/**
* @see
* org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(java.util.Set,
* CompiledPermissions)
*/
public AccessControlPolicy[] getEffectivePolicies(
Set<Principal> principals, CompiledPermissions permissions) throws RepositoryException {
String propName = ISO9075.encode(session.getJCRName(P_PRINCIPAL_NAME));
StringBuilder stmt = new StringBuilder("/jcr:root");
stmt.append("//element(*,");
stmt.append(session.getJCRName(NT_REP_ACE));
stmt.append(")[");
int i = 0;
for (Principal principal : principals) {
if (i > 0) {
stmt.append(" or ");
}
stmt.append("@");
stmt.append(propName);
stmt.append("='");
stmt.append(principal.getName().replaceAll("'", "''"));
stmt.append("'");
i++;
}
stmt.append("]");
QueryResult result;
try {
QueryManager qm = session.getWorkspace().getQueryManager();
Query q = qm.createQuery(stmt.toString(), Query.XPATH);
result = q.execute();
} catch (RepositoryException e) {
log.error("Unexpected error while searching effective policies.", e.getMessage());
throw new UnsupportedOperationException(
"Retrieve effective policies for set of principals not supported.", e);
}
Set<AccessControlPolicy> acls = new LinkedHashSet<AccessControlPolicy>();
for (NodeIterator it = result.getNodes(); it.hasNext(); ) {
NodeImpl aclNode = (NodeImpl) it.nextNode().getParent();
Name aclName = aclNode.getQName();
NodeImpl accessControlledNode = (NodeImpl) aclNode.getParent();
if (N_POLICY.equals(aclName) && isAccessControlled(accessControlledNode)) {
if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
acls.add(getACL(accessControlledNode, N_POLICY, accessControlledNode.getPath()));
} else {
throw new AccessDeniedException(
"Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
}
} else if (N_REPO_POLICY.equals(aclName) && isRepoAccessControlled(accessControlledNode)) {
if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
acls.add(getACL(accessControlledNode, N_REPO_POLICY, null));
} else {
throw new AccessDeniedException(
"Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
}
} // else: not a regular policy node -> ignore.
}
return acls.toArray(new AccessControlPolicy[acls.size()]);
}
public Node getLibraryNode(SlingHttpServletRequest request, HtmlLibrary library) {
Node node = null;
try {
// we want the non-minified version as the root path
String cacheRoot =
Text.getRelativeParent(
(new StringBuilder(CACHE_PATH).append(library.getPath(false))).toString(), 1);
String optPath =
(new StringBuilder(cacheRoot).append("/").append(getLibraryName(library))).toString();
node = JcrUtils.getNodeIfExists(optPath, getAdminSession());
if (null == node) {
// generate empty jcr:data to cache
node = createEmptyCache(library, cacheRoot, getAdminSession());
}
// lib was modified after last cache write
if (!node.hasNode(JcrConstants.JCR_CONTENT)
|| library.getLastModified(false)
> JcrUtils.getLongProperty(
node.getNode(JcrConstants.JCR_CONTENT), JcrConstants.JCR_LASTMODIFIED, 0L)) {
// generate new binary, if possible
node = populateCache(library, node.getPath(), getAdminSession());
}
// reassign with user session
node = request.getResourceResolver().resolve(node.getPath()).adaptTo(Node.class);
} catch (RepositoryException re) {
log.debug(re.getMessage());
} finally {
getResolver().close();
}
return node;
}
@Override
protected void internalRemove(String key) throws MessagingException {
try {
Session session = login();
try {
String name = ISO9075.encode(Text.escapeIllegalJcrChars(key));
QueryManager manager = session.getWorkspace().getQueryManager();
@SuppressWarnings("deprecation")
Query query =
manager.createQuery(
"/jcr:root/" + MAIL_PATH + "//element(" + name + ",james:mail)", Query.XPATH);
NodeIterator nodes = query.execute().getNodes();
if (nodes.hasNext()) {
while (nodes.hasNext()) {
nodes.nextNode().remove();
}
session.save();
logger.info("Mail " + key + " removed from repository");
} else {
logger.warn("Mail " + key + " not found");
}
} finally {
session.logout();
}
} catch (RepositoryException e) {
throw new MessagingException("Unable to remove message: " + key, e);
}
}
@Override
protected void internalStore(Mail mail) throws MessagingException, IOException {
try {
Session session = login();
try {
String name = Text.escapeIllegalJcrChars(mail.getName());
final String xpath = "/jcr:root/" + MAIL_PATH + "//element(" + name + ",james:mail)";
QueryManager manager = session.getWorkspace().getQueryManager();
@SuppressWarnings("deprecation")
Query query = manager.createQuery(xpath, Query.XPATH);
NodeIterator iterator = query.execute().getNodes();
if (iterator.hasNext()) {
while (iterator.hasNext()) {
setMail(iterator.nextNode(), mail);
}
} else {
Node parent = session.getRootNode().getNode(MAIL_PATH);
Node node = parent.addNode(name, "james:mail");
Node resource = node.addNode("jcr:content", "nt:resource");
resource.setProperty("jcr:mimeType", "message/rfc822");
setMail(node, mail);
}
session.save();
logger.info("Mail " + mail.getName() + " stored in repository");
} finally {
session.logout();
}
} catch (IOException e) {
throw new MessagingException("Unable to store message: " + mail.getName(), e);
} catch (RepositoryException e) {
throw new MessagingException("Unable to store message: " + mail.getName(), e);
}
}
public void testPasswordMatch() throws NoSuchAlgorithmException, UnsupportedEncodingException {
// simple credentials containing the crypted pw must not match.
