/** * {@inheritDoc} */ public void init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager) throws AccessDeniedException, Exception { if (initialized) { throw new IllegalStateException("already initialized"); } subject = context.getSubject(); hierMgr = context.getHierarchyManager(); resolver = context.getNamePathResolver(); privilegeManager = ((JackrabbitWorkspace) context.getSession().getWorkspace()).getPrivilegeManager(); wspAccessMgr = wspAccessManager; anonymous = !subject.getPrincipals(AnonymousPrincipal.class).isEmpty(); system = !subject.getPrincipals(SystemPrincipal.class).isEmpty(); // @todo check permission to access given workspace based on principals initialized = true; if (!canAccess(context.getWorkspaceName())) { throw new AccessDeniedException("Not allowed to access Workspace " + context.getWorkspaceName()); } }
@Override public boolean canRead(Path itemPath, ItemId itemId) throws RepositoryException { boolean res = super.canRead(itemPath, itemId); boolean ourRes = ami.isGranted(null, Permission.READ); log.debug("can {} read({}:{},{})?{} or {}", printUserNames(amctx.getSubject().getPrincipals()), amctx.getWorkspaceName(), itemPath, itemId, res, ourRes); //TODO: check real perms here .. or rely on super ... double check return res; }
throw new IllegalStateException("already initialized"); subject = context.getSubject(); npRes = context.getNamePathResolver();
@Override public boolean canAccess(String workspaceName) throws RepositoryException { boolean ret = super.canAccess(workspaceName); log.debug("canAccess({})?{}", workspaceName, ret); if (amctx == null || amctx.getSubject() == null || amctx.getSubject().getPrincipals().size() == 0) { log.warn("not logged in for {}, granting ws level access to everyone", workspaceName); } //TODO: check real perms here .. or rely on super ... double check return ret; }
@Override public boolean isGranted(Path absPath, int permissions) throws RepositoryException { log.debug("isGranted({}:{}, {})", amctx.getWorkspaceName(), absPath, permissions); return super.isGranted(absPath, permissions); }
/** * Create the access manager. * * @param subject * @return access manager * @throws AccessDeniedException if the current subject is not granted access * to the current workspace * @throws RepositoryException if the access manager cannot be instantiated */ protected AccessManager createAccessManager(Subject subject) throws AccessDeniedException, RepositoryException { String wspName = getWorkspace().getName(); AMContext ctx = new AMContext( new File(context.getRepository().getConfig().getHomeDir()), context.getRepositoryContext().getFileSystem(), this, subject, context.getHierarchyManager(), context.getPrivilegeManager(), this, wspName); return repositoryContext.getSecurityManager().getAccessManager(this, ctx); }
@Override public void init(final AMContext amContext) throws AccessDeniedException, Exception { super.init(amContext); this.amctx = amContext; // can get our user from here as we put it in the list of principals final String user = this.amctx.getSubject().getPrincipals().iterator().next().getName(); log.debug("{}:init({})", user, amContext); }
/** * Create the access manager. * * @param subject * @return access manager * @throws AccessDeniedException if the current subject is not granted access * to the current workspace * @throws RepositoryException if the access manager cannot be instantiated */ protected AccessManager createAccessManager(Subject subject) throws AccessDeniedException, RepositoryException { String wspName = getWorkspace().getName(); AMContext ctx = new AMContext( new File(context.getRepository().getConfig().getHomeDir()), context.getRepositoryContext().getFileSystem(), this, subject, context.getHierarchyManager(), context.getPrivilegeManager(), this, wspName); return repositoryContext.getSecurityManager().getAccessManager(this, ctx); }
/** * {@inheritDoc} */ public void init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager) throws AccessDeniedException, Exception { if (initialized) { throw new IllegalStateException("already initialized"); } subject = context.getSubject(); hierMgr = context.getHierarchyManager(); resolver = context.getNamePathResolver(); privilegeManager = ((JackrabbitWorkspace) context.getSession().getWorkspace()).getPrivilegeManager(); wspAccessMgr = wspAccessManager; anonymous = !subject.getPrincipals(AnonymousPrincipal.class).isEmpty(); system = !subject.getPrincipals(SystemPrincipal.class).isEmpty(); // @todo check permission to access given workspace based on principals initialized = true; if (!canAccess(context.getWorkspaceName())) { throw new AccessDeniedException("Not allowed to access Workspace " + context.getWorkspaceName()); } }
public void init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessMgr) throws AccessDeniedException, Exception { accessManagerFactoryTracker = Activator.getAccessManagerFactoryTracker(); accessManagerFactory = getAccessManagerFactory(); if (accessManagerFactory != null) { this.accessManagerPlugin = accessManagerFactory.getAccessManager(); } this.sanityCheck(); super.init(context, acProvider, wspAccessMgr); this.namePathResolver = context.getNamePathResolver(); if (this.accessManagerPlugin != null) { this.accessManagerPlugin.init(context.getSubject(), context.getSession()); } this.session = context.getSession(); this.subject = context.getSubject(); hierMgr = context.getHierarchyManager(); }
resolver = amContext.getNamePathResolver(); hierMgr = amContext.getHierarchyManager(); Subject subject = amContext.getSubject(); if (subject == null) { principals = Collections.emptySet(); wspAccess = new WorkspaceAccess(wspAccessManager, isSystemOrAdmin(amContext.getSession())); privilegeManager = amContext.getPrivilegeManager(); editor = acProvider.getEditor(amContext.getSession()); compiledPermissions = acProvider.compilePermissions(principals); } else { if (!canAccess(amContext.getWorkspaceName())) { throw new AccessDeniedException("Not allowed to access Workspace " + amContext.getWorkspaceName());
resolver = amContext.getNamePathResolver(); hierMgr = amContext.getHierarchyManager(); Subject subject = amContext.getSubject(); if (subject == null) { principals = Collections.emptySet(); wspAccess = new WorkspaceAccess(wspAccessManager, isSystemOrAdmin(amContext.getSession())); privilegeManager = amContext.getPrivilegeManager(); editor = acProvider.getEditor(amContext.getSession()); compiledPermissions = acProvider.compilePermissions(principals); } else { if (!canAccess(amContext.getWorkspaceName())) { throw new AccessDeniedException("Not allowed to access Workspace " + amContext.getWorkspaceName());