Example 11 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class ImpersonationImpl method getImpersonators.
//------------------------------------------------------< Impersonation >---
/**
* @see Impersonation#getImpersonators()
*/
public PrincipalIterator getImpersonators() throws RepositoryException {
Set<String> impersonators = getImpersonatorNames();
if (impersonators.isEmpty()) {
return PrincipalIteratorAdapter.EMPTY;
} else {
final PrincipalManager pMgr = user.getSession().getPrincipalManager();
Set<Principal> s = new HashSet<Principal>();
for (String pName : impersonators) {
Principal p = pMgr.getPrincipal(pName);
if (p == null) {
log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
p = new PrincipalImpl(pName);
}
s.add(p);
}
return new PrincipalIteratorAdapter(s);
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
PrincipalIteratorAdapter(org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
HashSet(java.util.HashSet)
Example 12 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class UserAccessControlProvider method initGroup.
private static Principal initGroup(UserManager uMgr, String principalName) {
Principal prnc = new PrincipalImpl(principalName);
try {
Authorizable auth = uMgr.getAuthorizable(prnc);
if (auth == null) {
auth = uMgr.createGroup(prnc);
} else {
if (!auth.isGroup()) {
log.warn("Cannot create group '" + principalName + "'; User with that principal already exists.");
auth = null;
}
}
if (auth != null) {
return auth.getPrincipal();
}
} catch (RepositoryException e) {
// should never get here
log.error("Error while initializing user/group administrators: {}", e.getMessage());
}
return null;
}
Also used :
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
RepositoryException(javax.jcr.RepositoryException)
AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Example 13 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class ACLEditor method createTemplate.
/**
*
* @param acNode the acl node
* @return the polict
* @throws RepositoryException if an error occurs
*/
private JackrabbitAccessControlPolicy createTemplate(NodeImpl acNode) throws RepositoryException {
if (!acNode.isNodeType(NT_REP_PRINCIPAL_ACCESS_CONTROL)) {
String msg = "Unable to edit Access Control at " + acNode.getPath() + ". Expected node of type rep:PrinicipalAccessControl, was " + acNode.getPrimaryNodeType().getName();
log.debug(msg);
throw new AccessControlException(msg);
}
Principal principal = getPrincipal(acNode.getPath());
if (principal == null) {
// use fall back in order to be able to get/remove the policy
String principalName = getPathName(acNode.getPath());
log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
principal = new PrincipalImpl(principalName);
}
return new ACLTemplate(principal, acNode);
}
Also used :
AccessControlException(javax.jcr.security.AccessControlException)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Example 14 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class AccessControlImporter method addACE.
private void addACE(NodeInfo childInfo, List<PropInfo> propInfos) throws RepositoryException, UnsupportedRepositoryOperationException {
// node type may only be rep:GrantACE or rep:DenyACE
Name ntName = childInfo.getNodeTypeName();
if (!ACE_NODETYPES.contains(ntName)) {
throw new ConstraintViolationException("Cannot handle childInfo " + childInfo + "; expected a valid, applicable rep:ACE node definition.");
}
checkIdMixins(childInfo);
boolean isAllow = AccessControlConstants.NT_REP_GRANT_ACE.equals(ntName);
Principal principal = null;
Privilege[] privileges = null;
Map<String, TextValue> restrictions = new HashMap<String, TextValue>();
for (PropInfo pInfo : propInfos) {
Name name = pInfo.getName();
if (AccessControlConstants.P_PRINCIPAL_NAME.equals(name)) {
Value[] values = pInfo.getValues(PropertyType.STRING, resolver);
if (values == null || values.length != 1) {
throw new ConstraintViolationException("");
}
String pName = values[0].getString();
principal = session.getPrincipalManager().getPrincipal(pName);
if (principal == null) {
if (importBehavior == ImportBehavior.BEST_EFFORT) {
// create "fake" principal that is always accepted in ACLTemplate.checkValidEntry()
principal = new UnknownPrincipal(pName);
} else {
// create "fake" principal. this is checked again in ACLTemplate.checkValidEntry()
principal = new PrincipalImpl(pName);
}
}
} else if (AccessControlConstants.P_PRIVILEGES.equals(name)) {
Value[] values = pInfo.getValues(PropertyType.NAME, resolver);
privileges = new Privilege[values.length];
for (int i = 0; i < values.length; i++) {
