/**
  * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getPolicies(Principal)
  */
 @Override
 public JackrabbitAccessControlPolicy[] getPolicies(Principal principal)
     throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException,
         RepositoryException {
   checkInitialized();
   if (editor == null) {
     throw new UnsupportedRepositoryOperationException(
         "Editing of access control policies is not supported.");
   }
   return editor.getPolicies(principal);
 }
Exemple #2
0
  /**
   * Set-up minimal permissions for the workspace:
   *
   * <ul>
   *   <li>'adminstrators' principal -> all privileges
   *   <li>'everyone' -> read privilege
   * </ul>
   *
   * @param session to the workspace to set-up initial ACL to
   * @param editor for the specified session.
   * @throws RepositoryException If an error occurs.
   */
  private static void initRootACL(SessionImpl session, AccessControlEditor editor)
      throws RepositoryException {
    try {
      log.debug("Install initial ACL:...");
      String rootPath = session.getRootNode().getPath();
      AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath);
      if (acls.length > 0) {
        ACLTemplate acl = (ACLTemplate) acls[0];

        PrincipalManager pMgr = session.getPrincipalManager();
        AccessControlManager acMgr = session.getAccessControlManager();

        String pName = SecurityConstants.ADMINISTRATORS_NAME;
        if (pMgr.hasPrincipal(pName)) {
          Principal administrators = pMgr.getPrincipal(pName);
          log.debug("... Privilege.ALL for administrators.");
          Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
          acl.addAccessControlEntry(administrators, privs);
        } else {
          log.info(
              "Administrators principal group is missing -> omitting initialization of default permissions.");
        }

        Principal everyone = pMgr.getEveryone();
        log.debug("... Privilege.READ for everyone.");
        Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)};
        acl.addAccessControlEntry(everyone, privs);

        editor.setPolicy(rootPath, acl);
        session.save();
      } else {
        log.info(
            "No applicable ACL available for the root node -> skip initialization of the root node's ACL.");
      }
    } catch (RepositoryException e) {
      log.error(
          "Failed to set-up minimal access control for root node of workspace "
              + session.getWorkspace().getName());
      session.getRootNode().refresh(false);
    }
  }
 /** @see javax.jcr.security.AccessControlManager#removePolicy(String, AccessControlPolicy) */
 @Override
 public void removePolicy(String absPath, AccessControlPolicy policy)
     throws PathNotFoundException, AccessControlException, AccessDeniedException,
         RepositoryException {
   checkInitialized();
   checkPermission(absPath, Permission.MODIFY_AC);
   if (editor == null) {
     throw new UnsupportedRepositoryOperationException(
         "Removal of AccessControlPolicies is not supported.");
   }
   editor.removePolicy(absPath, policy);
 }
  /** @see javax.jcr.security.AccessControlManager#getPolicies(String) */
  @Override
  public AccessControlPolicy[] getPolicies(String absPath)
      throws PathNotFoundException, AccessDeniedException, RepositoryException {
    checkInitialized();
    checkPermission(absPath, Permission.READ_AC);

    AccessControlPolicy[] policies;
    if (editor != null) {
      policies = editor.getPolicies(absPath);
    } else {
      policies = new AccessControlPolicy[0];
    }
    return policies;
  }
  /** @see javax.jcr.security.AccessControlManager#getApplicablePolicies(String) */
  @Override
  public AccessControlPolicyIterator getApplicablePolicies(String absPath)
      throws PathNotFoundException, AccessDeniedException, RepositoryException {
    checkInitialized();
    checkPermission(absPath, Permission.READ_AC);

    if (editor != null) {
      try {
        AccessControlPolicy[] applicable = editor.editAccessControlPolicies(absPath);
        return new AccessControlPolicyIteratorAdapter(Arrays.asList(applicable));
      } catch (AccessControlException e) {
        log.debug("No applicable policy at " + absPath);
      }
    }
    // no applicable policies -> return empty iterator.
    return AccessControlPolicyIteratorAdapter.EMPTY;
  }