Examples with AccessControlList javax.jcr.security.AccessControlList used on opensource projects

Search in sources :

Example 46 with AccessControlList

use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclUtils method getAcl.

public static RepositoryFileAcl getAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id) throws RepositoryException {
    Node node = session.getNodeByIdentifier(id.toString());
    if (node == null) {
        throw new RepositoryException(Messages.getInstance().getString("JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", // $NON-NLS-1$
        id.toString()));
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);
    RepositoryFileSid owner = null;
    String ownerString = JcrTenantUtils.getUserNameUtils().getPrincipleName(getOwner(session, absPath, acList));
    if (ownerString != null) {
        // for now, just assume all owners are users; only has UI impact
        owner = new RepositoryFileSid(ownerString, RepositoryFileSid.Type.USER);
    }
    RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner);
    aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList));
    List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata(Arrays.asList(acList.getAccessControlEntries()));
    for (AccessControlEntry acEntry : cleanedAcEntries) {
        aclBuilder.ace(toAce(session, acEntry));
    }
    return aclBuilder.build();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) Node(javax.jcr.Node) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 47 with AccessControlList

use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclUtils method getAccessControlList.

private static AccessControlList getAccessControlList(final AccessControlManager acMgr, final String path) throws RepositoryException {
    AccessControlPolicyIterator applicablePolicies = acMgr.getApplicablePolicies(path);
    while (applicablePolicies.hasNext()) {
        AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
        if (policy instanceof AccessControlList) {
            return (AccessControlList) policy;
        }
    }
    AccessControlPolicy[] policies = acMgr.getPolicies(path);
    for (int i = 0; i < policies.length; i++) {
        if (policies[i] instanceof AccessControlList) {
            return (AccessControlList) policies[i];
        }
    }
    throw new IllegalStateException("no access control list applies or is bound to node");
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)

Example 48 with AccessControlList

use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclUtils method createAcl.

public static RepositoryFileAcl createAcl(Session session, PentahoJcrConstants pentahoJcrConstants, Serializable fileId, RepositoryFileAcl acl) throws ItemNotFoundException, RepositoryException {
    Node node = session.getNodeByIdentifier(fileId.toString());
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);
    acMgr.setPolicy(absPath, acList);
    return internalUpdateAcl(session, pentahoJcrConstants, fileId, acl);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) Node(javax.jcr.Node)

Example 49 with AccessControlList

use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclDao method createAcl.

public RepositoryFileAcl createAcl(final Serializable fileId, final RepositoryFileAcl acl) {
    if (isKioskEnabled()) {
        // $NON-NLS-1$
        throw new RuntimeException(Messages.getInstance().getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED"));
    }
    return (RepositoryFileAcl) jcrTemplate.execute(new JcrCallback() {

        public Object doInJcr(final Session session) throws RepositoryException, IOException {
            PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
            Node node = session.getNodeByIdentifier(fileId.toString());
            String absPath = node.getPath();
            AccessControlManager acMgr = session.getAccessControlManager();
            AccessControlList acList = getAccessControlList(acMgr, absPath);
            acMgr.setPolicy(absPath, acList);
            return internalUpdateAcl(session, pentahoJcrConstants, fileId, acl);
        }
    });
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) Node(javax.jcr.Node) JcrCallback(org.springframework.extensions.jcr.JcrCallback) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) Session(javax.jcr.Session)

Example 50 with AccessControlList

use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclDao method internalUpdateAcl.

protected RepositoryFileAcl internalUpdateAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable fileId, final RepositoryFileAcl acl) throws RepositoryException {
    if (isKioskEnabled()) {
        // $NON-NLS-1$
        throw new RuntimeException(Messages.getInstance().getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED"));
    }
    DefaultPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session);
    Node node = session.getNodeByIdentifier(fileId.toString());
    if (node == null) {
        throw new RepositoryException(Messages.getInstance().getString("JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", // $NON-NLS-1$
        fileId.toString()));
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);
    // clear all entries
    AccessControlEntry[] acEntries = acList.getAccessControlEntries();
    for (int i = 0; i < acEntries.length; i++) {
        acList.removeAccessControlEntry(acEntries[i]);
    }
    JcrRepositoryFileAclUtils.setAclMetadata(session, absPath, acList, new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));
    // add entries to now empty list but only if not inheriting; force user to start with clean slate
    boolean adminPrincipalExist = false;
    ITenant principalTenant = null;
    if (!acl.isEntriesInheriting()) {
        for (RepositoryFileAce ace : acl.getAces()) {
            Principal principal = null;
            if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
                String principalName = JcrTenantUtils.getRoleNameUtils().getPrincipleName(ace.getSid().getName());
                if (tenantAdminAuthorityName.equals(principalName)) {
                    adminPrincipalExist = true;
                }
                principal = new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(ace.getSid().getName()));
            } else {
                principal = new SpringSecurityUserPrincipal(JcrTenantUtils.getTenantedUser(ace.getSid().getName()));
            }
            acList.addAccessControlEntry(principal, permissionConversionHelper.pentahoPermissionsToPrivileges(session, ace.getPermissions()));
        }
        if (!adminPrincipalExist) {
            if (acl.getAces() != null && acl.getAces().size() > 0) {
                principalTenant = JcrTenantUtils.getRoleNameUtils().getTenant(acl.getAces().get(0).getSid().getName());
            }
            if (principalTenant == null || principalTenant.getId() == null) {
                principalTenant = JcrTenantUtils.getTenant();
            }
            List<RepositoryFilePermission> permissionList = new ArrayList<RepositoryFilePermission>();
            permissionList.add(RepositoryFilePermission.ALL);
            Principal adminPrincipal = new SpringSecurityRolePrincipal(JcrTenantUtils.getRoleNameUtils().getPrincipleId(principalTenant, tenantAdminAuthorityName));
            acList.addAccessControlEntry(adminPrincipal, permissionConversionHelper.pentahoPermissionsToPrivileges(session, EnumSet.copyOf(permissionList)));
        }
    }
    acMgr.setPolicy(absPath, acList);
    session.save();
    return getAcl(fileId);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) Node(javax.jcr.Node) AclMetadata(org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata) ArrayList(java.util.ArrayList) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) ITenant(org.pentaho.platform.api.mt.ITenant) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal) Principal(java.security.Principal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)

Aggregations

AccessControlList (javax.jcr.security.AccessControlList)97 AccessControlEntry (javax.jcr.security.AccessControlEntry)49 AccessControlManager (javax.jcr.security.AccessControlManager)49 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39 Privilege (javax.jcr.security.Privilege)25 Node (javax.jcr.Node)17 RepositoryException (javax.jcr.RepositoryException)17 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)17 AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)15 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)15 Test (org.junit.Test)13 Principal (java.security.Principal)12 AccessDeniedException (javax.jcr.AccessDeniedException)12 ArrayList (java.util.ArrayList)9 HashSet (java.util.HashSet)6 AccessControlException (javax.jcr.security.AccessControlException)6 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 NodeImpl (org.apache.jackrabbit.core.NodeImpl)6 MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)5 AccessControlException (java.security.AccessControlException)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial