コード例 #1
0
  public void process(Authorizable authorizable, Session session, Modification change)
      throws Exception {
    LOGGER.debug("Starting MessageAuthorizablePostProcessor process");
    if (authorizable != null && authorizable.getID() != null && !authorizable.isGroup()) {
      PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session);
      String path =
          PersonalUtils.getHomeFolder(authorizable) + "/" + MessageConstants.FOLDER_MESSAGES;
      LOGGER.debug("Getting/creating message store node: {}", path);

      Node messageStore = JcrUtils.deepGetOrCreateNode(session, path);
      messageStore.setProperty(
          JcrResourceConstants.SLING_RESOURCE_TYPE_PROPERTY,
          MessageConstants.SAKAI_MESSAGESTORE_RT);
      // ACL's are managed by the Personal User Post processor.
      Principal anon =
          new Principal() {

            public String getName() {
              return UserConstants.ANON_USERID;
            }
          };
      Principal everyone = principalManager.getEveryone();

      // The user can do everything on this node.
      replaceAccessControlEntry(
          session, path, authorizable.getPrincipal(), new String[] {JCR_ALL}, null, null, null);

      // explicitly deny anon and everyone, this is private space.
      String[] deniedPrivs = new String[] {JCR_READ, JCR_WRITE};
      replaceAccessControlEntry(session, path, anon, null, deniedPrivs, null, null);
      replaceAccessControlEntry(session, path, everyone, null, deniedPrivs, null, null);
    }
  }
コード例 #2
0
 /**
  * Adds ACE so that everyone can read access control. This allows Jackrabbit's default collectAcls
  * to work without change. Otherwise, you have to be an admin to call acMgr.getEffectivePolicies.
  */
 protected void updateRootAcl(SessionImpl systemSession, ACLEditor editor)
     throws RepositoryException {
   String rootPath = session.getRootNode().getPath();
   AccessControlPolicy[] acls = editor.getPolicies(rootPath);
   if (acls.length > 0) {
     PrincipalManager pMgr = systemSession.getPrincipalManager();
     AccessControlManager acMgr = session.getAccessControlManager();
     Principal everyone = pMgr.getEveryone();
     Privilege[] privs =
         new Privilege[] {
           acMgr.privilegeFromName(Privilege.JCR_READ),
           acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL)
         };
     AccessControlList acList = (AccessControlList) acls[0];
     AccessControlEntry[] acEntries = acList.getAccessControlEntries();
     for (AccessControlEntry acEntry : acEntries) {
       if (acEntry.getPrincipal().equals(everyone)) {
         acList.removeAccessControlEntry(acEntry);
       }
     }
     acList.addAccessControlEntry(everyone, privs);
     editor.setPolicy(rootPath, acList);
     session.save();
   }
 }
コード例 #3
0
ファイル: ACLProvider.java プロジェクト: nabils/jackrabbit
  /**
   * Set-up minimal permissions for the workspace:
   *
   * <ul>
   *   <li>'adminstrators' principal -> all privileges
   *   <li>'everyone' -> read privilege
   * </ul>
   *
   * @param session to the workspace to set-up initial ACL to
   * @param editor for the specified session.
   * @throws RepositoryException If an error occurs.
   */
  private static void initRootACL(SessionImpl session, AccessControlEditor editor)
      throws RepositoryException {
    try {
      log.debug("Install initial ACL:...");
      String rootPath = session.getRootNode().getPath();
      AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath);
      if (acls.length > 0) {
        ACLTemplate acl = (ACLTemplate) acls[0];

        PrincipalManager pMgr = session.getPrincipalManager();
        AccessControlManager acMgr = session.getAccessControlManager();

        String pName = SecurityConstants.ADMINISTRATORS_NAME;
        if (pMgr.hasPrincipal(pName)) {
          Principal administrators = pMgr.getPrincipal(pName);
          log.debug("... Privilege.ALL for administrators.");
          Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
          acl.addAccessControlEntry(administrators, privs);
        } else {
          log.info(
              "Administrators principal group is missing -> omitting initialization of default permissions.");
        }

        Principal everyone = pMgr.getEveryone();
        log.debug("... Privilege.READ for everyone.");
        Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)};
        acl.addAccessControlEntry(everyone, privs);

        editor.setPolicy(rootPath, acl);
        session.save();
      } else {
        log.info(
            "No applicable ACL available for the root node -> skip initialization of the root node's ACL.");
      }
    } catch (RepositoryException e) {
      log.error(
          "Failed to set-up minimal access control for root node of workspace "
              + session.getWorkspace().getName());
      session.getRootNode().refresh(false);
    }
  }