Example 91 with AccessControlList
use of javax.jcr.security.AccessControlList in project kylo by Teradata.
the class JcrAccessControlUtil method removeAllPermissions.
public static boolean removeAllPermissions(Session session, String path, Principal principal) {
try {
AccessControlManager acm = session.getAccessControlManager();
AccessControlPolicy[] aclArray = acm.getPolicies(path);
// Never remove permissions for "admin".
if (aclArray.length > 0 && !principal.getName().equals(ModeShapeRoles.ADMIN)) {
AccessControlList acl = (AccessControlList) aclArray[0];
boolean removed = removeEntry(acl, principal);
acm.setPolicy(path, acl);
return removed;
} else {
return false;
}
} catch (AccessDeniedException e) {
throw new AccessControlException(e.getMessage());
} catch (RepositoryException e) {
throw new MetadataRepositoryException("Failed to remove all permission(s) from node " + path, e);
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
MetadataRepositoryException(com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessDeniedException(javax.jcr.AccessDeniedException)
AccessControlException(java.security.AccessControlException)
MetadataRepositoryException(com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)
RepositoryException(javax.jcr.RepositoryException)
Example 92 with AccessControlList
use of javax.jcr.security.AccessControlList in project jackrabbit by apache.
the class ACLProvider method getACL.
private AccessControlList getACL(NodeImpl accessControlledNode, Name policyName, String path) throws RepositoryException {
// collect the aces of that node.
NodeImpl aclNode = accessControlledNode.getNode(policyName);
AccessControlList acl = new ACLTemplate(aclNode, path, allowUnknownPrincipals);
return new UnmodifiableAccessControlList(acl);
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
UnmodifiableAccessControlList(org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
UnmodifiableAccessControlList(org.apache.jackrabbit.core.security.authorization.UnmodifiableAccessControlList)
Example 93 with AccessControlList
use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.
the class PentahoACLProvider method requireRootAclUpdate.
/**
* Returns true if the root acl needs updating (if the JCR_READ_ACCESS_CONTROL privilege is missing from the
* 'everyone' principle) and false otherwise.
*/
protected boolean requireRootAclUpdate(ACLEditor editor) throws RepositoryException {
final String rootPath = session.getRootNode().getPath();
final AccessControlPolicy[] acls = editor.getPolicies(rootPath);
if (acls != null && acls.length > 0) {
final PrincipalManager pMgr = session.getPrincipalManager();
final AccessControlManager acMgr = session.getAccessControlManager();
final Privilege jcrReadAccessControlPriv = acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL);
final Principal everyone = pMgr.getEveryone();
final AccessControlList acList = (AccessControlList) acls[0];
final AccessControlEntry[] acEntries = acList.getAccessControlEntries();
if (acEntries != null) {
for (AccessControlEntry acEntry : acEntries) {
if (acEntry.getPrincipal() != null && acEntry.getPrincipal().equals(everyone) && acEntry.getPrivileges() != null) {
return !Arrays.asList(acEntry.getPrivileges()).contains(jcrReadAccessControlPriv);
}
}
}
}
return true;
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
Principal(java.security.Principal)
Example 94 with AccessControlList
use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.
the class JcrRepositoryFileAclDao method toAcl.
private RepositoryFileAcl toAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id) throws RepositoryException {
Node node = session.getNodeByIdentifier(id.toString());
if (node == null) {
throw new RepositoryException(Messages.getInstance().getString("JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", // $NON-NLS-1$
id.toString()));
}
String absPath = node.getPath();
AccessControlManager acMgr = session.getAccessControlManager();
AccessControlList acList = getAccessControlList(acMgr, absPath);
RepositoryFileSid owner = null;
String ownerString = getOwner(session, absPath, acList);
if (ownerString != null) {
// for now, just assume all owners are users; only has UI impact
owner = new RepositoryFileSid(JcrTenantUtils.getUserNameUtils().getPrincipleName(ownerString), RepositoryFileSid.Type.USER);
}
RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner);
aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList));
List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata(Arrays.asList(acList.getAccessControlEntries()));
for (AccessControlEntry acEntry : cleanedAcEntries) {
if (!acEntry.getPrincipal().equals(new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) {
aclBuilder.ace(toAce(session, acEntry));
}
}
return aclBuilder.build();
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)
Node(javax.jcr.Node)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
RepositoryException(javax.jcr.RepositoryException)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Example 95 with AccessControlList
use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.
the class JcrRepositoryFileAclDao method getEffectiveAces.