SimpleCredentials sc = new SimpleCredentials(userID, cCreds.get(0).getPassword().toCharArray());
for (CryptedSimpleCredentials cc : cCreds) {
assertFalse(cc.matches(sc));
}
// simple credentials containing different pw must not match.
SimpleCredentials sc2 = new SimpleCredentials(userID, "otherPw".toCharArray());
for (CryptedSimpleCredentials cc : cCreds) {
assertFalse(cc.matches(sc2));
}
// simple credentials with pw in digested form must not match.
SimpleCredentials sc3 = new SimpleCredentials(userID, "{unknown}somePw".toCharArray());
for (CryptedSimpleCredentials cc : cCreds) {
assertFalse(cc.matches(sc3));
}
// simple credentials with pw with different digest must not match
SimpleCredentials sc4 =
new SimpleCredentials(
userID, ("{md5}" + Text.digest("md5", pw.getBytes("UTF-8"))).toCharArray());
for (CryptedSimpleCredentials cc : cCreds) {
assertFalse(cc.matches(sc4));
}
}
/**
* Reads a mail message from the given mail node.
*
* @param node mail node
* @return mail message
* @throws MessagingException if a messaging error occurs
* @throws RepositoryException if a repository error occurs
* @throws IOException if an IO error occurs
*/
private Mail getMail(Node node) throws MessagingException, RepositoryException, IOException {
String name = Text.unescapeIllegalJcrChars(node.getName());
MailImpl mail = new MailImpl(name, getSender(node), getRecipients(node), getMessage(node));
mail.setState(getState(node));
mail.setLastUpdated(getLastUpdated(node));
mail.setErrorMessage(getError(node));
mail.setRemoteHost(getRemoteHost(node));
mail.setRemoteAddr(getRemoteAddr(node));
getAttributes(node, mail);
return mail;
}
/**
* Writes the mail attributes to the <code>jamesattr:*</code> property.
*
* @param node mail node
* @param mail mail message
* @throws RepositoryException if a repository error occurs
* @throws IOException if an IO error occurs
*/
@SuppressWarnings("deprecation")
private void setAttributes(Node node, Mail mail) throws RepositoryException, IOException {
Iterator<String> iterator = mail.getAttributeNames();
while (iterator.hasNext()) {
String name = iterator.next();
Object value = mail.getAttribute(name);
name = "jamesattr:" + Text.escapeIllegalJcrChars(name);
if (value instanceof String || value == null) {
node.setProperty(name, (String) value);
} else {
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
ObjectOutputStream output = new ObjectOutputStream(buffer);
output.writeObject(value);
output.close();
node.setProperty(name, new ByteArrayInputStream(buffer.toByteArray()));
}
}
}
public WorkspaceContentHandler(Workspace workspace, String parentAbsPath, int uuidBehavior)
throws RepositoryException {
this.workspace = workspace;
this.parentAbsPath = parentAbsPath;
this.uuidBehavior = uuidBehavior;
try {
String tmpName = Text.md5(parentAbsPath);
this.tmpFile = File.createTempFile("___" + tmpName, ".xml");
this.delegatee = SerializingContentHandler.getSerializer(new FileOutputStream(tmpFile));
} catch (FileNotFoundException e) {
throw new RepositoryException(e);
} catch (IOException e) {
throw new RepositoryException(e);
} catch (SAXException e) {
throw new RepositoryException(e);
}
}
/**
* Writes the mail attributes from the <code>jamesattr:*</code> property.
*
* @param node mail node
* @param mail mail message
* @throws RepositoryException if a repository error occurs
* @throws IOException if an IO error occurs
*/
private void getAttributes(Node node, Mail mail) throws RepositoryException, IOException {
PropertyIterator iterator = node.getProperties("jamesattr:*");
while (iterator.hasNext()) {
Property property = iterator.nextProperty();
String name =
Text.unescapeIllegalJcrChars(property.getName().substring("jamesattr:".length()));
if (property.getType() == PropertyType.BINARY) {
@SuppressWarnings("deprecation")
InputStream input = property.getStream();
try {
ObjectInputStream stream = new ObjectInputStream(input);
mail.setAttribute(name, (Serializable) stream.readObject());
} catch (ClassNotFoundException e) {
throw new IOException(e.getMessage());
} finally {
input.close();
}
} else {
mail.setAttribute(name, property.getString());
}
}
}
public Iterator<String> list() throws MessagingException {
try {
Session session = login();
try {
Collection<String> keys = new ArrayList<String>();
QueryManager manager = session.getWorkspace().getQueryManager();
@SuppressWarnings("deprecation")
Query query =
manager.createQuery("/jcr:root/" + MAIL_PATH + "//element(*,james:mail)", Query.XPATH);
NodeIterator iterator = query.execute().getNodes();
while (iterator.hasNext()) {
String name = iterator.nextNode().getName();
keys.add(Text.unescapeIllegalJcrChars(name));
}
return keys.iterator();
} finally {
session.logout();
}
} catch (RepositoryException e) {
throw new MessagingException("Unable to list messages", e);
}
}
protected String toSafeName(String key) {
return ISO9075.encode(Text.escapeIllegalJcrChars(key));
}
