use of org.apache.jackrabbit.core.config.SecurityManagerConfig in project jackrabbit by apache.
the class SimpleSecurityManager method init.
//------------------------------------------< JackrabbitSecurityManager >---
/**
* @see JackrabbitSecurityManager#init(Repository, Session)
*/
public void init(Repository repository, Session systemSession) throws RepositoryException {
if (initialized) {
throw new IllegalStateException("already initialized");
}
if (!(repository instanceof RepositoryImpl)) {
throw new RepositoryException("RepositoryImpl expected");
}
this.systemSession = systemSession;
config = ((RepositoryImpl) repository).getConfig().getSecurityConfig();
// read the LoginModule configuration
LoginModuleConfig loginModConf = config.getLoginModuleConfig();
authCtxProvider = new AuthContextProvider(config.getAppName(), loginModConf);
if (authCtxProvider.isLocal()) {
log.info("init: using Repository LoginModule configuration for " + config.getAppName());
} else if (authCtxProvider.isJAAS()) {
log.info("init: using JAAS LoginModule configuration for " + config.getAppName());
} else {
String msg = "No valid LoginModule configuriation for " + config.getAppName();
log.error(msg);
throw new RepositoryException(msg);
}
Properties[] moduleConfig = authCtxProvider.getModuleConfig();
// retrieve default-ids (admin and anonymous) from login-module-configuration.
for (Properties aModuleConfig1 : moduleConfig) {
if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
adminID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
}
if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
anonymID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
}
}
// fallback:
if (adminID == null) {
log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
adminID = SecurityConstants.ADMIN_ID;
}
if (anonymID == null) {
log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
anonymID = SecurityConstants.ANONYMOUS_ID;
}
// most simple principal provider registry, that does not read anything
// from configuration
PrincipalProvider principalProvider = new SimplePrincipalProvider();
// skip init of provider (nop)
principalProviderRegistry = new ProviderRegistryImpl(principalProvider);
// register all configured principal providers.
for (Properties aModuleConfig : moduleConfig) {
principalProviderRegistry.registerProvider(aModuleConfig);
}
SecurityManagerConfig smc = config.getSecurityManagerConfig();
if (smc != null && smc.getWorkspaceAccessConfig() != null) {
workspaceAccessManager = smc.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
} else {
// fallback -> the default simple implementation
log.debug("No WorkspaceAccessManager configured; using default.");
workspaceAccessManager = new SimpleWorkspaceAccessManager();
}
workspaceAccessManager.init(systemSession);
initialized = true;
}
use of org.apache.jackrabbit.core.config.SecurityManagerConfig in project jackrabbit by apache.
the class RepositoryImpl method initStartupWorkspaces.
/**
* Initialize startup workspaces. Base implementation will initialize the
* default workspace. Derived classes may initialize their own startup
* workspaces <b>after</b> having called the base implementation.
*
* @throws RepositoryException if an error occurs
*/
protected void initStartupWorkspaces() throws RepositoryException {
String wspName = repConfig.getDefaultWorkspaceName();
String secWspName = null;
SecurityManagerConfig smc = repConfig.getSecurityConfig().getSecurityManagerConfig();
if (smc != null) {
secWspName = smc.getWorkspaceName();
}
try {
(wspInfos.get(wspName)).initialize();
if (secWspName != null && !wspInfos.containsKey(secWspName)) {
createWorkspace(secWspName);
log.info("created system workspace: {}", secWspName);
}
} catch (RepositoryException e) {
// if default workspace failed to initialize, shutdown again
log.error("Failed to initialize workspace '" + wspName + "'", e);
log.error("Unable to start repository, forcing shutdown...");
shutdown();
throw e;
}
}
use of org.apache.jackrabbit.core.config.SecurityManagerConfig in project jackrabbit by apache.
the class RepositoryImpl method initSecurityManager.
/**
* Creates the {@link org.apache.jackrabbit.core.security.JackrabbitSecurityManager SecurityManager}
* of this <code>Repository</code> and adds it to the repository context.
*
* @throws RepositoryException if an error occurs.
*/
private synchronized void initSecurityManager() throws RepositoryException {
SecurityManagerConfig smc = getConfig().getSecurityConfig().getSecurityManagerConfig();
if (smc == null) {
log.debug("No configuration entry for SecurityManager. Using org.apache.jackrabbit.core.security.simple.SimpleSecurityManager");
securityMgr = new SimpleSecurityManager();
} else {
securityMgr = smc.newInstance(JackrabbitSecurityManager.class);
}
log.info("SecurityManager = " + securityMgr.getClass());
context.setSecurityManager(securityMgr);
String workspaceName = getConfig().getDefaultWorkspaceName();
if (smc != null && smc.getWorkspaceName() != null) {
workspaceName = smc.getWorkspaceName();
}
// mark the workspace as 'active' for that it does not get disposed
// by the workspace-janitor
// TODO: There should be a cleaner way to do this
markWorkspaceActive(workspaceName);
// FIXME: Note that this call must be done *after* the security
// manager has been added to the repository context, since the
// initialisation code may invoke code that depends on the presence
// of a security manager. It would be better if this was not the case.
SystemSession systemSession = getSystemSession(workspaceName);
securityMgr.init(this, systemSession);
// initial security specific repository descriptors that are defined
// by JackrabbitRepository
ValueFactory vf = ValueFactoryImpl.getInstance();
boolean hasUserMgt;
try {
securityMgr.getUserManager(systemSession);
hasUserMgt = true;
} catch (RepositoryException e) {
hasUserMgt = false;
}
setDescriptor(JackrabbitRepository.OPTION_USER_MANAGEMENT_SUPPORTED, vf.createValue(hasUserMgt));
boolean hasPrincipalMgt;
try {
securityMgr.getPrincipalManager(systemSession);
hasPrincipalMgt = true;
} catch (RepositoryException e) {
hasPrincipalMgt = false;
}
setDescriptor(JackrabbitRepository.OPTION_PRINCIPAL_MANAGEMENT_SUPPORTED, vf.createValue(hasPrincipalMgt));
setDescriptor(JackrabbitRepository.OPTION_PRIVILEGE_MANAGEMENT_SUPPORTED, vf.createValue(true));
}
use of org.apache.jackrabbit.core.config.SecurityManagerConfig in project jackrabbit by apache.
the class DefaultSecurityManager method init.
//------------------------------------------< JackrabbitSecurityManager >---
/**
* @see JackrabbitSecurityManager#init(Repository, Session)
*/
public synchronized void init(Repository repository, Session systemSession) throws RepositoryException {
if (initialized) {
throw new IllegalStateException("already initialized");
}
if (!(repository instanceof RepositoryImpl)) {
throw new RepositoryException("RepositoryImpl expected");
}
if (!(systemSession instanceof SystemSession)) {
throw new RepositoryException("SystemSession expected");
}
this.systemSession = (SystemSession) systemSession;
this.repository = (RepositoryImpl) repository;
SecurityConfig config = this.repository.getConfig().getSecurityConfig();
LoginModuleConfig loginModConf = config.getLoginModuleConfig();
// build AuthContextProvider based on appName + optional LoginModuleConfig
authContextProvider = new AuthContextProvider(config.getAppName(), loginModConf);
if (authContextProvider.isLocal()) {
log.info("init: use Repository Login-Configuration for " + config.getAppName());
} else if (authContextProvider.isJAAS()) {
log.info("init: use JAAS login-configuration for " + config.getAppName());
} else {
String msg = "Neither JAAS nor RepositoryConfig contained a valid configuration for " + config.getAppName();
log.error(msg);
throw new RepositoryException(msg);
}
Properties[] moduleConfig = authContextProvider.getModuleConfig();
// retrieve default-ids (admin and anonymous) from login-module-configuration.
for (Properties props : moduleConfig) {
if (props.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
adminId = props.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
}
if (props.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
anonymousId = props.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
}
}
// fallback:
if (adminId == null) {
log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
adminId = SecurityConstants.ADMIN_ID;
}
if (anonymousId == null) {
log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
anonymousId = SecurityConstants.ANONYMOUS_ID;
}
// create the system userManager and make sure the system-users exist.
systemUserManager = createUserManager(this.systemSession);
createSystemUsers(systemUserManager, this.systemSession, adminId, anonymousId);
// init default ac-provider-factory
acProviderFactory = new AccessControlProviderFactoryImpl();
acProviderFactory.init(this.systemSession);
// create the workspace access manager
SecurityManagerConfig smc = config.getSecurityManagerConfig();
if (smc != null && smc.getWorkspaceAccessConfig() != null) {
workspaceAccessManager = smc.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
} else {
// fallback -> the default implementation
log.debug("No WorkspaceAccessManager configured; using default.");
workspaceAccessManager = createDefaultWorkspaceAccessManager();
}
workspaceAccessManager.init(this.systemSession);
// initialize principal-provider registry
// 1) create default
PrincipalProvider defaultPP = createDefaultPrincipalProvider(moduleConfig);
// 2) create registry instance
principalProviderRegistry = new ProviderRegistryImpl(defaultPP);
// 3) register all configured principal providers.
for (Properties props : moduleConfig) {
principalProviderRegistry.registerProvider(props);
}
initialized = true;
}
Aggregations