Search in sources :

Example 1 with SecurityManagerConfig

use of org.apache.jackrabbit.core.config.SecurityManagerConfig in project jackrabbit by apache.

the class SimpleSecurityManager method init.

//------------------------------------------< JackrabbitSecurityManager >---
/**
     * @see JackrabbitSecurityManager#init(Repository, Session)
     */
public void init(Repository repository, Session systemSession) throws RepositoryException {
    if (initialized) {
        throw new IllegalStateException("already initialized");
    }
    if (!(repository instanceof RepositoryImpl)) {
        throw new RepositoryException("RepositoryImpl expected");
    }
    this.systemSession = systemSession;
    config = ((RepositoryImpl) repository).getConfig().getSecurityConfig();
    // read the LoginModule configuration
    LoginModuleConfig loginModConf = config.getLoginModuleConfig();
    authCtxProvider = new AuthContextProvider(config.getAppName(), loginModConf);
    if (authCtxProvider.isLocal()) {
        log.info("init: using Repository LoginModule configuration for " + config.getAppName());
    } else if (authCtxProvider.isJAAS()) {
        log.info("init: using JAAS LoginModule configuration for " + config.getAppName());
    } else {
        String msg = "No valid LoginModule configuriation for " + config.getAppName();
        log.error(msg);
        throw new RepositoryException(msg);
    }
    Properties[] moduleConfig = authCtxProvider.getModuleConfig();
    // retrieve default-ids (admin and anonymous) from login-module-configuration.
    for (Properties aModuleConfig1 : moduleConfig) {
        if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
            adminID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
        }
        if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
            anonymID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
        }
    }
    // fallback:
    if (adminID == null) {
        log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
        adminID = SecurityConstants.ADMIN_ID;
    }
    if (anonymID == null) {
        log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
        anonymID = SecurityConstants.ANONYMOUS_ID;
    }
    // most simple principal provider registry, that does not read anything
    // from configuration
    PrincipalProvider principalProvider = new SimplePrincipalProvider();
    // skip init of provider (nop)
    principalProviderRegistry = new ProviderRegistryImpl(principalProvider);
    // register all configured principal providers.
    for (Properties aModuleConfig : moduleConfig) {
        principalProviderRegistry.registerProvider(aModuleConfig);
    }
    SecurityManagerConfig smc = config.getSecurityManagerConfig();
    if (smc != null && smc.getWorkspaceAccessConfig() != null) {
        workspaceAccessManager = smc.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
    } else {
        // fallback -> the default simple implementation
        log.debug("No WorkspaceAccessManager configured; using default.");
        workspaceAccessManager = new SimpleWorkspaceAccessManager();
    }
    workspaceAccessManager.init(systemSession);
    initialized = true;
}
Also used : PrincipalProvider(org.apache.jackrabbit.core.security.principal.PrincipalProvider) RepositoryException(javax.jcr.RepositoryException) Properties(java.util.Properties) AuthContextProvider(org.apache.jackrabbit.core.security.authentication.AuthContextProvider) LoginModuleConfig(org.apache.jackrabbit.core.config.LoginModuleConfig) RepositoryImpl(org.apache.jackrabbit.core.RepositoryImpl) SecurityManagerConfig(org.apache.jackrabbit.core.config.SecurityManagerConfig) WorkspaceAccessManager(org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager) ProviderRegistryImpl(org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)

Example 2 with SecurityManagerConfig

use of org.apache.jackrabbit.core.config.SecurityManagerConfig in project jackrabbit by apache.

the class RepositoryImpl method initStartupWorkspaces.

/**
     * Initialize startup workspaces. Base implementation will initialize the
     * default workspace. Derived classes may initialize their own startup
     * workspaces <b>after</b> having called the base implementation.
     *
     * @throws RepositoryException if an error occurs
     */
protected void initStartupWorkspaces() throws RepositoryException {
    String wspName = repConfig.getDefaultWorkspaceName();
    String secWspName = null;
    SecurityManagerConfig smc = repConfig.getSecurityConfig().getSecurityManagerConfig();
    if (smc != null) {
        secWspName = smc.getWorkspaceName();
    }
    try {
        (wspInfos.get(wspName)).initialize();
        if (secWspName != null && !wspInfos.containsKey(secWspName)) {
            createWorkspace(secWspName);
            log.info("created system workspace: {}", secWspName);
        }
    } catch (RepositoryException e) {
        // if default workspace failed to initialize, shutdown again
        log.error("Failed to initialize workspace '" + wspName + "'", e);
        log.error("Unable to start repository, forcing shutdown...");
        shutdown();
        throw e;
    }
}
Also used : SecurityManagerConfig(org.apache.jackrabbit.core.config.SecurityManagerConfig) RepositoryException(javax.jcr.RepositoryException)

Example 3 with SecurityManagerConfig

use of org.apache.jackrabbit.core.config.SecurityManagerConfig in project jackrabbit by apache.

the class RepositoryImpl method initSecurityManager.