// ~ Methods
// =========================================================================================================
/**
* {@inheritDoc}
*/
@SuppressWarnings("unchecked")
public List<RepositoryFileAce> getEffectiveAces(final Serializable id, final boolean forceEntriesInheriting) {
return (List<RepositoryFileAce>) jcrTemplate.execute(new JcrCallback() {
public Object doInJcr(final Session session) throws RepositoryException, IOException {
Node node = session.getNodeByIdentifier(id.toString());
if (node == null) {
throw new RepositoryException(Messages.getInstance().getString("JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", // $NON-NLS-1$
id.toString()));
}
// consult the parent node's effective policy if force is true and parent is not null
if (forceEntriesInheriting && session.getNodeByIdentifier(id.toString()).getParent() != null) {
node = node.getParent();
}
String absPath = node.getPath();
AccessControlPolicy[] acPolicies = session.getAccessControlManager().getEffectivePolicies(absPath);
// logic assumes policies are ordered from leaf to root
for (AccessControlPolicy policy : acPolicies) {
Assert.isTrue(policy instanceof AccessControlList);
AccessControlList acList = ((AccessControlList) policy);
if (!isEntriesInheriting(session, absPath, acList)) {
List<RepositoryFileAce> aces = new ArrayList<RepositoryFileAce>();
AccessControlEntry[] acEntries = acList.getAccessControlEntries();
List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata(Arrays.asList(acEntries));
for (AccessControlEntry acEntry : cleanedAcEntries) {
if (!acEntry.getPrincipal().equals(new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) {
aces.add(toAce(session, acEntry));
}
}
return aces;
}
}
// none are entriesInheriting=false so root aces are the effective aces
AccessControlList acList = (AccessControlList) acPolicies[acPolicies.length - 1];
List<RepositoryFileAce> aces = new ArrayList<RepositoryFileAce>();
AccessControlEntry[] acEntries = acList.getAccessControlEntries();
List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata(Arrays.asList(acEntries));
for (AccessControlEntry acEntry : cleanedAcEntries) {
if (!acEntry.getPrincipal().equals(new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) {
aces.add(toAce(session, acEntry));
}
}
return aces;
}
});
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
Node(javax.jcr.Node)
ArrayList(java.util.ArrayList)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
RepositoryException(javax.jcr.RepositoryException)
JcrCallback(org.springframework.extensions.jcr.JcrCallback)
SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)
ArrayList(java.util.ArrayList)
AccessControlList(javax.jcr.security.AccessControlList)
List(java.util.List)
Session(javax.jcr.Session)
Aggregations
AccessControlList (javax.jcr.security.AccessControlList)97
AccessControlEntry (javax.jcr.security.AccessControlEntry)49
AccessControlManager (javax.jcr.security.AccessControlManager)49
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39
Privilege (javax.jcr.security.Privilege)25
Node (javax.jcr.Node)17
RepositoryException (javax.jcr.RepositoryException)17
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)17
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)15
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)15
Test (org.junit.Test)13
Principal (java.security.Principal)12
AccessDeniedException (javax.jcr.AccessDeniedException)12
ArrayList (java.util.ArrayList)9
HashSet (java.util.HashSet)6
AccessControlException (javax.jcr.security.AccessControlException)6
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6
NodeImpl (org.apache.jackrabbit.core.NodeImpl)6
MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)5
AccessControlException (java.security.AccessControlException)5
