PentahoCompiledPermissionsImpl( Set<Principal> principals, SessionImpl session, EntryCollector entryCollector, AccessControlUtils util, boolean listenToEvents ) throws RepositoryException { this.session = session; this.entryCollector = entryCollector; this.util = util; principalNames = new ArrayList<String>( principals.size() ); for ( Principal princ : principals ) { principalNames.add( princ.getName() ); } if ( listenToEvents ) { /* * Make sure this AclPermission recalculates the permissions if any ACL concerning it is modified. */ entryCollector.addListener( this ); } }
@Override protected void notifyListeners( AccessControlModifications modifications ) { super.notifyListeners( modifications ); /* Update cache for all affected access controlled nodes */ for ( Object key : modifications.getNodeIdentifiers() ) { if ( !( key instanceof NodeId ) ) { log.warn( "Cannot process AC modificationMap entry. Keys must be NodeId." ); continue; } try { createMagicAceDefinitions( systemSession ); } catch ( RepositoryException e ) { log.error( "Failed to recreate magic ace definitions on repository policy changed", e ); } } super.notifyListeners( modifications ); }
/** * @see org.apache.jackrabbit.core.security.authorization.CompiledPermissions#close() */ @Override public void close() { entryCollector.removeListener(this); // NOTE: do not logout shared session. super.close(); }
/** * * @param nodeId * @return * @throws RepositoryException */ protected Entries getEntries(NodeId nodeId) throws RepositoryException { NodeImpl node = getNodeById(nodeId); return getEntries(node); }
for (Entry ace : entryCollector.collectEntries(node, filter)) { if (ace.getPrivilegeBits().includesRead()) { canRead = ace.isAllow();
if (ACLProvider.isRepoAccessControlled(root)) { NodeImpl aclNode = root.getNode(N_REPO_POLICY); filterEntries(filter, Entry.readEntries(aclNode, null), userAces, groupAces); filterEntries(filter, getEntries(node).getACEs(), userAces, groupAces); NodeId next = node.getParentId(); while (next != null) { Entries entries = getEntries(next); filterEntries(filter, entries.getACEs(), userAces, groupAces); next = entries.getNextId();
@Override protected void close() { super.close(); cache.clear(); }
/** * Read the entries defined for the specified node and update the cache * accordingly. * * @param node The target node * @return The list of entries present on the specified node or an empty list. * @throws RepositoryException If an error occurs. */ private Entries internalUpdateCache(NodeImpl node) throws RepositoryException { Entries entries = super.getEntries(node); if (cacheNoAcl || (isRootId(node.getNodeId()) && cache.specialCasesRoot()) || !entries.isEmpty()) { // adjust the 'nextId' to point to the next access controlled // ancestor node instead of the parent and remember the entries. entries.setNextId(getNextID(node)); cache.put(node.getNodeId(), entries); } // else: not access controlled -> ignore. return entries; }
for (Entry ace : entryCollector.collectEntries(node, filter)) { if (ace.getPrivilegeBits().includesRead()) { canRead = ace.isAllow();
/** * * @param nodeId * @return * @throws RepositoryException */ protected Entries getEntries(NodeId nodeId) throws RepositoryException { NodeImpl node = getNodeById(nodeId); return getEntries(node); }
if (ACLProvider.isRepoAccessControlled(root)) { NodeImpl aclNode = root.getNode(N_REPO_POLICY); filterEntries(filter, Entry.readEntries(aclNode, null), userAces, groupAces); filterEntries(filter, getEntries(node).getACEs(), userAces, groupAces); NodeId next = node.getParentId(); while (next != null) { Entries entries = getEntries(next); filterEntries(filter, entries.getACEs(), userAces, groupAces); next = entries.getNextId();
@Override public void close() { super.close(); entryCollector.close(); }
/** * Read the entries defined for the specified node and update the cache * accordingly. * * @param node The target node * @return The list of entries present on the specified node or an empty list. * @throws RepositoryException If an error occurs. */ private Entries internalUpdateCache(NodeImpl node) throws RepositoryException { Entries entries = super.getEntries(node); if (cacheNoAcl || (isRootId(node.getNodeId()) && cache.specialCasesRoot()) || !entries.isEmpty()) { // adjust the 'nextId' to point to the next access controlled // ancestor node instead of the parent and remember the entries. entries.setNextId(getNextID(node)); cache.put(node.getNodeId(), entries); } // else: not access controlled -> ignore. return entries; }
for ( Object entry : entryCollector.collectEntries( node, filter ) ) {
/** * Collects access controlled nodes that are effected by access control * changes together with the corresponding modification types, and * notifies access control listeners about the modifications. * * @param events */ public void onEvent(EventIterator events) { try { // JCR-2890: We need to use a fresh new session here to avoid // deadlocks caused by concurrent threads possibly using the // systemSession instance for other purposes. String workspaceName = systemSession.getWorkspace().getName(); Session session = systemSession.createSession(workspaceName); try { // Sift through the events to find access control modifications ACLEventSieve sieve = new ACLEventSieve(session, (NameResolver) session); sieve.siftEvents(events); // Notify listeners and eventually clean up internal caches AccessControlModifications<NodeId> mods = sieve.getModifications(); if (!mods.getNodeIdentifiers().isEmpty()) { notifyListeners(mods); } } finally { session.logout(); } } catch (RepositoryException e) { log.error("Failed to process access control modifications", e); } }
/** * @see org.apache.jackrabbit.core.security.authorization.CompiledPermissions#close() */ @Override public void close() { entryCollector.removeListener( this ); // NOTE: do not logout shared session. super.close(); }
CompiledPermissionsImpl(Set<Principal> principals, SessionImpl session, EntryCollector entryCollector, AccessControlUtils util, boolean listenToEvents) throws RepositoryException { this.session = session; this.entryCollector = entryCollector; this.util = util; principalNames = new ArrayList<String>(principals.size()); for (Principal princ : principals) { principalNames.add(princ.getName()); } if (listenToEvents) { /* Make sure this AclPermission recalculates the permissions if any ACL concerning it is modified. */ entryCollector.addListener(this); } LOG.debug("Read permission cache size = {}", MAX_CACHE_SIZE); }
@Override protected void close() { super.close(); cache.clear(); }
Iterator<Entry> entries = entryCollector.collectEntries(n, filter).iterator();
/** * Collects access controlled nodes that are effected by access control * changes together with the corresponding modification types, and * notifies access control listeners about the modifications. * * @param events */ public void onEvent(EventIterator events) { try { // JCR-2890: We need to use a fresh new session here to avoid // deadlocks caused by concurrent threads possibly using the // systemSession instance for other purposes. String workspaceName = systemSession.getWorkspace().getName(); Session session = systemSession.createSession(workspaceName); try { // Sift through the events to find access control modifications ACLEventSieve sieve = new ACLEventSieve(session, (NameResolver) session); sieve.siftEvents(events); // Notify listeners and eventually clean up internal caches AccessControlModifications<NodeId> mods = sieve.getModifications(); if (!mods.getNodeIdentifiers().isEmpty()) { notifyListeners(mods); } } finally { session.logout(); } } catch (RepositoryException e) { log.error("Failed to process access control modifications", e); } }