/**
     * Creates the {@link org.apache.jackrabbit.core.security.JackrabbitSecurityManager SecurityManager}
     * of this <code>Repository</code> and adds it to the repository context.
     *
     * @throws RepositoryException if an error occurs.
     */
private synchronized void initSecurityManager() throws RepositoryException {
    SecurityManagerConfig smc = getConfig().getSecurityConfig().getSecurityManagerConfig();
    if (smc == null) {
        log.debug("No configuration entry for SecurityManager. Using org.apache.jackrabbit.core.security.simple.SimpleSecurityManager");
        securityMgr = new SimpleSecurityManager();
    } else {
        securityMgr = smc.newInstance(JackrabbitSecurityManager.class);
    }
    log.info("SecurityManager = " + securityMgr.getClass());
    context.setSecurityManager(securityMgr);
    String workspaceName = getConfig().getDefaultWorkspaceName();
    if (smc != null && smc.getWorkspaceName() != null) {
        workspaceName = smc.getWorkspaceName();
    }
    // mark the workspace as 'active' for that it does not get disposed
    // by the workspace-janitor
    // TODO: There should be a cleaner way to do this
    markWorkspaceActive(workspaceName);
    // FIXME: Note that this call must be done *after* the security
    // manager has been added to the repository context, since the
    // initialisation code may invoke code that depends on the presence
    // of a security manager. It would be better if this was not the case.
    SystemSession systemSession = getSystemSession(workspaceName);
    securityMgr.init(this, systemSession);
    // initial security specific repository descriptors that are defined
    // by JackrabbitRepository
    ValueFactory vf = ValueFactoryImpl.getInstance();
    boolean hasUserMgt;
    try {
        securityMgr.getUserManager(systemSession);
        hasUserMgt = true;
    } catch (RepositoryException e) {
        hasUserMgt = false;
    }
    setDescriptor(JackrabbitRepository.OPTION_USER_MANAGEMENT_SUPPORTED, vf.createValue(hasUserMgt));
    boolean hasPrincipalMgt;
    try {
        securityMgr.getPrincipalManager(systemSession);
        hasPrincipalMgt = true;
    } catch (RepositoryException e) {
        hasPrincipalMgt = false;
    }
    setDescriptor(JackrabbitRepository.OPTION_PRINCIPAL_MANAGEMENT_SUPPORTED, vf.createValue(hasPrincipalMgt));
    setDescriptor(JackrabbitRepository.OPTION_PRIVILEGE_MANAGEMENT_SUPPORTED, vf.createValue(true));
}
Also used : JackrabbitSecurityManager(org.apache.jackrabbit.core.security.JackrabbitSecurityManager) SecurityManagerConfig(org.apache.jackrabbit.core.config.SecurityManagerConfig) RepositoryException(javax.jcr.RepositoryException) ValueFactory(javax.jcr.ValueFactory) SimpleSecurityManager(org.apache.jackrabbit.core.security.simple.SimpleSecurityManager)

Example 4 with SecurityManagerConfig

use of org.apache.jackrabbit.core.config.SecurityManagerConfig in project jackrabbit by apache.

the class DefaultSecurityManager method init.

