/** * @see AccessManager#canAccess(String) */ public boolean canAccess(String workspaceName) throws RepositoryException { checkInitialized(); return wspAccess.canAccess(workspaceName); }
/** * @see javax.jcr.security.AccessControlManager#getPolicies(String) */ @Override public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException { checkInitialized(); checkPermission(absPath, Permission.READ_AC); AccessControlPolicy[] policies; if (editor != null) { policies = editor.getPolicies(absPath); } else { policies = new AccessControlPolicy[0]; } return policies; }
/** * @see AccessManager#init(AMContext) */ public void init(AMContext amContext) throws AccessDeniedException, Exception { init(amContext, null, null); }
/** * @see javax.jcr.security.AccessControlManager#getEffectivePolicies(String) */ public AccessControlPolicy[] getEffectivePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException { checkInitialized(); checkPermission(absPath, Permission.READ_AC); return acProvider.getEffectivePolicies(getPath(absPath), compiledPermissions); }
/** * @see javax.jcr.security.AccessControlManager#getPrivileges(String) */ public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException { checkInitialized(); checkValidNodePath(absPath); Set<Privilege> privs = compiledPermissions.getPrivilegeSet(getPath(absPath)); return privs.toArray(new Privilege[privs.size()]); }
/** * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getPrivileges(String, Set) */ public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, RepositoryException { checkInitialized(); checkValidNodePath(absPath); checkPermission(absPath, Permission.READ_AC); CompiledPermissions perms = acProvider.compilePermissions(principals); try { Set<Privilege> privs = perms.getPrivilegeSet(getPath(absPath)); return privs.toArray(new Privilege[privs.size()]); } finally { perms.close(); } }
public boolean isGranted(ItemId id, int permissions) throws ItemNotFoundException, RepositoryException { return super.isGranted(id, permissions); }
/** * @see AbstractAccessControlManager#getPrivilegeManager() */ @Override protected PrivilegeManager getPrivilegeManager() throws RepositoryException { checkInitialized(); return privilegeManager; }
/** * @see AccessManager#isGranted(ItemId, int) */ public boolean isGranted(ItemId id, int actions) throws ItemNotFoundException, RepositoryException { checkInitialized(); if (actions == READ && compiledPermissions.canReadAll()) { return true; } else { int perm = 0; if ((actions & READ) == READ) { perm |= Permission.READ; } if ((actions & WRITE) == WRITE) { if (id.denotesNode()) { // TODO: check again if correct perm |= Permission.SET_PROPERTY; perm |= Permission.ADD_NODE; } else { perm |= Permission.SET_PROPERTY; } } if ((actions & REMOVE) == REMOVE) { perm |= (id.denotesNode()) ? Permission.REMOVE_NODE : Permission.REMOVE_PROPERTY; } Path path = hierMgr.getPath(id); return isGranted(path, perm); } }
@Override protected void checkPermission(String absPath, int permission) throws AccessDeniedException, RepositoryException { log.debug("checkPermission({}, {})", absPath, permission + ""); super.checkPermission(absPath, permission); }
wspAccess = new WorkspaceAccess(wspAccessManager, isSystemOrAdmin(amContext.getSession())); privilegeManager = amContext.getPrivilegeManager(); if (!canAccess(amContext.getWorkspaceName())) { throw new AccessDeniedException("Not allowed to access Workspace " + amContext.getWorkspaceName());
/** * @see AbstractAccessControlManager#checkPermission(String,int) */ @Override protected void checkPermission(String absPath, int permission) throws AccessDeniedException, RepositoryException { checkValidNodePath(absPath); Path p = getPath(absPath); if (!compiledPermissions.grants(p, permission)) { throw new AccessDeniedException("Access denied at " + absPath); } }
@Override public boolean canAccess(String workspaceName) throws RepositoryException { boolean ret = super.canAccess(workspaceName); log.debug("canAccess({})?{}", workspaceName, ret); if (amctx == null || amctx.getSubject() == null || amctx.getSubject().getPrincipals().size() == 0) { log.warn("not logged in for {}, granting ws level access to everyone", workspaceName); } //TODO: check real perms here .. or rely on super ... double check return ret; }
@Override public boolean canRead(Path itemPath, ItemId itemId) throws RepositoryException { boolean res = super.canRead(itemPath, itemId); boolean ourRes = ami.isGranted(null, Permission.READ); log.debug("can {} read({}:{},{})?{} or {}", printUserNames(amctx.getSubject().getPrincipals()), amctx.getWorkspaceName(), itemPath, itemId, res, ourRes); //TODO: check real perms here .. or rely on super ... double check return res; }
@Override public void close() throws Exception { log.debug("{}:close()", this); super.close(); }
@Override protected void checkValidNodePath(String absPath) throws PathNotFoundException, RepositoryException { log.debug("checkValidNodePath({})", absPath); super.checkValidNodePath(absPath); }
/** * @see JackrabbitSecurityManager#getAccessManager(Session,AMContext) */ public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException { checkInitialized(); AccessManagerConfig amConfig = repository.getConfig().getSecurityConfig().getAccessManagerConfig(); try { String wspName = session.getWorkspace().getName(); AccessControlProvider pp = getAccessControlProvider(wspName); AccessManager accessMgr; if (amConfig == null) { log.debug("No configuration entry for AccessManager. Using org.apache.jackrabbit.core.security.DefaultAccessManager"); accessMgr = new DefaultAccessManager(); } else { accessMgr = amConfig.newInstance(AccessManager.class); } accessMgr.init(amContext, pp, workspaceAccessManager); return accessMgr; } catch (AccessDeniedException e) { // re-throw throw e; } catch (Exception e) { // wrap in RepositoryException String clsName = (amConfig == null) ? "-- missing access manager configuration --" : amConfig.getClassName(); String msg = "Failed to instantiate AccessManager (" + clsName + ")"; log.error(msg, e); throw new RepositoryException(msg, e); } }
/** * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getPrivileges(String, Set) */ public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, RepositoryException { checkInitialized(); checkValidNodePath(absPath); checkPermission(absPath, Permission.READ_AC); CompiledPermissions perms = acProvider.compilePermissions(principals); try { Set<Privilege> privs = perms.getPrivilegeSet(getPath(absPath)); return privs.toArray(new Privilege[privs.size()]); } finally { perms.close(); } }
public boolean isGranted(Path parentPath, Name childName, int permissions) throws RepositoryException { return super.isGranted(parentPath, childName, permissions); }
/** * @see javax.jcr.security.AccessControlManager#getPrivileges(String) */ public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException { checkInitialized(); checkValidNodePath(absPath); Set<Privilege> privs = compiledPermissions.getPrivilegeSet(getPath(absPath)); return privs.toArray(new Privilege[privs.size()]); }