Example 11 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class RetentionManagerImpl method setRetentionPolicy.
/**
* @see RetentionManager#setRetentionPolicy(String, RetentionPolicy)
*/
public void setRetentionPolicy(String absPath, RetentionPolicy retentionPolicy) throws PathNotFoundException, AccessDeniedException, LockException, VersionException, RepositoryException {
NodeImpl n = (NodeImpl) session.getNode(absPath);
if (!(retentionPolicy instanceof RetentionPolicyImpl)) {
throw new RepositoryException("Invalid retention policy.");
}
Value retentionReference = session.getValueFactory().createValue(retentionPolicy.getName(), PropertyType.NAME);
if (!n.isNodeType(REP_RETENTION_MANAGEABLE)) {
n.addMixin(REP_RETENTION_MANAGEABLE);
}
setProperty(n, REP_RETENTION_POLICY, retentionReference);
}
Also used :
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
Value(javax.jcr.Value)
RepositoryException(javax.jcr.RepositoryException)
Example 12 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class ACLEditor method getPolicies.
//------------------------------------------------< AccessControlEditor >---
/**
* @see AccessControlEditor#getPolicies(String)
*/
public AccessControlPolicy[] getPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
checkProtectsNode(nodePath);
NodeImpl aclNode = getAclNode(nodePath);
if (aclNode == null) {
return new AccessControlPolicy[0];
} else {
return new AccessControlPolicy[] { getACL(aclNode, nodePath) };
}
}
Also used :
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
Example 13 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class ACLEditor method removePolicy.
/**
* @see AccessControlEditor#removePolicy(String,AccessControlPolicy)
*/
public synchronized void removePolicy(String nodePath, AccessControlPolicy policy) throws AccessControlException, RepositoryException {
checkProtectsNode(nodePath);
checkValidPolicy(nodePath, policy);
NodeImpl aclNode = getAclNode(nodePath);
if (aclNode != null) {
removeItem(aclNode);
} else {
throw new AccessControlException("No policy to remove at " + nodePath);
}
}
Also used :
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
AccessControlException(javax.jcr.security.AccessControlException)
Example 14 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class ACLProvider method getEffectivePolicies.
/**
* @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(java.util.Set, CompiledPermissions)
*/
public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals, CompiledPermissions permissions) throws RepositoryException {
String propName = ISO9075.encode(session.getJCRName(P_PRINCIPAL_NAME));
StringBuilder stmt = new StringBuilder("/jcr:root");
stmt.append("//element(*,");
stmt.append(session.getJCRName(NT_REP_ACE));
stmt.append(")[");
int i = 0;
for (Principal principal : principals) {
if (i > 0) {
stmt.append(" or ");
}
stmt.append("@");
stmt.append(propName);
stmt.append("='");
stmt.append(principal.getName().replaceAll("'", "''"));
stmt.append("'");
i++;
}
stmt.append("]");
QueryResult result;
try {
QueryManager qm = session.getWorkspace().getQueryManager();
Query q = qm.createQuery(stmt.toString(), Query.XPATH);
result = q.execute();
} catch (RepositoryException e) {
log.error("Unexpected error while searching effective policies. {}", e.getMessage());
throw new UnsupportedOperationException("Retrieve effective policies for set of principals not supported.", e);
}
Set<AccessControlPolicy> acls = new LinkedHashSet<AccessControlPolicy>();
for (NodeIterator it = result.getNodes(); it.hasNext(); ) {
NodeImpl aclNode = (NodeImpl) it.nextNode().getParent();
Name aclName = aclNode.getQName();
NodeImpl accessControlledNode = (NodeImpl) aclNode.getParent();
if (N_POLICY.equals(aclName) && isAccessControlled(accessControlledNode)) {
if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
acls.add(getACL(accessControlledNode, N_POLICY, accessControlledNode.getPath()));
} else {
throw new AccessDeniedException("Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
}
} else if (N_REPO_POLICY.equals(aclName) && isRepoAccessControlled(accessControlledNode)) {
if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
acls.add(getACL(accessControlledNode, N_REPO_POLICY, null));
} else {
throw new AccessDeniedException("Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
}
}
// else: not a regular policy node -> ignore.
}
return acls.toArray(new AccessControlPolicy[acls.size()]);
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
NodeIterator(javax.jcr.NodeIterator)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
AccessDeniedException(javax.jcr.AccessDeniedException)
Query(javax.jcr.query.Query)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
RepositoryException(javax.jcr.RepositoryException)
Name(org.apache.jackrabbit.spi.Name)
QueryResult(javax.jcr.query.QueryResult)
QueryManager(javax.jcr.query.QueryManager)
Principal(java.security.Principal)
Example 15 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.
the class ACLProvider method init.
//----------------------------------------------< AccessControlProvider >---
/**
* @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(Session, Map)
*/
@Override
public void init(Session systemSession, Map configuration) throws RepositoryException {
super.init(systemSession, configuration);
allowUnknownPrincipals = "true".equals(configuration.get(PARAM_ALLOW_UNKNOWN_PRINCIPALS));
// make sure the workspace of the given systemSession has a
// minimal protection on the root node.
NodeImpl root = (NodeImpl) session.getRootNode();
rootNodeId = root.getNodeId();
ACLEditor systemEditor = new ACLEditor(session, this, allowUnknownPrincipals);
// TODO: replace by configurable default policy (see JCR-2331)
boolean initializedWithDefaults = !configuration.containsKey(PARAM_OMIT_DEFAULT_PERMISSIONS);
if (initializedWithDefaults && !isAccessControlled(root)) {
initRootACL(session, systemEditor);
}
entryCollector = createEntryCollector(session);
}
Also used :
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
Aggregations
NodeImpl (org.apache.jackrabbit.core.NodeImpl)161
RepositoryException (javax.jcr.RepositoryException)34
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)29
NodeId (org.apache.jackrabbit.core.id.NodeId)25
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)18
ArrayList (java.util.ArrayList)17
Value (javax.jcr.Value)16
Name (org.apache.jackrabbit.spi.Name)16
AccessControlEntry (javax.jcr.security.AccessControlEntry)15
ConstraintViolationException (javax.jcr.nodetype.ConstraintViolationException)13
AccessControlManager (javax.jcr.security.AccessControlManager)13
ByteArrayInputStream (java.io.ByteArrayInputStream)12
InputStream (java.io.InputStream)12
NodeIterator (javax.jcr.NodeIterator)12
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)11
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)11
Principal (java.security.Principal)10
Node (javax.jcr.Node)10
ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)10
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)9
