Examples of AccessControlManager

Examples of javax.jcr.security.AccessControlManager

282
283
284
285
286
287
288
289
290
291
292
293
   
    return accessMap;
  }
 
  private AccessControlEntry[] getEffectiveAccessControlEntries(Session session, String absPath) throws RepositoryException {
    AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
    AccessControlPolicy[] policies = accessControlManager.getEffectivePolicies(absPath);
    for (AccessControlPolicy accessControlPolicy : policies) {
      if (accessControlPolicy instanceof AccessControlList) {
        AccessControlEntry[] accessControlEntries = ((AccessControlList)accessControlPolicy).getAccessControlEntries();
        return accessControlEntries;
      }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

319
320
321
322
323
324
325
326
327
328
329
330
   * @throws RepositoryException
   */
  public AccessRights getEffectiveAccessRightsForPrincipal(Session session, String absPath, String principalId) throws RepositoryException {
    AccessRights rights = new AccessRights();
    if (principalId != null && principalId.length() > 0) {
      AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
      AccessControlPolicy[] policies = accessControlManager.getEffectivePolicies(absPath);
      for (AccessControlPolicy accessControlPolicy : policies) {
        if (accessControlPolicy instanceof AccessControlList) {
          AccessControlEntry[] accessControlEntries = ((AccessControlList)accessControlPolicy).getAccessControlEntries();
          for (AccessControlEntry ace : accessControlEntries) {
            if (principalId.equals(ace.getPrincipal().getName())) {
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

368
369
370
371
372
373
374
375
376
377
378
379
380
   * @param absPath the path of the resource to check
   * @return true if the current user has the privileges, false otherwise
   */
  public boolean canAddChildren(Session session, String absPath) {
    try {
      AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
      return accessControlManager.hasPrivileges(absPath, new Privilege[] {
              accessControlManager.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES)
            });
    } catch (RepositoryException e) {
      return false;
    }
  }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

402
403
404
405
406
407
408
409
410
411
412
413
414
415
   * @param absPath the path of the resource to check
   * @return true if the current user has the privileges, false otherwise
   */
  public boolean canDeleteChildren(Session session, String absPath) {
    try {
      AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
     
      return accessControlManager.hasPrivileges(absPath, new Privilege[] {
              accessControlManager.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES)
            });
    } catch (RepositoryException e) {
      return false;
    }
  }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
     */
    public static void replaceAccessControlEntry(Session session, String resourcePath, Principal principal,
          String[] grantedPrivilegeNames, String[] deniedPrivilegeNames, String[] removedPrivilegeNames,
          String order)
            throws RepositoryException {
      AccessControlManager accessControlManager = getAccessControlManager(session);
      Set<String> specifiedPrivilegeNames = new HashSet<String>();
      Set<String> newGrantedPrivilegeNames = disaggregateToPrivilegeNames(accessControlManager, grantedPrivilegeNames, specifiedPrivilegeNames);
      Set<String> newDeniedPrivilegeNames = disaggregateToPrivilegeNames(accessControlManager, deniedPrivilegeNames, specifiedPrivilegeNames);
      disaggregateToPrivilegeNames(accessControlManager, removedPrivilegeNames, specifiedPrivilegeNames);

      // Get or create the ACL for the node.
      AccessControlList acl = null;
      AccessControlPolicy[] policies = accessControlManager.getPolicies(resourcePath);
      for (AccessControlPolicy policy : policies) {
        if (policy instanceof AccessControlList) {
          acl = (AccessControlList) policy;
          break;
        }
      }
      if (acl == null) {
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(resourcePath);
        while (applicablePolicies.hasNext()) {
          AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
          if (policy instanceof AccessControlList) {
            acl = (AccessControlList) policy;
            break;
          }
        }
      }
      if (acl == null) {
        throw new RepositoryException("Could not obtain ACL for resource " + resourcePath);
      }
      // Used only for logging.
      Set<Privilege> oldGrants = null;
      Set<Privilege> oldDenies = null;
      if (log.isDebugEnabled()) {
        oldGrants = new HashSet<Privilege>();
        oldDenies = new HashSet<Privilege>();
      }
     
      // Combine all existing ACEs for the target principal.
      AccessControlEntry[] accessControlEntries = acl.getAccessControlEntries();
      for (int i=0; i < accessControlEntries.length; i++) {
        AccessControlEntry ace = accessControlEntries[i];
        if (principal.equals(ace.getPrincipal())) {
          if (log.isDebugEnabled()) {
            log.debug("Found Existing ACE for principal {} on resource {}", new Object[] {principal.getName(), resourcePath});
          }
          if (order == null || order.length() == 0) {
            //order not specified, so keep track of the original ACE position.
            order = String.valueOf(i);
          }
         
