Пример #1
0
 /**
  * @see
  *     org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getApplicablePolicies(Principal)
  */
 @Override
 public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal)
     throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException,
         RepositoryException {
   checkInitialized();
   if (editor == null) {
     throw new UnsupportedRepositoryOperationException(
         "Editing of access control policies is not supported.");
   }
   return editor.editAccessControlPolicies(principal);
 }
Пример #2
0
  /** @see javax.jcr.security.AccessControlManager#getApplicablePolicies(String) */
  @Override
  public AccessControlPolicyIterator getApplicablePolicies(String absPath)
      throws PathNotFoundException, AccessDeniedException, RepositoryException {
    checkInitialized();
    checkPermission(absPath, Permission.READ_AC);

    if (editor != null) {
      try {
        AccessControlPolicy[] applicable = editor.editAccessControlPolicies(absPath);
        return new AccessControlPolicyIteratorAdapter(Arrays.asList(applicable));
      } catch (AccessControlException e) {
        log.debug("No applicable policy at " + absPath);
      }
    }
    // no applicable policies -> return empty iterator.
    return AccessControlPolicyIteratorAdapter.EMPTY;
  }
Пример #3
0
  /**
   * Set-up minimal permissions for the workspace:
   *
   * <ul>
   *   <li>'adminstrators' principal -> all privileges
   *   <li>'everyone' -> read privilege
   * </ul>
   *
   * @param session to the workspace to set-up initial ACL to
   * @param editor for the specified session.
   * @throws RepositoryException If an error occurs.
   */
  private static void initRootACL(SessionImpl session, AccessControlEditor editor)
      throws RepositoryException {
    try {
      log.debug("Install initial ACL:...");
      String rootPath = session.getRootNode().getPath();
      AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath);
      if (acls.length > 0) {
        ACLTemplate acl = (ACLTemplate) acls[0];

        PrincipalManager pMgr = session.getPrincipalManager();
        AccessControlManager acMgr = session.getAccessControlManager();

        String pName = SecurityConstants.ADMINISTRATORS_NAME;
        if (pMgr.hasPrincipal(pName)) {
          Principal administrators = pMgr.getPrincipal(pName);
          log.debug("... Privilege.ALL for administrators.");
          Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
          acl.addAccessControlEntry(administrators, privs);
        } else {
          log.info(
              "Administrators principal group is missing -> omitting initialization of default permissions.");
        }

        Principal everyone = pMgr.getEveryone();
        log.debug("... Privilege.READ for everyone.");
        Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)};
        acl.addAccessControlEntry(everyone, privs);

        editor.setPolicy(rootPath, acl);
        session.save();
      } else {
        log.info(
            "No applicable ACL available for the root node -> skip initialization of the root node's ACL.");
      }
    } catch (RepositoryException e) {
      log.error(
          "Failed to set-up minimal access control for root node of workspace "
              + session.getWorkspace().getName());
      session.getRootNode().refresh(false);
    }
  }