Example 91 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class UserImporter method processReferences.
/**
* @see org.apache.jackrabbit.core.xml.ProtectedPropertyImporter#processReferences()
*/
public void processReferences() throws RepositoryException {
if (!initialized) {
throw new IllegalStateException("Not initialized");
}
// assert that user manager is isn't in auto-save mode
if (userManager.isAutoSave()) {
userManager.autoSave(false);
}
try {
List<Object> processed = new ArrayList<Object>();
for (Iterator<Object> it = referenceTracker.getProcessedReferences(); it.hasNext(); ) {
Object reference = it.next();
if (reference instanceof Membership) {
Authorizable a = userManager.getAuthorizable(((Membership) reference).groupId);
if (a == null || !a.isGroup()) {
throw new RepositoryException(((Membership) reference).groupId + " does not represent a valid group.");
}
final Group gr = (Group) a;
// 1. collect members to add and to remove.
Map<String, Authorizable> toRemove = new HashMap<String, Authorizable>();
for (Iterator<Authorizable> declMembers = gr.getDeclaredMembers(); declMembers.hasNext(); ) {
Authorizable dm = declMembers.next();
toRemove.put(dm.getID(), dm);
}
List<Authorizable> toAdd = new ArrayList<Authorizable>();
final List<Membership.Member> nonExisting = new ArrayList<Membership.Member>();
for (Membership.Member member : ((Membership) reference).members) {
NodeId remapped = referenceTracker.getMappedId(member.id);
NodeId id = (remapped == null) ? member.id : remapped;
Authorizable authorz = null;
try {
NodeImpl n = ((SessionImpl) session).getNodeById(id);
authorz = userManager.getAuthorizable(n);
} catch (RepositoryException e) {
// no such node or failed to retrieve authorizable
// warning is logged below.
}
if (authorz != null) {
if (toRemove.remove(authorz.getID()) == null) {
toAdd.add(authorz);
}
// else: no need to remove from rep:members
} else {
handleFailure("New member of " + gr + ": No such authorizable (NodeID = " + id + ")");
if (importBehavior == ImportBehavior.BESTEFFORT) {
log.info("ImportBehavior.BESTEFFORT: Remember non-existing member for processing.");
nonExisting.add(member);
}
}
}
// 2. adjust members of the group
for (Authorizable m : toRemove.values()) {
if (!gr.removeMember(m)) {
handleFailure("Failed remove existing member (" + m + ") from " + gr);
}
}
for (Authorizable m : toAdd) {
if (!gr.addMember(m)) {
handleFailure("Failed add member (" + m + ") to " + gr);
}
}
// handling non-existing members in case of best-effort
if (!nonExisting.isEmpty()) {
log.info("ImportBehavior.BESTEFFORT: Found " + nonExisting.size() + " entries of rep:members pointing to non-existing authorizables. Adding to rep:members.");
final NodeImpl groupNode = ((AuthorizableImpl) gr).getNode();
if (userManager.hasMemberSplitSize()) {
userManager.performProtectedOperation((SessionImpl) session, new SessionWriteOperation<Object>() {
public Boolean perform(SessionContext context) throws RepositoryException {
NodeImpl nMembers = (groupNode.hasNode(UserConstants.N_MEMBERS) ? groupNode.getNode(UserConstants.N_MEMBERS) : groupNode.addNode(UserConstants.N_MEMBERS, UserConstants.NT_REP_MEMBERS, null));
// Create N_MEMBERS node structure for holding member references
for (Membership.Member member : nonExisting) {
PropertySequence properties = GroupImpl.getPropertySequence(nMembers, userManager);
String propName = member.name;
if (propName == null) {
log.debug("Ignoring unnamed user with id {}", member.id);
continue;
}
if (properties.hasItem(propName)) {
log.debug("Overwriting authorizable {} which is already member of {}.", propName, gr);
properties.removeProperty(propName);
}
Value newMember = session.getValueFactory().createValue(member.id.toString(), PropertyType.WEAKREFERENCE);
properties.addProperty(propName, newMember);
}
return null;
}
});
} else {
// Create P_MEMBERS for holding member references
// build list of valid members set before ....