          boolean isAllow = isAllow(ace);
          Privilege[] privileges = ace.getPrivileges();
          if (log.isDebugEnabled()) {
            if (isAllow) {
              oldGrants.addAll(Arrays.asList(privileges));
            } else {
              oldDenies.addAll(Arrays.asList(privileges));
            }
          }
          for (Privilege privilege : privileges) {
            Set<String> maintainedPrivileges = disaggregateToPrivilegeNames(privilege);
            // If there is any overlap with the newly specified privileges, then
            // break the existing privilege down; otherwise, maintain as is.
            if (!maintainedPrivileges.removeAll(specifiedPrivilegeNames)) {
              // No conflicts, so preserve the original.
              maintainedPrivileges.clear();
              maintainedPrivileges.add(privilege.getName());
            }
            if (!maintainedPrivileges.isEmpty()) {
              if (isAllow) {
                newGrantedPrivilegeNames.addAll(maintainedPrivileges);
              } else {
                newDeniedPrivilegeNames.addAll(maintainedPrivileges);
              }
            }
          }
          // Remove the old ACE.
          acl.removeAccessControlEntry(ace);
        }
      }

      //add a fresh ACE with the granted privileges
      List<Privilege> grantedPrivilegeList = new ArrayList<Privilege>();
      for (String name : newGrantedPrivilegeNames) {
        Privilege privilege = accessControlManager.privilegeFromName(name);
        grantedPrivilegeList.add(privilege);
      }
      if (grantedPrivilegeList.size() > 0) {
        acl.addAccessControlEntry(principal, grantedPrivilegeList.toArray(new Privilege[grantedPrivilegeList.size()]));
      }

       //add a fresh ACE with the denied privileges
       List<Privilege> deniedPrivilegeList = new ArrayList<Privilege>();
       for (String name : newDeniedPrivilegeNames) {
         Privilege privilege = accessControlManager.privilegeFromName(name);
         deniedPrivilegeList.add(privilege);
       }       
       if (deniedPrivilegeList.size() > 0) {
         addEntry(acl, principal, deniedPrivilegeList.toArray(new Privilege[deniedPrivilegeList.size()]), false);
       }

      
       //order the ACL
       reorderAccessControlEntries(acl, principal, order);
      
      accessControlManager.setPolicy(resourcePath, acl);
      if (log.isDebugEnabled()) {
        List<String> oldGrantedNames = new ArrayList<String>(oldGrants.size());
        for (Privilege privilege : oldGrants) {
          oldGrantedNames.add(privilege.getName());
        }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
   * @param absPath the path of the resource to check
   * @return true if the current user has the privileges, false otherwise
   */
  public boolean canDelete(Session session, String absPath) {
    try {
      AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
     
      String parentPath;
      int lastSlash = absPath.lastIndexOf('/');
      if (lastSlash == 0) {
        //the parent is the root folder.
        parentPath = "/";
      } else {
        //strip the last segment
        parentPath = absPath.substring(0, lastSlash);
      }
      boolean canDelete = accessControlManager.hasPrivileges(absPath, new Privilege[] {
              accessControlManager.privilegeFromName(Privilege.JCR_REMOVE_NODE)
            }) && canDeleteChildren(session, parentPath);
      return canDelete;
    } catch (RepositoryException e) {
      return false;
    }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

482
483
484
485
486
487
488
489
490
491
492
493
494
   * @param absPath the path of the resource to check
   * @return true if the current user has the privileges, false otherwise
   */
  public boolean canModifyProperties(Session session, String absPath) {
    try {
      AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
      return accessControlManager.hasPrivileges(absPath, new Privilege[] {
              accessControlManager.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES)
            });
    } catch (RepositoryException e) {
      return false;
    }
  }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

516
517
518
519
520
521
522
523
524
525
526
527
528
   * @param absPath the path of the resource to check
   * @return true if the current user has the privileges, false otherwise
   */
  public boolean canReadAccessControl(Session session, String absPath) {
    try {
      AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
      return accessControlManager.hasPrivileges(absPath, new Privilege[] {
              accessControlManager.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL)
            });
    } catch (RepositoryException e) {
      return false;
    }
  }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

550
551
552
553
554
555
556
557
558
559
560
561
562
   * @param absPath the path of the resource to check
   * @return true if the current user has the privileges, false otherwise
   */
  public boolean canModifyAccessControl(Session session, String absPath) {
    try {
      AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
      return accessControlManager.hasPrivileges(absPath, new Privilege[] {
              accessControlManager.privilegeFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)
            });
    } catch (RepositoryException e) {
      return false;
    }
  }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

116
117
118
119
120
121
122
123
124
125
126
127
128
      throw new ResourceNotFoundException("Resource is not a JCR Node");
    }

    // Calculate a map of privileges to all the aggregate privileges it is contained in.
    // Use for fast lookup during the mergePrivilegeSets calls below.
        AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(jcrSession);
    Map<Privilege, Set<Privilege>> privilegeToAncestorMap = new HashMap<Privilege, Set<Privilege>>();
        Privilege[] supportedPrivileges = accessControlManager.getSupportedPrivileges(item.getPath());
        for (Privilege privilege : supportedPrivileges) {
      if (privilege.isAggregate()) {
        Privilege[] ap = privilege.getAggregatePrivileges();
        for (Privilege privilege2 : ap) {
          Set<Privilege> set = privilegeToAncestorMap.get(privilege2);
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.