/** * @see * org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getApplicablePolicies(Principal) */ @Override public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException { checkInitialized(); if (editor == null) { throw new UnsupportedRepositoryOperationException( "Editing of access control policies is not supported."); } return editor.editAccessControlPolicies(principal); }
/** @see javax.jcr.security.AccessControlManager#getApplicablePolicies(String) */ @Override public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException { checkInitialized(); checkPermission(absPath, Permission.READ_AC); if (editor != null) { try { AccessControlPolicy[] applicable = editor.editAccessControlPolicies(absPath); return new AccessControlPolicyIteratorAdapter(Arrays.asList(applicable)); } catch (AccessControlException e) { log.debug("No applicable policy at " + absPath); } } // no applicable policies -> return empty iterator. return AccessControlPolicyIteratorAdapter.EMPTY; }
/** * Set-up minimal permissions for the workspace: * * <ul> * <li>'adminstrators' principal -> all privileges * <li>'everyone' -> read privilege * </ul> * * @param session to the workspace to set-up initial ACL to * @param editor for the specified session. * @throws RepositoryException If an error occurs. */ private static void initRootACL(SessionImpl session, AccessControlEditor editor) throws RepositoryException { try { log.debug("Install initial ACL:..."); String rootPath = session.getRootNode().getPath(); AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath); if (acls.length > 0) { ACLTemplate acl = (ACLTemplate) acls[0]; PrincipalManager pMgr = session.getPrincipalManager(); AccessControlManager acMgr = session.getAccessControlManager(); String pName = SecurityConstants.ADMINISTRATORS_NAME; if (pMgr.hasPrincipal(pName)) { Principal administrators = pMgr.getPrincipal(pName); log.debug("... Privilege.ALL for administrators."); Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)}; acl.addAccessControlEntry(administrators, privs); } else { log.info( "Administrators principal group is missing -> omitting initialization of default permissions."); } Principal everyone = pMgr.getEveryone(); log.debug("... Privilege.READ for everyone."); Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)}; acl.addAccessControlEntry(everyone, privs); editor.setPolicy(rootPath, acl); session.save(); } else { log.info( "No applicable ACL available for the root node -> skip initialization of the root node's ACL."); } } catch (RepositoryException e) { log.error( "Failed to set-up minimal access control for root node of workspace " + session.getWorkspace().getName()); session.getRootNode().refresh(false); } }