privileges[i] = acMgr.privilegeFromName(values[i].getString());
}
} else {
TextValue[] txtVls = pInfo.getTextValues();
for (TextValue txtV : txtVls) {
restrictions.put(resolver.getJCRName(name), txtV);
}
}
}
if (principalbased) {
// try to access policies
List<AccessControlPolicy> policies = new ArrayList<AccessControlPolicy>();
if (acMgr instanceof JackrabbitAccessControlManager) {
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
policies.addAll(Arrays.asList(jacMgr.getPolicies(principal)));
policies.addAll(Arrays.asList(jacMgr.getApplicablePolicies(principal)));
}
for (AccessControlPolicy policy : policies) {
if (policy instanceof JackrabbitAccessControlList) {
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) policy;
Map<String, Value> restr = new HashMap<String, Value>();
for (String restName : acl.getRestrictionNames()) {
TextValue txtVal = restrictions.remove(restName);
if (txtVal != null) {
restr.put(restName, txtVal.getValue(acl.getRestrictionType(restName), resolver));
}
}
if (!restrictions.isEmpty()) {
throw new ConstraintViolationException("ACE childInfo contained restrictions that could not be applied.");
}
acl.addEntry(principal, privileges, isAllow, restr);
acMgr.setPolicy(acl.getPath(), acl);
return;
}
}
} else {
Map<String, Value> restr = new HashMap<String, Value>();
for (String restName : acl.getRestrictionNames()) {
TextValue txtVal = restrictions.remove(restName);
if (txtVal != null) {
restr.put(restName, txtVal.getValue(acl.getRestrictionType(restName), resolver));
}
}
if (!restrictions.isEmpty()) {
throw new ConstraintViolationException("ACE childInfo contained restrictions that could not be applied.");
}
acl.addEntry(principal, privileges, isAllow, restr);
return;
}
// could not apply the ACE. No suitable ACL found.
throw new ConstraintViolationException("Cannot handle childInfo " + childInfo + "; No policy found to apply the ACE.");
}
Also used :
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Name(org.apache.jackrabbit.spi.Name)
UnknownPrincipal(org.apache.jackrabbit.core.security.principal.UnknownPrincipal)
Value(javax.jcr.Value)
ConstraintViolationException(javax.jcr.nodetype.ConstraintViolationException)
Privilege(javax.jcr.security.Privilege)
UnknownPrincipal(org.apache.jackrabbit.core.security.principal.UnknownPrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Example 15 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class WriteTest method testPrincipalNameDiffersFromID.
/**
* Test for bug JCR-2621
*
* @throws Exception
*/
public void testPrincipalNameDiffersFromID() throws Exception {
UserManager uMgr = getUserManager(superuser);
User u = null;
try {
// create a user with different uid vs principal name
u = uMgr.createUser("t@foo.org", "t", new PrincipalImpl("t"), null);
if (!uMgr.isAutoSave()) {
superuser.save();
}
Principal principal = u.getPrincipal();
JackrabbitAccessControlList acl = getPolicy(acMgr, path, principal);
acl.addEntry(principal, privilegesFromName(Privilege.JCR_READ), true, getRestrictions(superuser, path));
acMgr.setPolicy(acl.getPath(), acl);
AccessControlPolicy[] plcs = acMgr.getPolicies(acl.getPath());
assertEquals(1, plcs.length);
acl = (JackrabbitAccessControlList) plcs[0];
acl.addEntry(principal, privilegesFromName(Privilege.JCR_WRITE), true, getRestrictions(superuser, path));
acMgr.setPolicy(acl.getPath(), acl);
} finally {
if (u != null) {
u.remove();
}
}
}
Also used :
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
User(org.apache.jackrabbit.api.security.user.User)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
Aggregations
PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)22
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)13
User (org.apache.jackrabbit.api.security.user.User)11
Principal (java.security.Principal)8
Node (javax.jcr.Node)8
Test (org.junit.Test)8
ConstraintViolationException (javax.jcr.nodetype.ConstraintViolationException)6
ArrayList (java.util.ArrayList)4
ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)4
NodeImpl (org.apache.jackrabbit.core.NodeImpl)4
RepositoryException (javax.jcr.RepositoryException)3
Value (javax.jcr.Value)3
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)3
Subject (javax.security.auth.Subject)3
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)3
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)3
PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)3
UserManager (org.apache.jackrabbit.api.security.user.UserManager)3
SessionImpl (org.apache.jackrabbit.core.SessionImpl)3
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)3
