Examples with WorkspaceAccessManager org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager used on opensource projects

Search in sources :

Example 1 with WorkspaceAccessManager

use of org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager in project jackrabbit by apache.

the class SimpleSecurityManager method init.

//------------------------------------------< JackrabbitSecurityManager >---
/**
     * @see JackrabbitSecurityManager#init(Repository, Session)
     */
public void init(Repository repository, Session systemSession) throws RepositoryException {
    if (initialized) {
        throw new IllegalStateException("already initialized");
    }
    if (!(repository instanceof RepositoryImpl)) {
        throw new RepositoryException("RepositoryImpl expected");
    }
    this.systemSession = systemSession;
    config = ((RepositoryImpl) repository).getConfig().getSecurityConfig();
    // read the LoginModule configuration
    LoginModuleConfig loginModConf = config.getLoginModuleConfig();
    authCtxProvider = new AuthContextProvider(config.getAppName(), loginModConf);
    if (authCtxProvider.isLocal()) {
        log.info("init: using Repository LoginModule configuration for " + config.getAppName());
    } else if (authCtxProvider.isJAAS()) {
        log.info("init: using JAAS LoginModule configuration for " + config.getAppName());
    } else {
        String msg = "No valid LoginModule configuriation for " + config.getAppName();
        log.error(msg);
        throw new RepositoryException(msg);
    }
    Properties[] moduleConfig = authCtxProvider.getModuleConfig();
    // retrieve default-ids (admin and anonymous) from login-module-configuration.
    for (Properties aModuleConfig1 : moduleConfig) {
        if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
            adminID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
        }
        if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
            anonymID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
        }
    }
    // fallback:
    if (adminID == null) {
        log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
        adminID = SecurityConstants.ADMIN_ID;
    }
    if (anonymID == null) {
        log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
        anonymID = SecurityConstants.ANONYMOUS_ID;
    }
    // most simple principal provider registry, that does not read anything
    // from configuration
    PrincipalProvider principalProvider = new SimplePrincipalProvider();
    // skip init of provider (nop)
    principalProviderRegistry = new ProviderRegistryImpl(principalProvider);
    // register all configured principal providers.
    for (Properties aModuleConfig : moduleConfig) {
        principalProviderRegistry.registerProvider(aModuleConfig);
    }
    SecurityManagerConfig smc = config.getSecurityManagerConfig();
    if (smc != null && smc.getWorkspaceAccessConfig() != null) {
        workspaceAccessManager = smc.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
    } else {
        // fallback -> the default simple implementation
        log.debug("No WorkspaceAccessManager configured; using default.");
        workspaceAccessManager = new SimpleWorkspaceAccessManager();
    }
    workspaceAccessManager.init(systemSession);
    initialized = true;
}
Also used : PrincipalProvider(org.apache.jackrabbit.core.security.principal.PrincipalProvider) RepositoryException(javax.jcr.RepositoryException) Properties(java.util.Properties) AuthContextProvider(org.apache.jackrabbit.core.security.authentication.AuthContextProvider) LoginModuleConfig(org.apache.jackrabbit.core.config.LoginModuleConfig) RepositoryImpl(org.apache.jackrabbit.core.RepositoryImpl) SecurityManagerConfig(org.apache.jackrabbit.core.config.SecurityManagerConfig) WorkspaceAccessManager(org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager) ProviderRegistryImpl(org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)

Example 2 with WorkspaceAccessManager

use of org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager in project jackrabbit by apache.

the class RepositoryConfigTest method assertRepositoryConfiguration.

private void assertRepositoryConfiguration(RepositoryConfig config) throws ConfigurationException {
    assertEquals(DIR.getPath(), config.getHomeDir());
    assertEquals("default", config.getDefaultWorkspaceName());
    assertEquals(new File(DIR, "workspaces").getPath(), new File(config.getWorkspacesConfigRootDir()).getPath());
    assertEquals("Jackrabbit", config.getSecurityConfig().getAppName());
    // SecurityManagerConfig
    SecurityManagerConfig smc = config.getSecurityConfig().getSecurityManagerConfig();
    assertEquals("org.apache.jackrabbit.core.DefaultSecurityManager", smc.getClassName());
    assertTrue(smc.getParameters().isEmpty());
    assertNotNull(smc.getWorkspaceName());
    BeanConfig bc = smc.getWorkspaceAccessConfig();
    if (bc != null) {
        WorkspaceAccessManager wac = smc.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
        assertEquals("org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager", wac.getClass().getName());
    }
    // AccessManagerConfig
    AccessManagerConfig amc = config.getSecurityConfig().getAccessManagerConfig();
    assertEquals("org.apache.jackrabbit.core.security.DefaultAccessManager", amc.getClassName());
    assertTrue(amc.getParameters().isEmpty());
    VersioningConfig vc = config.getVersioningConfig();
    assertEquals(new File(DIR, "version"), vc.getHomeDir());
    assertEquals("org.apache.jackrabbit.core.persistence.pool.DerbyPersistenceManager", vc.getPersistenceManagerConfig().getClassName());
}
Also used : WorkspaceAccessManager(org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager) File(java.io.File)

Example 3 with WorkspaceAccessManager

use of org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager in project jackrabbit by apache.

the class DefaultSecurityManager method getAccessManager.