List<Value> memberValues = new ArrayList<Value>();
if (groupNode.hasProperty(UserConstants.P_MEMBERS)) {
Value[] vls = groupNode.getProperty(UserConstants.P_MEMBERS).getValues();
memberValues.addAll(Arrays.asList(vls));
}
// ... and the non-Existing ones.
for (Membership.Member member : nonExisting) {
memberValues.add(session.getValueFactory().createValue(member.id.toString(), PropertyType.WEAKREFERENCE));
}
// and use implementation specific method to set the
// value of rep:members properties which was not possible
// through the API
userManager.setProtectedProperty(groupNode, UserConstants.P_MEMBERS, memberValues.toArray(new Value[memberValues.size()]), PropertyType.WEAKREFERENCE);
}
}
processed.add(reference);
} else if (reference instanceof Impersonators) {
Authorizable a = userManager.getAuthorizable(((Impersonators) reference).userId);
if (a == null || a.isGroup()) {
throw new RepositoryException(((Impersonators) reference).userId + " does not represent a valid user.");
}
Impersonation imp = ((User) a).getImpersonation();
// 1. collect principals to add and to remove.
Map<String, Principal> toRemove = new HashMap<String, Principal>();
for (PrincipalIterator pit = imp.getImpersonators(); pit.hasNext(); ) {
Principal princ = pit.nextPrincipal();
toRemove.put(princ.getName(), princ);
}
List<Principal> toAdd = new ArrayList<Principal>();
Value[] vs = ((Impersonators) reference).values;
for (Value v : vs) {
String princName = v.getString();
if (toRemove.remove(princName) == null) {
// add it to the list of new impersonators to be added.
toAdd.add(new PrincipalImpl(princName));
}
// else: no need to revoke impersonation for the given principal.
}
// 2. adjust set of impersonators
for (Principal princ : toRemove.values()) {
if (!imp.revokeImpersonation(princ)) {
handleFailure("Failed to revoke impersonation for " + princ.getName() + " on " + a);
}
}
for (Principal princ : toAdd) {
if (!imp.grantImpersonation(princ)) {
handleFailure("Failed to grant impersonation for " + princ.getName() + " on " + a);
}
}
// NOTE: no best effort handling so far. (TODO)
processed.add(reference);
}
}
// successfully processed this entry of the reference tracker
// -> remove from the reference tracker.
referenceTracker.removeReferences(processed);
} finally {
// the original state.
if (resetAutoSave) {
userManager.autoSave(true);
}
}
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
Impersonation(org.apache.jackrabbit.api.security.user.Impersonation)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
List(java.util.List)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator)
RepositoryException(javax.jcr.RepositoryException)
PropertySequence(org.apache.jackrabbit.commons.flat.PropertySequence)
NodeId(org.apache.jackrabbit.core.id.NodeId)
Value(javax.jcr.Value)
SessionContext(org.apache.jackrabbit.core.session.SessionContext)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
HashMap(java.util.HashMap)
Map(java.util.Map)
Principal(java.security.Principal)
Example 92 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class UserManagerImpl method createUser.
/**
* @see UserManager#createUser(String, String, java.security.Principal, String)
*/
public User createUser(String userID, String password, Principal principal, String intermediatePath) throws AuthorizableExistsException, RepositoryException {
checkValidID(userID);
try {
NodeImpl userNode = (NodeImpl) nodeCreator.createUserNode(userID, intermediatePath);
setPrincipal(userNode, principal);
setPassword(userNode, password, true);
User user = createUser(userNode);
onCreate(user, password);
if (isAutoSave()) {
session.save();
}
log.debug("User created: " + userID + "; " + userNode.getPath());
return user;
} catch (RepositoryException e) {
// something went wrong -> revert changes and re-throw
session.refresh(false);
log.debug("Failed to create new User, reverting changes.");
throw e;
}
}
Also used :
User(org.apache.jackrabbit.api.security.user.User)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
RepositoryException(javax.jcr.RepositoryException)
Example 93 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class UserManagerImpl method createGroup.
