Example 1 with UnknownPrincipal
use of org.apache.jackrabbit.core.security.principal.UnknownPrincipal in project jackrabbit by apache.
the class AccessControlAction method setAC.
// ------------------------------------------------------------< private >---
private void setAC(Authorizable authorizable, Session session) throws RepositoryException {
Node aNode;
String path = authorizable.getPath();
JackrabbitAccessControlList acl = null;
AccessControlManager acMgr = session.getAccessControlManager();
for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it.hasNext(); ) {
AccessControlPolicy plc = it.nextAccessControlPolicy();
if (plc instanceof JackrabbitAccessControlList) {
acl = (JackrabbitAccessControlList) plc;
break;
}
}
if (acl == null) {
log.warn("Cannot process AccessControlAction: no applicable ACL at " + path);
} else {
// setup acl according to configuration.
Principal principal = new UnknownPrincipal(authorizable.getPrincipal().getName());
boolean modified = false;
if (authorizable.isGroup()) {
// new authorizable is a Group
if (groupPrivilegeNames.length > 0) {
modified = acl.addAccessControlEntry(principal, getPrivileges(groupPrivilegeNames, acMgr));
}
} else {
// new authorizable is a User
if (userPrivilegeNames.length > 0) {
modified = acl.addAccessControlEntry(principal, getPrivileges(userPrivilegeNames, acMgr));
}
}
if (modified) {
acMgr.setPolicy(path, acl);
}
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Node(javax.jcr.Node)
AccessControlPolicyIterator(javax.jcr.security.AccessControlPolicyIterator)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
UnknownPrincipal(org.apache.jackrabbit.core.security.principal.UnknownPrincipal)
Principal(java.security.Principal)
UnknownPrincipal(org.apache.jackrabbit.core.security.principal.UnknownPrincipal)
Example 2 with UnknownPrincipal
use of org.apache.jackrabbit.core.security.principal.UnknownPrincipal in project jackrabbit by apache.
the class AccessControlImporter method addACE.
private void addACE(NodeInfo childInfo, List<PropInfo> propInfos) throws RepositoryException, UnsupportedRepositoryOperationException {
// node type may only be rep:GrantACE or rep:DenyACE
Name ntName = childInfo.getNodeTypeName();
if (!ACE_NODETYPES.contains(ntName)) {
throw new ConstraintViolationException("Cannot handle childInfo " + childInfo + "; expected a valid, applicable rep:ACE node definition.");
}
checkIdMixins(childInfo);
boolean isAllow = AccessControlConstants.NT_REP_GRANT_ACE.equals(ntName);
Principal principal = null;
Privilege[] privileges = null;
Map<String, TextValue> restrictions = new HashMap<String, TextValue>();
for (PropInfo pInfo : propInfos) {
Name name = pInfo.getName();
if (AccessControlConstants.P_PRINCIPAL_NAME.equals(name)) {
Value[] values = pInfo.getValues(PropertyType.STRING, resolver);
if (values == null || values.length != 1) {
throw new ConstraintViolationException("");
}
String pName = values[0].getString();
principal = session.getPrincipalManager().getPrincipal(pName);
if (principal == null) {
if (importBehavior == ImportBehavior.BEST_EFFORT) {
// create "fake" principal that is always accepted in ACLTemplate.checkValidEntry()
principal = new UnknownPrincipal(pName);
} else {
// create "fake" principal. this is checked again in ACLTemplate.checkValidEntry()
principal = new PrincipalImpl(pName);
}
}
} else if (AccessControlConstants.P_PRIVILEGES.equals(name)) {
Value[] values = pInfo.getValues(PropertyType.NAME, resolver);
privileges = new Privilege[values.length];
for (int i = 0; i < values.length; i++) {
privileges[i] = acMgr.privilegeFromName(values[i].getString());
}
} else {
TextValue[] txtVls = pInfo.getTextValues();
for (TextValue txtV : txtVls) {
restrictions.put(resolver.getJCRName(name), txtV);
}
}
}
if (principalbased) {
// try to access policies
List<AccessControlPolicy> policies = new ArrayList<AccessControlPolicy>();
if (acMgr instanceof JackrabbitAccessControlManager) {
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
policies.addAll(Arrays.asList(jacMgr.getPolicies(principal)));
policies.addAll(Arrays.asList(jacMgr.getApplicablePolicies(principal)));
}
for (AccessControlPolicy policy : policies) {
if (policy instanceof JackrabbitAccessControlList) {
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) policy;
Map<String, Value> restr = new HashMap<String, Value>();
for (String restName : acl.getRestrictionNames()) {
TextValue txtVal = restrictions.remove(restName);
if (txtVal != null) {
restr.put(restName, txtVal.getValue(acl.getRestrictionType(restName), resolver));
}
}
if (!restrictions.isEmpty()) {
throw new ConstraintViolationException("ACE childInfo contained restrictions that could not be applied.");
}
acl.addEntry(principal, privileges, isAllow, restr);
acMgr.setPolicy(acl.getPath(), acl);
return;
}
}
} else {
Map<String, Value> restr = new HashMap<String, Value>();
for (String restName : acl.getRestrictionNames()) {
TextValue txtVal = restrictions.remove(restName);
if (txtVal != null) {
restr.put(restName, txtVal.getValue(acl.getRestrictionType(restName), resolver));
}
}
if (!restrictions.isEmpty()) {
throw new ConstraintViolationException("ACE childInfo contained restrictions that could not be applied.");
}
acl.addEntry(principal, privileges, isAllow, restr);
return;
}
// could not apply the ACE. No suitable ACL found.
throw new ConstraintViolationException("Cannot handle childInfo " + childInfo + "; No policy found to apply the ACE.");
}
Also used :
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Name(org.apache.jackrabbit.spi.Name)
UnknownPrincipal(org.apache.jackrabbit.core.security.principal.UnknownPrincipal)
Value(javax.jcr.Value)
ConstraintViolationException(javax.jcr.nodetype.ConstraintViolationException)
Privilege(javax.jcr.security.Privilege)
UnknownPrincipal(org.apache.jackrabbit.core.security.principal.UnknownPrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Aggregations
Principal (java.security.Principal)2
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)2
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)2
UnknownPrincipal (org.apache.jackrabbit.core.security.principal.UnknownPrincipal)2
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
Node (javax.jcr.Node)1
Value (javax.jcr.Value)1
ConstraintViolationException (javax.jcr.nodetype.ConstraintViolationException)1
AccessControlManager (javax.jcr.security.AccessControlManager)1
AccessControlPolicyIterator (javax.jcr.security.AccessControlPolicyIterator)1
Privilege (javax.jcr.security.Privilege)1
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)1
PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)1
Name (org.apache.jackrabbit.spi.Name)1