/**
     * @see JackrabbitSecurityManager#getAccessManager(Session,AMContext)
     */
public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException {
    checkInitialized();
    AccessManagerConfig amConfig = repository.getConfig().getSecurityConfig().getAccessManagerConfig();
    try {
        String wspName = session.getWorkspace().getName();
        AccessControlProvider pp = getAccessControlProvider(wspName);
        AccessManager accessMgr;
        if (amConfig == null) {
            log.debug("No configuration entry for AccessManager. Using org.apache.jackrabbit.core.security.DefaultAccessManager");
            accessMgr = new DefaultAccessManager();
        } else {
            accessMgr = amConfig.newInstance(AccessManager.class);
        }
        accessMgr.init(amContext, pp, workspaceAccessManager);
        return accessMgr;
    } catch (AccessDeniedException e) {
        // re-throw
        throw e;
    } catch (Exception e) {
        // wrap in RepositoryException
        String clsName = (amConfig == null) ? "-- missing access manager configuration --" : amConfig.getClassName();
        String msg = "Failed to instantiate AccessManager (" + clsName + ")";
        log.error(msg, e);
        throw new RepositoryException(msg, e);
    }
}
Also used : AccessManager(org.apache.jackrabbit.core.security.AccessManager) WorkspaceAccessManager(org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager) DefaultAccessManager(org.apache.jackrabbit.core.security.DefaultAccessManager) AccessDeniedException(javax.jcr.AccessDeniedException) AccessManagerConfig(org.apache.jackrabbit.core.config.AccessManagerConfig) AccessControlProvider(org.apache.jackrabbit.core.security.authorization.AccessControlProvider) RepositoryException(javax.jcr.RepositoryException) DefaultAccessManager(org.apache.jackrabbit.core.security.DefaultAccessManager) NoSuchWorkspaceException(javax.jcr.NoSuchWorkspaceException) AccessDeniedException(javax.jcr.AccessDeniedException) AccessControlException(javax.jcr.security.AccessControlException) RepositoryException(javax.jcr.RepositoryException)

Example 4 with WorkspaceAccessManager

use of org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager in project jackrabbit by apache.

the class DefaultSecurityManager method init.

//------------------------------------------< JackrabbitSecurityManager >---
/**
     * @see JackrabbitSecurityManager#init(Repository, Session)
     */
public synchronized void init(Repository repository, Session systemSession) throws RepositoryException {
    if (initialized) {
        throw new IllegalStateException("already initialized");
    }
    if (!(repository instanceof RepositoryImpl)) {
        throw new RepositoryException("RepositoryImpl expected");
    }
    if (!(systemSession instanceof SystemSession)) {
        throw new RepositoryException("SystemSession expected");
    }
    this.systemSession = (SystemSession) systemSession;
    this.repository = (RepositoryImpl) repository;
    SecurityConfig config = this.repository.getConfig().getSecurityConfig();
    LoginModuleConfig loginModConf = config.getLoginModuleConfig();
    // build AuthContextProvider based on appName + optional LoginModuleConfig
    authContextProvider = new AuthContextProvider(config.getAppName(), loginModConf);
    if (authContextProvider.isLocal()) {
        log.info("init: use Repository Login-Configuration for " + config.getAppName());
    } else if (authContextProvider.isJAAS()) {
        log.info("init: use JAAS login-configuration for " + config.getAppName());
    } else {
        String msg = "Neither JAAS nor RepositoryConfig contained a valid configuration for " + config.getAppName();
        log.error(msg);
        throw new RepositoryException(msg);
    }
    Properties[] moduleConfig = authContextProvider.getModuleConfig();
    // retrieve default-ids (admin and anonymous) from login-module-configuration.
    for (Properties props : moduleConfig) {
        if (props.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
            adminId = props.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
        }
        if (props.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
            anonymousId = props.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
        }
    }
    // fallback:
    if (adminId == null) {
        log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
        adminId = SecurityConstants.ADMIN_ID;
    }
    if (anonymousId == null) {
        log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
        anonymousId = SecurityConstants.ANONYMOUS_ID;
    }
    // create the system userManager and make sure the system-users exist.
    systemUserManager = createUserManager(this.systemSession);
    createSystemUsers(systemUserManager, this.systemSession, adminId, anonymousId);
    // init default ac-provider-factory
    acProviderFactory = new AccessControlProviderFactoryImpl();
    acProviderFactory.init(this.systemSession);
    // create the workspace access manager
    SecurityManagerConfig smc = config.getSecurityManagerConfig();
    if (smc != null && smc.getWorkspaceAccessConfig() != null) {
        workspaceAccessManager = smc.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
    } else {
        // fallback -> the default implementation
        log.debug("No WorkspaceAccessManager configured; using default.");
        workspaceAccessManager = createDefaultWorkspaceAccessManager();
    }
    workspaceAccessManager.init(this.systemSession);
    // initialize principal-provider registry
    // 1) create default
    PrincipalProvider defaultPP = createDefaultPrincipalProvider(moduleConfig);
    // 2) create registry instance
    principalProviderRegistry = new ProviderRegistryImpl(defaultPP);
    // 3) register all configured principal providers.
    for (Properties props : moduleConfig) {
        principalProviderRegistry.registerProvider(props);
    }
    initialized = true;
}
Also used : AbstractPrincipalProvider(org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider) DefaultPrincipalProvider(org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider) PrincipalProvider(org.apache.jackrabbit.core.security.principal.PrincipalProvider) RepositoryException(javax.jcr.RepositoryException) AccessControlProviderFactoryImpl(org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl) Properties(java.util.Properties) AuthContextProvider(org.apache.jackrabbit.core.security.authentication.AuthContextProvider) SecurityConfig(org.apache.jackrabbit.core.config.SecurityConfig) WorkspaceSecurityConfig(org.apache.jackrabbit.core.config.WorkspaceSecurityConfig) LoginModuleConfig(org.apache.jackrabbit.core.config.LoginModuleConfig) SecurityManagerConfig(org.apache.jackrabbit.core.config.SecurityManagerConfig) WorkspaceAccessManager(org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager) ProviderRegistryImpl(org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)