/**
* Create a new <code>Group</code> from the given <code>groupID</code> and
* <code>principal</code>. It will be created below the defined
* {@link #getGroupsPath() group path}.<br>
* Non-existent elements of the Path will be created as nodes
* of type {@link #NT_REP_AUTHORIZABLE_FOLDER rep:AuthorizableFolder}.
*
* @param groupID A groupID that hasn't been used before for another
* user or group.
* @param principal A principal that doesn't yet represent an existing user
* or group.
* @param intermediatePath Is always ignored.
* @return A new group.
* @throws AuthorizableExistsException
* @throws RepositoryException
* @see UserManager#createGroup(String, java.security.Principal, String)
*/
public Group createGroup(String groupID, Principal principal, String intermediatePath) throws AuthorizableExistsException, RepositoryException {
checkValidID(groupID);
// NOTE: principal validation during setPrincipal call.
try {
NodeImpl groupNode = (NodeImpl) nodeCreator.createGroupNode(groupID, intermediatePath);
if (principal != null) {
setPrincipal(groupNode, principal);
}
Group group = createGroup(groupNode);
onCreate(group);
if (isAutoSave()) {
session.save();
}
log.debug("Group created: " + groupID + "; " + groupNode.getPath());
return group;
} catch (RepositoryException e) {
session.refresh(false);
log.debug("newInstance new Group failed, revert changes on parent");
throw e;
}
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
RepositoryException(javax.jcr.RepositoryException)
Example 94 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class UserAccessControlProvider method compilePermissions.
/**
* @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#compilePermissions(Set)
*/
public CompiledPermissions compilePermissions(Set<Principal> principals) throws RepositoryException {
checkInitialized();
if (isAdminOrSystem(principals)) {
return getAdminPermissions();
} else {
if (!anonymousAccess && isAnonymous(principals)) {
return CompiledPermissions.NO_PERMISSION;
}
// determined the 'user' present in the given set of principals.
ItemBasedPrincipal userPrincipal = getUserPrincipal(principals);
NodeImpl userNode = getUserNode(userPrincipal);
if (userNode == null) {
// security workspace.
return CompiledPermissions.NO_PERMISSION;
} else {
return new CompiledPermissionsImpl(principals, userNode.getPath());
}
}
}
Also used :
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
Example 95 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class UserAccessControlProvider method getUserNode.
private NodeImpl getUserNode(ItemBasedPrincipal principal) {
NodeImpl userNode = null;
if (principal != null) {
try {
String path = principal.getPath();
userNode = (NodeImpl) session.getNode(path);
} catch (RepositoryException e) {
log.warn("Error while retrieving user node. {}", e.getMessage());
}
}
return userNode;
}
Also used :
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
RepositoryException(javax.jcr.RepositoryException)
Aggregations
NodeImpl (org.apache.jackrabbit.core.NodeImpl)161
RepositoryException (javax.jcr.RepositoryException)34
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)29
NodeId (org.apache.jackrabbit.core.id.NodeId)25
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)18
ArrayList (java.util.ArrayList)17
Value (javax.jcr.Value)16
Name (org.apache.jackrabbit.spi.Name)16
AccessControlEntry (javax.jcr.security.AccessControlEntry)15
ConstraintViolationException (javax.jcr.nodetype.ConstraintViolationException)13
AccessControlManager (javax.jcr.security.AccessControlManager)13
ByteArrayInputStream (java.io.ByteArrayInputStream)12
InputStream (java.io.InputStream)12
NodeIterator (javax.jcr.NodeIterator)12
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)11
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)11
Principal (java.security.Principal)10
Node (javax.jcr.Node)10
ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)10
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)9
