Example 96 with AccessControlList
use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.
the class JcrRepositoryFileAclDao method getAccessControlList.
private AccessControlList getAccessControlList(final AccessControlManager acMgr, final String path) throws RepositoryException {
AccessControlPolicyIterator applicablePolicies = acMgr.getApplicablePolicies(path);
while (applicablePolicies.hasNext()) {
AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
if (policy instanceof AccessControlList) {
return (AccessControlList) policy;
}
}
AccessControlPolicy[] policies = acMgr.getPolicies(path);
for (int i = 0; i < policies.length; i++) {
if (policies[i] instanceof AccessControlList) {
return (AccessControlList) policies[i];
}
}
throw new IllegalStateException("no access control list applies or is bound to node");
}
Also used :
AccessControlList(javax.jcr.security.AccessControlList)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
Example 97 with AccessControlList
use of javax.jcr.security.AccessControlList in project pentaho-platform by pentaho.
the class JcrRepositoryFileAclUtils method internalUpdateAcl.
private static RepositoryFileAcl internalUpdateAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable fileId, final RepositoryFileAcl acl) throws RepositoryException {
Node node = session.getNodeByIdentifier(fileId.toString());
if (node == null) {
// $NON-NLS-1$
throw new RepositoryException("Node not found");
}
String absPath = node.getPath();
AccessControlManager acMgr = session.getAccessControlManager();
AccessControlList acList = getAccessControlList(acMgr, absPath);
// clear all entries
AccessControlEntry[] acEntries = acList.getAccessControlEntries();
for (int i = 0; i < acEntries.length; i++) {
acList.removeAccessControlEntry(acEntries[i]);
}
JcrRepositoryFileAclUtils.setAclMetadata(session, absPath, acList, new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));
// add entries to now empty list but only if not inheriting; force user to start with clean slate
if (!acl.isEntriesInheriting()) {
for (RepositoryFileAce ace : acl.getAces()) {
Principal principal = null;
if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
principal = new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(ace.getSid().getName()));
} else {
principal = new SpringSecurityUserPrincipal(JcrTenantUtils.getTenantedUser(ace.getSid().getName()));
}
IPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session);
acList.addAccessControlEntry(principal, permissionConversionHelper.pentahoPermissionsToPrivileges(session, ace.getPermissions()));
}
}
acMgr.setPolicy(absPath, acList);
session.save();
return getAcl(session, pentahoJcrConstants, fileId);
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlList(javax.jcr.security.AccessControlList)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
Node(javax.jcr.Node)
AclMetadata(org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
RepositoryException(javax.jcr.RepositoryException)
IPermissionConversionHelper(org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper)
SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)
SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)
SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)
Principal(java.security.Principal)
SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)
Aggregations
AccessControlList (javax.jcr.security.AccessControlList)97
AccessControlEntry (javax.jcr.security.AccessControlEntry)49
AccessControlManager (javax.jcr.security.AccessControlManager)49
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)39
Privilege (javax.jcr.security.Privilege)25
Node (javax.jcr.Node)17
RepositoryException (javax.jcr.RepositoryException)17
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)17
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)15
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)15
Test (org.junit.Test)13
Principal (java.security.Principal)12
AccessDeniedException (javax.jcr.AccessDeniedException)12
ArrayList (java.util.ArrayList)9
HashSet (java.util.HashSet)6
AccessControlException (javax.jcr.security.AccessControlException)6
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6
NodeImpl (org.apache.jackrabbit.core.NodeImpl)6
MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)5
AccessControlException (java.security.AccessControlException)5