Example 5 with WorkspaceAccessManager

use of org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager in project jackrabbit by apache.

the class SimpleSecurityManager method getAccessManager.

/**
     * @see JackrabbitSecurityManager#getAccessManager(Session,AMContext)
     */
public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException {
    checkInitialized();
    try {
        String wspName = session.getWorkspace().getName();
        AccessControlProvider acP = getAccessControlProvider(systemSession, wspName);
        AccessManagerConfig amc = config.getAccessManagerConfig();
        AccessManager accessMgr;
        if (amc == null) {
            accessMgr = new SimpleAccessManager();
        } else {
            accessMgr = amc.newInstance(AccessManager.class);
        }
        accessMgr.init(amContext, acP, workspaceAccessManager);
        return accessMgr;
    } catch (AccessDeniedException ade) {
        // re-throw
        throw ade;
    } catch (Exception e) {
        // wrap in RepositoryException
        String msg = "failed to instantiate AccessManager implementation: " + SimpleAccessManager.class.getName();
        log.error(msg, e);
        throw new RepositoryException(msg, e);
    }
}
Also used : WorkspaceAccessManager(org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager) AccessManager(org.apache.jackrabbit.core.security.AccessManager) AccessDeniedException(javax.jcr.AccessDeniedException) AccessManagerConfig(org.apache.jackrabbit.core.config.AccessManagerConfig) AccessControlProvider(org.apache.jackrabbit.core.security.authorization.AccessControlProvider) RepositoryException(javax.jcr.RepositoryException) AccessDeniedException(javax.jcr.AccessDeniedException) RepositoryException(javax.jcr.RepositoryException) UnsupportedRepositoryOperationException(javax.jcr.UnsupportedRepositoryOperationException)

Aggregations

WorkspaceAccessManager (org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager)5 RepositoryException (javax.jcr.RepositoryException)4 Properties (java.util.Properties)2 AccessDeniedException (javax.jcr.AccessDeniedException)2 AccessManagerConfig (org.apache.jackrabbit.core.config.AccessManagerConfig)2 LoginModuleConfig (org.apache.jackrabbit.core.config.LoginModuleConfig)2 SecurityManagerConfig (org.apache.jackrabbit.core.config.SecurityManagerConfig)2 AccessManager (org.apache.jackrabbit.core.security.AccessManager)2 AuthContextProvider (org.apache.jackrabbit.core.security.authentication.AuthContextProvider)2 AccessControlProvider (org.apache.jackrabbit.core.security.authorization.AccessControlProvider)2 PrincipalProvider (org.apache.jackrabbit.core.security.principal.PrincipalProvider)2 ProviderRegistryImpl (org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)2 File (java.io.File)1 NoSuchWorkspaceException (javax.jcr.NoSuchWorkspaceException)1 UnsupportedRepositoryOperationException (javax.jcr.UnsupportedRepositoryOperationException)1 AccessControlException (javax.jcr.security.AccessControlException)1 RepositoryImpl (org.apache.jackrabbit.core.RepositoryImpl)1 SecurityConfig (org.apache.jackrabbit.core.config.SecurityConfig)1 WorkspaceSecurityConfig (org.apache.jackrabbit.core.config.WorkspaceSecurityConfig)1 DefaultAccessManager (org.apache.jackrabbit.core.security.DefaultAccessManager)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial