Examples with AccessControlEntry javax.jcr.security.AccessControlEntry used on opensource projects

Search in sources :

Example 71 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project sling by apache.

the class PrivilegesInfo method getEffectiveAccessRights.

/**
	 * Returns the mapping of effective access rights that have been set for the resource at
	 * the given path. 
	 * 
	 * @param session the current user session.
	 * @param absPath the path of the resource to get the access rights for
	 * @return map of access rights.  Key is the user/group principal, value contains the granted/denied privileges
	 * @throws RepositoryException
	 */
public Map<Principal, AccessRights> getEffectiveAccessRights(Session session, String absPath) throws RepositoryException {
    Map<Principal, AccessRights> accessMap = new LinkedHashMap<Principal, AccessRights>();
    AccessControlEntry[] entries = getEffectiveAccessControlEntries(session, absPath);
    if (entries != null) {
        for (AccessControlEntry ace : entries) {
            Principal principal = ace.getPrincipal();
            AccessRights accessPrivleges = accessMap.get(principal);
            if (accessPrivleges == null) {
                accessPrivleges = new AccessRights();
                accessMap.put(principal, accessPrivleges);
            }
            boolean allow = AccessControlUtil.isAllow(ace);
            if (allow) {
                accessPrivleges.getGranted().addAll(Arrays.asList(ace.getPrivileges()));
            } else {
                accessPrivleges.getDenied().addAll(Arrays.asList(ace.getPrivileges()));
            }
        }
    }
    return accessMap;
}
Also used : AccessControlEntry(javax.jcr.security.AccessControlEntry) Principal(java.security.Principal) LinkedHashMap(java.util.LinkedHashMap)

Example 72 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project sling by apache.

the class PrivilegesInfo method getDeclaredAccessControlEntries.

private AccessControlEntry[] getDeclaredAccessControlEntries(Session session, String absPath) throws RepositoryException {
    AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
    AccessControlPolicy[] policies = accessControlManager.getPolicies(absPath);
    for (AccessControlPolicy accessControlPolicy : policies) {
        if (accessControlPolicy instanceof AccessControlList) {
            AccessControlEntry[] accessControlEntries = ((AccessControlList) accessControlPolicy).getAccessControlEntries();
            return accessControlEntries;
        }
    }
    return new AccessControlEntry[0];
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 73 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project sling by apache.

the class AbstractGetAclServlet method internalGetAcl.

