Beispiel #1
0
  /**
   * @see
   *     org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(org.apache.jackrabbit.spi.Path,org.apache.jackrabbit.core.security.authorization.CompiledPermissions)
   */
  public AccessControlPolicy[] getEffectivePolicies(Path absPath, CompiledPermissions permissions)
      throws ItemNotFoundException, RepositoryException {
    checkInitialized();

    NodeImpl targetNode;
    List<AccessControlList> acls = new ArrayList<AccessControlList>();
    if (absPath == null) {
      targetNode = (NodeImpl) session.getRootNode();
      if (isRepoAccessControlled(targetNode)) {
        if (permissions.grants(targetNode.getPrimaryPath(), Permission.READ_AC)) {
          acls.add(getACL(targetNode, N_REPO_POLICY, null));
        } else {
          throw new AccessDeniedException("Access denied at " + targetNode.getPath());
        }
      }
    } else {
      targetNode = (NodeImpl) session.getNode(session.getJCRPath(absPath));
      NodeImpl node = getNode(targetNode, isAcItem(targetNode));

      // collect all ACLs effective at node
      collectAcls(node, permissions, acls);
    }

    // if no effective ACLs are present -> add a default, empty acl.
    if (acls.isEmpty()) {
      // no access control information can be retrieved for the specified
      // node, since neither the node nor any of its parents is access
      // controlled. TODO: there should be a default policy in this case (see JCR-2331)
      log.warn(
          "No access controlled node present in item hierarchy starting from "
              + targetNode.getPath());
    }
    return acls.toArray(new AccessControlList[acls.size()]);
  }
 /** @see AccessManager#isGranted(Path, int) */
 public boolean isGranted(Path absPath, int permissions) throws RepositoryException {
   checkInitialized();
   if (!absPath.isAbsolute()) {
     throw new RepositoryException("Absolute path expected");
   }
   return compiledPermissions.grants(absPath, permissions);
 }
 /** @see AccessManager#checkRepositoryPermission(int) */
 public void checkRepositoryPermission(int permissions)
     throws AccessDeniedException, RepositoryException {
   checkInitialized();
   if (!compiledPermissions.grants(null, permissions)) {
     throw new AccessDeniedException("Access denied.");
   }
 }
 /** @see AbstractAccessControlManager#checkPermission(String,int) */
 @Override
 protected void checkPermission(String absPath, int permission)
     throws AccessDeniedException, RepositoryException {
   checkValidNodePath(absPath);
   Path p = getPath(absPath);
   if (!compiledPermissions.grants(p, permission)) {
     throw new AccessDeniedException("Access denied at " + absPath);
   }
 }
Beispiel #5
0
 /**
  * Recursively collects all ACLs that are effective on the specified node.
  *
  * @param node the Node to collect the ACLs for, which must NOT be part of the structure defined
  *     by mix:AccessControllable.
  * @param permissions
  * @param acls List used to collect the effective acls.
  * @throws RepositoryException if an error occurs
  */
 private void collectAcls(
     NodeImpl node, CompiledPermissions permissions, List<AccessControlList> acls)
     throws RepositoryException {
   // if the given node is access-controlled, construct a new ACL and add
   // it to the list
   if (isAccessControlled(node)) {
     if (permissions.grants(node.getPrimaryPath(), Permission.READ_AC)) {
       acls.add(getACL(node, N_POLICY, node.getPath()));
     } else {
       throw new AccessDeniedException("Access denied at " + node.getPath());
     }
   }
   // then, recursively look for access controlled parents up the hierarchy.
   if (!rootNodeId.equals(node.getId())) {
     NodeImpl parentNode = (NodeImpl) node.getParent();
     collectAcls(parentNode, permissions, acls);
   }
 }