//------------------------------------------< JackrabbitSecurityManager >---
/**
     * @see JackrabbitSecurityManager#init(Repository, Session)
     */
public synchronized void init(Repository repository, Session systemSession) throws RepositoryException {
    if (initialized) {
        throw new IllegalStateException("already initialized");
    }
    if (!(repository instanceof RepositoryImpl)) {
        throw new RepositoryException("RepositoryImpl expected");
    }
    if (!(systemSession instanceof SystemSession)) {
        throw new RepositoryException("SystemSession expected");
    }
    this.systemSession = (SystemSession) systemSession;
    this.repository = (RepositoryImpl) repository;
    SecurityConfig config = this.repository.getConfig().getSecurityConfig();
    LoginModuleConfig loginModConf = config.getLoginModuleConfig();
    // build AuthContextProvider based on appName + optional LoginModuleConfig
    authContextProvider = new AuthContextProvider(config.getAppName(), loginModConf);
    if (authContextProvider.isLocal()) {
        log.info("init: use Repository Login-Configuration for " + config.getAppName());
    } else if (authContextProvider.isJAAS()) {
        log.info("init: use JAAS login-configuration for " + config.getAppName());
    } else {
        String msg = "Neither JAAS nor RepositoryConfig contained a valid configuration for " + config.getAppName();
        log.error(msg);
        throw new RepositoryException(msg);
    }
    Properties[] moduleConfig = authContextProvider.getModuleConfig();
    // retrieve default-ids (admin and anonymous) from login-module-configuration.
    for (Properties props : moduleConfig) {
        if (props.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
            adminId = props.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
        }
        if (props.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
            anonymousId = props.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
        }
    }
    // fallback:
    if (adminId == null) {
        log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
        adminId = SecurityConstants.ADMIN_ID;
    }
    if (anonymousId == null) {
        log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
        anonymousId = SecurityConstants.ANONYMOUS_ID;
    }
    // create the system userManager and make sure the system-users exist.
    systemUserManager = createUserManager(this.systemSession);
    createSystemUsers(systemUserManager, this.systemSession, adminId, anonymousId);
    // init default ac-provider-factory
    acProviderFactory = new AccessControlProviderFactoryImpl();
    acProviderFactory.init(this.systemSession);
    // create the workspace access manager
    SecurityManagerConfig smc = config.getSecurityManagerConfig();
    if (smc != null && smc.getWorkspaceAccessConfig() != null) {
        workspaceAccessManager = smc.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
    } else {
        // fallback -> the default implementation
        log.debug("No WorkspaceAccessManager configured; using default.");
        workspaceAccessManager = createDefaultWorkspaceAccessManager();
    }
    workspaceAccessManager.init(this.systemSession);
    // initialize principal-provider registry
    // 1) create default
    PrincipalProvider defaultPP = createDefaultPrincipalProvider(moduleConfig);
    // 2) create registry instance
    principalProviderRegistry = new ProviderRegistryImpl(defaultPP);
    // 3) register all configured principal providers.
    for (Properties props : moduleConfig) {
        principalProviderRegistry.registerProvider(props);
    }
    initialized = true;
}
Also used : AbstractPrincipalProvider(org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider) DefaultPrincipalProvider(org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider) PrincipalProvider(org.apache.jackrabbit.core.security.principal.PrincipalProvider) RepositoryException(javax.jcr.RepositoryException) AccessControlProviderFactoryImpl(org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl) Properties(java.util.Properties) AuthContextProvider(org.apache.jackrabbit.core.security.authentication.AuthContextProvider) SecurityConfig(org.apache.jackrabbit.core.config.SecurityConfig) WorkspaceSecurityConfig(org.apache.jackrabbit.core.config.WorkspaceSecurityConfig) LoginModuleConfig(org.apache.jackrabbit.core.config.LoginModuleConfig) SecurityManagerConfig(org.apache.jackrabbit.core.config.SecurityManagerConfig) WorkspaceAccessManager(org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager) ProviderRegistryImpl(org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)

Aggregations

RepositoryException (javax.jcr.RepositoryException)4 SecurityManagerConfig (org.apache.jackrabbit.core.config.SecurityManagerConfig)4 Properties (java.util.Properties)2 LoginModuleConfig (org.apache.jackrabbit.core.config.LoginModuleConfig)2 AuthContextProvider (org.apache.jackrabbit.core.security.authentication.AuthContextProvider)2 WorkspaceAccessManager (org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager)2 PrincipalProvider (org.apache.jackrabbit.core.security.principal.PrincipalProvider)2 ProviderRegistryImpl (org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)2 ValueFactory (javax.jcr.ValueFactory)1 RepositoryImpl (org.apache.jackrabbit.core.RepositoryImpl)1 SecurityConfig (org.apache.jackrabbit.core.config.SecurityConfig)1 WorkspaceSecurityConfig (org.apache.jackrabbit.core.config.WorkspaceSecurityConfig)1 JackrabbitSecurityManager (org.apache.jackrabbit.core.security.JackrabbitSecurityManager)1 AccessControlProviderFactoryImpl (org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl)1 AbstractPrincipalProvider (org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider)1 DefaultPrincipalProvider (org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider)1 SimpleSecurityManager (org.apache.jackrabbit.core.security.simple.SimpleSecurityManager)1