/** * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getPolicies(Principal) */ @Override public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException { checkInitialized(); if (editor == null) { throw new UnsupportedRepositoryOperationException( "Editing of access control policies is not supported."); } return editor.getPolicies(principal); }
/** * Set-up minimal permissions for the workspace: * * <ul> * <li>'adminstrators' principal -> all privileges * <li>'everyone' -> read privilege * </ul> * * @param session to the workspace to set-up initial ACL to * @param editor for the specified session. * @throws RepositoryException If an error occurs. */ private static void initRootACL(SessionImpl session, AccessControlEditor editor) throws RepositoryException { try { log.debug("Install initial ACL:..."); String rootPath = session.getRootNode().getPath(); AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath); if (acls.length > 0) { ACLTemplate acl = (ACLTemplate) acls[0]; PrincipalManager pMgr = session.getPrincipalManager(); AccessControlManager acMgr = session.getAccessControlManager(); String pName = SecurityConstants.ADMINISTRATORS_NAME; if (pMgr.hasPrincipal(pName)) { Principal administrators = pMgr.getPrincipal(pName); log.debug("... Privilege.ALL for administrators."); Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)}; acl.addAccessControlEntry(administrators, privs); } else { log.info( "Administrators principal group is missing -> omitting initialization of default permissions."); } Principal everyone = pMgr.getEveryone(); log.debug("... Privilege.READ for everyone."); Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)}; acl.addAccessControlEntry(everyone, privs); editor.setPolicy(rootPath, acl); session.save(); } else { log.info( "No applicable ACL available for the root node -> skip initialization of the root node's ACL."); } } catch (RepositoryException e) { log.error( "Failed to set-up minimal access control for root node of workspace " + session.getWorkspace().getName()); session.getRootNode().refresh(false); } }
/** @see javax.jcr.security.AccessControlManager#removePolicy(String, AccessControlPolicy) */ @Override public void removePolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException { checkInitialized(); checkPermission(absPath, Permission.MODIFY_AC); if (editor == null) { throw new UnsupportedRepositoryOperationException( "Removal of AccessControlPolicies is not supported."); } editor.removePolicy(absPath, policy); }
/** @see javax.jcr.security.AccessControlManager#getPolicies(String) */ @Override public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException { checkInitialized(); checkPermission(absPath, Permission.READ_AC); AccessControlPolicy[] policies; if (editor != null) { policies = editor.getPolicies(absPath); } else { policies = new AccessControlPolicy[0]; } return policies; }
/** @see javax.jcr.security.AccessControlManager#getApplicablePolicies(String) */ @Override public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException { checkInitialized(); checkPermission(absPath, Permission.READ_AC); if (editor != null) { try { AccessControlPolicy[] applicable = editor.editAccessControlPolicies(absPath); return new AccessControlPolicyIteratorAdapter(Arrays.asList(applicable)); } catch (AccessControlException e) { log.debug("No applicable policy at " + absPath); } } // no applicable policies -> return empty iterator. return AccessControlPolicyIteratorAdapter.EMPTY; }