@SuppressWarnings("unchecked")
protected JsonObject internalGetAcl(Session jcrSession, String resourcePath) throws RepositoryException {
    if (jcrSession == null) {
        throw new RepositoryException("JCR Session not found");
    }
    Item item = jcrSession.getItem(resourcePath);
    if (item != null) {
        resourcePath = item.getPath();
    } else {
        throw new ResourceNotFoundException("Resource is not a JCR Node");
    }
    // Calculate a map of privileges to all the aggregate privileges it is contained in.
    // Use for fast lookup during the mergePrivilegeSets calls below.
    AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(jcrSession);
    Map<Privilege, Set<Privilege>> privilegeToAncestorMap = new HashMap<Privilege, Set<Privilege>>();
    Privilege[] supportedPrivileges = accessControlManager.getSupportedPrivileges(item.getPath());
    for (Privilege privilege : supportedPrivileges) {
        if (privilege.isAggregate()) {
            Privilege[] ap = privilege.getAggregatePrivileges();
            for (Privilege privilege2 : ap) {
                Set<Privilege> set = privilegeToAncestorMap.get(privilege2);
                if (set == null) {
                    set = new HashSet<Privilege>();
                    privilegeToAncestorMap.put(privilege2, set);
                }
                set.add(privilege);
            }
        }
    }
    AccessControlEntry[] declaredAccessControlEntries = getAccessControlEntries(jcrSession, resourcePath);
    Map<String, Map<String, Object>> aclMap = new LinkedHashMap<String, Map<String, Object>>();
    int sequence = 0;
    for (AccessControlEntry ace : declaredAccessControlEntries) {
        Principal principal = ace.getPrincipal();
        Map<String, Object> map = aclMap.get(principal.getName());
        if (map == null) {
            map = new LinkedHashMap<String, Object>();
            aclMap.put(principal.getName(), map);
            map.put("order", sequence++);
        }
    }
    //evaluate these in reverse order so the most entries with highest specificity are last
    for (int i = declaredAccessControlEntries.length - 1; i >= 0; i--) {
        AccessControlEntry ace = declaredAccessControlEntries[i];
        Principal principal = ace.getPrincipal();
        Map<String, Object> map = aclMap.get(principal.getName());
        Set<Privilege> grantedSet = (Set<Privilege>) map.get("granted");
        if (grantedSet == null) {
            grantedSet = new LinkedHashSet<Privilege>();
            map.put("granted", grantedSet);
        }
        Set<Privilege> deniedSet = (Set<Privilege>) map.get("denied");
        if (deniedSet == null) {
            deniedSet = new LinkedHashSet<Privilege>();
            map.put("denied", deniedSet);
        }
        boolean allow = AccessControlUtil.isAllow(ace);
        if (allow) {
            Privilege[] privileges = ace.getPrivileges();
            for (Privilege privilege : privileges) {
                mergePrivilegeSets(privilege, privilegeToAncestorMap, grantedSet, deniedSet);
            }
        } else {
            Privilege[] privileges = ace.getPrivileges();
            for (Privilege privilege : privileges) {
                mergePrivilegeSets(privilege, privilegeToAncestorMap, deniedSet, grantedSet);
            }
        }
    }
    List<JsonObject> aclList = new ArrayList<>();
    Set<Entry<String, Map<String, Object>>> entrySet = aclMap.entrySet();
    for (Entry<String, Map<String, Object>> entry : entrySet) {
        String principalName = entry.getKey();
        Map<String, Object> value = entry.getValue();
        JsonObjectBuilder aceObject = Json.createObjectBuilder();
        aceObject.add("principal", principalName);
        Set<Privilege> grantedSet = (Set<Privilege>) value.get("granted");
        if (grantedSet != null && !grantedSet.isEmpty()) {
            JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
            for (Privilege v : grantedSet) {
                arrayBuilder.add(v.getName());
            }
            aceObject.add("granted", arrayBuilder);
        }
        Set<Privilege> deniedSet = (Set<Privilege>) value.get("denied");
        if (deniedSet != null && !deniedSet.isEmpty()) {
            JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
            for (Privilege v : deniedSet) {
                arrayBuilder.add(v.getName());
            }
            aceObject.add("denied", arrayBuilder);
        }
        aceObject.add("order", (Integer) value.get("order"));
        aclList.add(aceObject.build());
    }
    JsonObjectBuilder jsonAclMap = Json.createObjectBuilder();
    for (Map.Entry<String, Map<String, Object>> entry : aclMap.entrySet()) {
        JsonObjectBuilder builder = Json.createObjectBuilder();
        for (Map.Entry<String, Object> inner : entry.getValue().entrySet()) {
            addTo(builder, inner.getKey(), inner.getValue());
        }
        jsonAclMap.add(entry.getKey(), builder);
    }
    for (JsonObject jsonObj : aclList) {
        jsonAclMap.add(jsonObj.getString("principal"), jsonObj);
    }
    return jsonAclMap.build();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) Set(java.util.Set) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ArrayList(java.util.ArrayList) JsonObject(javax.json.JsonObject) LinkedHashMap(java.util.LinkedHashMap) Item(javax.jcr.Item) AccessControlEntry(javax.jcr.security.AccessControlEntry) Entry(java.util.Map.Entry) JsonArrayBuilder(javax.json.JsonArrayBuilder) ResourceNotFoundException(org.apache.sling.api.resource.ResourceNotFoundException) JsonObjectBuilder(javax.json.JsonObjectBuilder) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) JsonObject(javax.json.JsonObject) Privilege(javax.jcr.security.Privilege) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) Principal(java.security.Principal)

Example 74 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project sling by apache.

the class ResourceResolverTest method removeAce.

// ---------- internal
private void removeAce(Session adminSession, Principal principal, String absPath) throws Exception {
    AccessControlManager accessControlManager = adminSession.getAccessControlManager();
    AccessControlPolicy[] policies = accessControlManager.getPolicies(absPath);
    for (AccessControlPolicy plc : policies) {
        if (plc instanceof AccessControlList) {
            boolean modified = false;
            AccessControlList acl = ((AccessControlList) plc);
            for (AccessControlEntry ace : acl.getAccessControlEntries()) {
                if (principal.equals(ace.getPrincipal())) {
                    acl.removeAccessControlEntry(ace);
                    modified = true;
                }
            }
            if (modified) {
                accessControlManager.setPolicy(absPath, acl);
            }
        }
    }
    if (adminSession.hasPendingChanges()) {
        adminSession.save();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 75 with AccessControlEntry

use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.

the class AbstractACLTemplateTest method testRemoveNonExisting.

public void testRemoveNonExisting() throws RepositoryException {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    try {
        pt.removeAccessControlEntry(new AccessControlEntry() {

            public Principal getPrincipal() {
                return testPrincipal;
            }

            public Privilege[] getPrivileges() {
                return new Privilege[0];
            }
        });
        fail("Attemt to remove a non-existing, custom ACE must throw AccessControlException.");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : JackrabbitAccessControlEntry(org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry) AccessControlEntry(javax.jcr.security.AccessControlEntry) AccessControlException(javax.jcr.security.AccessControlException) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Aggregations

AccessControlEntry (javax.jcr.security.AccessControlEntry)126 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)50 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)50 Privilege (javax.jcr.security.Privilege)47 AccessControlManager (javax.jcr.security.AccessControlManager)39 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39 AccessControlList (javax.jcr.security.AccessControlList)38 Test (org.junit.Test)29 Principal (java.security.Principal)28 NodeImpl (org.apache.jackrabbit.core.NodeImpl)13 ArrayList (java.util.ArrayList)12 Node (javax.jcr.Node)12 Value (javax.jcr.Value)10 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)9 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)9 ByteArrayInputStream (java.io.ByteArrayInputStream)8 InputStream (java.io.InputStream)8 RepositoryException (javax.jcr.RepositoryException)8 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)8 ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial