Java AccessControlUtil.getAccessControlManager Beispiele

Beispiel #1

Datei: ACLUtils.java Projekt: jmarca/open-experiments

  /**
   * Add an ACL entry at a path for the authorizable.
   *
   * @param path
   * @param authorizable
   * @param session
   * @param writePrivilageGranted
   * @throws RepositoryException
   */
  public static void addEntry(
      String path, Authorizable authorizable, Session session, String... privilegeSpec)
      throws RepositoryException {

    String principalName = authorizable.getPrincipal().getName();

    List<String> grantedPrivilegeNames = new ArrayList<String>();
    List<String> deniedPrivilegeNames = new ArrayList<String>();
    for (String spec : privilegeSpec) {
      if (spec.startsWith(GRANTED)) {
        grantedPrivilegeNames.add(spec.substring(GRANTED.length()));
      } else if (spec.startsWith(DENIED)) {
        deniedPrivilegeNames.add(spec.substring(DENIED.length()));
      }
    }

    AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
    AccessControlList updatedAcl = null;
    AccessControlPolicyIterator applicablePolicies =
        accessControlManager.getApplicablePolicies(path);
    while (applicablePolicies.hasNext()) {
      AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
      if (policy instanceof AccessControlList) {
        updatedAcl = (AccessControlList) policy;
        break;
      }
    }
    if (updatedAcl == null) {
      throw new RepositoryException("Unable to find an access conrol policy to update.");
    }

    StringBuilder oldPrivileges = null;
    StringBuilder newPrivileges = null;
    if (LOGGER.isInfoEnabled()) {
      oldPrivileges = new StringBuilder();
      newPrivileges = new StringBuilder();
    }

    // keep track of the existing Aces for the target principal
    AccessControlEntry[] accessControlEntries = updatedAcl.getAccessControlEntries();
    List<AccessControlEntry> oldAces = new ArrayList<AccessControlEntry>();
    for (AccessControlEntry ace : accessControlEntries) {
      if (principalName.equals(ace.getPrincipal().getName())) {
        if (LOGGER.isInfoEnabled()) {
          LOGGER.info(
              "Found Existing ACE for principal {} on resource: ",
              new Object[] {principalName, path});
        }
        oldAces.add(ace);

        if (LOGGER.isInfoEnabled()) {
          // collect the information for debug logging
          boolean isAllow = AccessControlUtil.isAllow(ace);
          Privilege[] privileges = ace.getPrivileges();
          for (Privilege privilege : privileges) {
            if (oldPrivileges.length() > 0) {
              oldPrivileges.append(", "); // separate entries by commas
            }
            if (isAllow) {
              oldPrivileges.append("granted=");
            } else {
              oldPrivileges.append("denied=");
            }
            oldPrivileges.append(privilege.getName());
          }
        }
      }
    }

    // remove the old aces
    if (!oldAces.isEmpty()) {
      for (AccessControlEntry ace : oldAces) {
        updatedAcl.removeAccessControlEntry(ace);
      }
    }

    // add a fresh ACE with the granted privileges
    List<Privilege> grantedPrivilegeList = new ArrayList<Privilege>();
    for (String name : grantedPrivilegeNames) {
      if (name.length() == 0) {
        continue; // empty, skip it.
      }
      Privilege privilege = accessControlManager.privilegeFromName(name);
      grantedPrivilegeList.add(privilege);

      if (LOGGER.isInfoEnabled()) {
        if (newPrivileges.length() > 0) {
          newPrivileges.append(", "); // separate entries by commas
        }
        newPrivileges.append("granted=");
        newPrivileges.append(privilege.getName());
      }
    }
    if (grantedPrivilegeList.size() > 0) {
      Principal principal = authorizable.getPrincipal();
      updatedAcl.addAccessControlEntry(
          principal, grantedPrivilegeList.toArray(new Privilege[grantedPrivilegeList.size()]));
    }

    // add a fresh ACE with the denied privileges
    List<Privilege> deniedPrivilegeList = new ArrayList<Privilege>();
    for (String name : deniedPrivilegeNames) {
      if (name.length() == 0) {
        continue; // empty, skip it.
      }
      Privilege privilege = accessControlManager.privilegeFromName(name);
      deniedPrivilegeList.add(privilege);

      if (LOGGER.isInfoEnabled()) {
        if (newPrivileges.length() > 0) {
          newPrivileges.append(", "); // separate entries by commas
        }
        newPrivileges.append("denied=");
        newPrivileges.append(privilege.getName());
      }
    }
    if (deniedPrivilegeList.size() > 0) {
      Principal principal = authorizable.getPrincipal();
      AccessControlUtil.addEntry(
          updatedAcl,
          principal,
          deniedPrivilegeList.toArray(new Privilege[deniedPrivilegeList.size()]),
          false);
    }

    accessControlManager.setPolicy(path, updatedAcl);

    if (LOGGER.isInfoEnabled()) {
      LOGGER.info(
          "Updated ACE for principalId {} for resource {} from {} to {}",
          new Object[] {
            authorizable.getID(), path, oldPrivileges.toString(), newPrivileges.toString()
          });
    }
  }

Beispiel #2

Datei: BasicLTIServletUtils.java Projekt: shojikajita/open-experiments

 /**
  * Checks to see if the current user is a member of the administrators group.
  *
  * @param session
  * @return
  * @throws UnsupportedRepositoryOperationException
  * @throws RepositoryException
  */
 protected static boolean isAdminUser(final Session session)
     throws UnsupportedRepositoryOperationException, RepositoryException {
   final AccessControlManager acm = AccessControlUtil.getAccessControlManager(session);
   final Privilege[] privJcrAll = {acm.privilegeFromName(Privilege.JCR_ALL)};
   return acm.hasPrivileges("/", privJcrAll);
 }