.apache.jackrabbit.core.id.NodeId)
InternalValue(org.apache.jackrabbit.core.value.InternalValue)
Value(javax.jcr.Value)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
Principal(java.security.Principal)
PrivilegeManagerImpl(org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl)
Aggregations
PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)27
Principal (java.security.Principal)16
Test (org.junit.Test)11
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)9
PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)9
HashSet (java.util.HashSet)6
RepositoryException (javax.jcr.RepositoryException)6
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)4
Session (javax.jcr.Session)3
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)3
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)3
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)3
Group (org.apache.jackrabbit.api.security.user.Group)3
NodeImpl (org.apache.jackrabbit.core.NodeImpl)3
PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)3
AbstractCompositeConfigurationTest (org.apache.jackrabbit.oak.spi.security.AbstractCompositeConfigurationTest)3
EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)3
Group (java.security.acl.Group)2
ArrayList (java.util.ArrayList)2
