Examples with NodeImpl org.apache.jackrabbit.core.NodeImpl used on opensource projects

Example 16 with NodeImpl

use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.

the class ACLProvider method getEffectivePolicies.

/**
     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(org.apache.jackrabbit.spi.Path,org.apache.jackrabbit.core.security.authorization.CompiledPermissions)
     */
public AccessControlPolicy[] getEffectivePolicies(Path absPath, CompiledPermissions permissions) throws ItemNotFoundException, RepositoryException {
    checkInitialized();
    NodeImpl targetNode;
    List<AccessControlList> acls = new ArrayList<AccessControlList>();
    if (absPath == null) {
        targetNode = (NodeImpl) session.getRootNode();
        if (isRepoAccessControlled(targetNode)) {
            if (permissions.grants(targetNode.getPrimaryPath(), Permission.READ_AC)) {
                acls.add(getACL(targetNode, N_REPO_POLICY, null));
            } else {
                throw new AccessDeniedException("Access denied at " + targetNode.getPath());
            }
        }
    } else {
        targetNode = (NodeImpl) session.getNode(session.getJCRPath(absPath));
        NodeImpl node = getNode(targetNode, isAcItem(targetNode));
        // collect all ACLs effective at node
        collectAcls(node, permissions, acls);
    }
    // if no effective ACLs are present -> add a default, empty acl.
    if (acls.isEmpty()) {
        // no access control information can be retrieved for the specified
        // node, since neither the node nor any of its parents is access
        // controlled. TODO: there should be a default policy in this case (see JCR-2331)
        log.warn("No access controlled node present in item hierarchy starting from " + targetNode.getPath());
    }
    return acls.toArray(new AccessControlList[acls.size()]);
}

Example 17 with NodeImpl

use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.

the class TokenProvider method createToken.

/**
     * Create a separate token node underneath a dedicated token store within
     * the user home node. That token node contains the hashed token, the
     * expiration time and additional mandatory attributes that will be verified
     * during login.
     *
     * @param userId     The identifier of the user for which a new token should
     *                   be created.
     * @param attributes The attributes associated with the new token.
     * @return A new {@code TokenInfo} or {@code null} if the token could not
     *         be created.
     */
private TokenInfo createToken(User user, Map<String, ?> attributes) throws RepositoryException {
    String error = "Failed to create login token. ";
    NodeImpl tokenParent = getTokenParent(user);
    if (tokenParent != null) {
        try {
            ValueFactory vf = session.getValueFactory();
            long creationTime = new Date().getTime();
            Calendar creation = GregorianCalendar.getInstance();
            creation.setTimeInMillis(creationTime);
            Name tokenName = session.getQName(Text.replace(ISO8601.format(creation), ":", "."));
            NodeImpl tokenNode = super.addNode(tokenParent, tokenName, session.getQName(TOKEN_NT_NAME), NodeId.randomId());
            String key = generateKey(8);
            String token = new StringBuilder(tokenNode.getId().toString()).append(DELIM).append(key).toString();
            String keyHash = PasswordUtility.buildPasswordHash(getKeyValue(key, user.getID()));
            setProperty(tokenNode, session.getQName(TOKEN_ATTRIBUTE_KEY), vf.createValue(keyHash));
            setProperty(tokenNode, session.getQName(TOKEN_ATTRIBUTE_EXPIRY), createExpirationValue(creationTime, session));
            for (String name : attributes.keySet()) {
                if (!RESERVED_ATTRIBUTES.contains(name)) {
                    String attr = attributes.get(name).toString();
                    setProperty(tokenNode, session.getQName(name), vf.createValue(attr));
                }
            }
            session.save();
            return new TokenInfoImpl(tokenNode, token, user.getID());
        } catch (NoSuchAlgorithmException e) {
            // error while generating login token
            log.error(error, e);
        } catch (UnsupportedEncodingException e) {
            // error while generating login token
            log.error(error, e);
        } catch (AccessDeniedException e) {
            log.warn(error, e);
        }
    } else {
        log.warn("Unable to get/create token store for user {}", user.getID());
    }
    return null;
}

Example 18 with NodeImpl

use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.

the class TokenProvider method getTokenInfo.

/**
     * Retrieves the token information associated with the specified login
     * token. If no accessible {@code Tree} exists for the given token or if
     * the token is not associated with a valid user this method returns {@code null}.
     *
     * @param token A valid login token.
     * @return The {@code TokenInfo} associated with the specified token or
     *         {@code null} of the corresponding information does not exist or is not
     *         associated with a valid user.
     */
public TokenInfo getTokenInfo(String token) throws RepositoryException {
    if (token == null) {
        return null;
    }
    NodeImpl tokenNode = (NodeImpl) getTokenNode(token, session);
    String userId = getUserId(tokenNode, userManager);
    if (userId == null || !isValidTokenTree(tokenNode)) {
        return null;
    } else {
        return new TokenInfoImpl(tokenNode, token, userId);
    }
}

Example 19 with NodeImpl

use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.

the class CompatTokenProvider method getUserId.

private static String getUserId(NodeImpl tokenNode, UserManager userManager) throws RepositoryException {
    if (tokenNode != null) {
        final NodeImpl userNode = (NodeImpl) tokenNode.getParent().getParent();
        final String principalName = userNode.getProperty(UserImpl.P_PRINCIPAL_NAME).getString();
        if (userNode.isNodeType(UserImpl.NT_REP_USER)) {
            Authorizable a = userManager.getAuthorizable(new ItemBasedPrincipal() {

                public String getPath() throws RepositoryException {
                    return userNode.getPath();
                }

                public String getName() {
                    return principalName;
                }
            });
            if (a != null && !a.isGroup() && !((User) a).isDisabled()) {
                return a.getID();
            }
        } else {
            throw new RepositoryException("Failed to calculate userId from token credentials");
        }
    }
    return null;
}

Example 20 with NodeImpl

use of org.apache.jackrabbit.core.NodeImpl in project jackrabbit by apache.

the class CachingEntryCollector method getNextID.

/**
     * Find the next access control ancestor in the hierarchy 'null' indicates
     * that there is no ac-controlled ancestor.
     *
     * @param node The target node for which the cache needs to be updated.
     * @return The NodeId of the next access controlled ancestor in the hierarchy
     * or null
     */
private NodeId getNextID(NodeImpl node) throws RepositoryException {
    NodeImpl n = node;
    NodeId nextId = null;
    while (nextId == null && !isRootId(n.getNodeId())) {
        NodeId parentId = n.getParentId();
        if (cache.containsKey(parentId)) {
            nextId = parentId;
        } else {
            NodeImpl parent = (NodeImpl) n.getParent();
            if (hasEntries(parent)) {
                nextId = parentId;
            } else {
                // try next ancestor
                n = parent;
            }
        }
    }
    return nextId;
}