1 /**
2 * This file Copyright (c) 2003-2010 Magnolia International
3 * Ltd. (http://www.magnolia-cms.com). All rights reserved.
4 *
5 *
6 * This file is dual-licensed under both the Magnolia
7 * Network Agreement and the GNU General Public License.
8 * You may elect to use one or the other of these licenses.
9 *
10 * This file is distributed in the hope that it will be
11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12 * implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14 * Redistribution, except as permitted by whichever of the GPL
15 * or MNA you select, is prohibited.
16 *
17 * 1. For the GPL license (GPL), you can redistribute and/or
18 * modify this file under the terms of the GNU General
19 * Public License, Version 3, as published by the Free Software
20 * Foundation. You should have received a copy of the GNU
21 * General Public License, Version 3 along with this program;
22 * if not, write to the Free Software Foundation, Inc., 51
23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24 *
25 * 2. For the Magnolia Network Agreement (MNA), this file
26 * and the accompanying materials are made available under the
27 * terms of the MNA which accompanies this distribution, and
28 * is available at http://www.magnolia-cms.com/mna.html
29 *
30 * Any modifications to this file must keep this entire header
31 * intact.
32 *
33 */
34 package info.magnolia.cms.util;
35
36 import info.magnolia.cms.beans.config.ContentRepository;
37 import info.magnolia.cms.security.AccessManager;
38 import info.magnolia.cms.security.AccessManagerImpl;
39 import info.magnolia.cms.security.Permission;
40 import info.magnolia.cms.security.auth.PrincipalCollection;
41 import info.magnolia.cms.security.auth.ACL;
42 import info.magnolia.cms.core.search.QueryManager;
43 import info.magnolia.cms.core.search.SearchFactory;
44 import info.magnolia.cms.core.DefaultHierarchyManager;
45 import info.magnolia.cms.core.HierarchyManager;
46 import info.magnolia.objectfactory.Components;
47
48 import javax.jcr.Session;
49 import javax.jcr.SimpleCredentials;
50 import javax.jcr.RepositoryException;
51 import javax.jcr.Repository;
52 import javax.security.auth.Subject;
53
54 import java.util.List;
55 import java.util.Set;
56 import java.util.Iterator;
57 import java.util.ArrayList;
58
59
60 /**
61 * This class replaces SessionStore and provide generic methods to create Magnolia specific JCR-workspace access objects.
62 * @see HierarchyManager
63 * @see javax.jcr.Session
64 * @see AccessManager
65 * @see QueryManager
66 * @author Sameer Charles
67 * $Id: WorkspaceAccessUtil.java 36903 2010-09-02 16:01:20Z pbaerfuss $
68 */
69 public class WorkspaceAccessUtil {
70
71 public WorkspaceAccessUtil() {
72 }
73
74 public static WorkspaceAccessUtil getInstance() {
75 return Components.getSingleton(WorkspaceAccessUtil.class);
76 }
77
78 /**
79 * @return Default SimpleCredentials as configured in magnolia.properties
80 * */
81 public SimpleCredentials getDefaultCredentials() {
82 return new SimpleCredentials(ContentRepository.REPOSITORY_USER,ContentRepository.REPOSITORY_PSWD.toCharArray());
83 }
84
85 /**
86 * Login to the specified repository/default workspace using given credentials.
87 * @param credentials
88 * @param repositoryName
89 * @return newly created JCR session
90 * @throws RepositoryException if login fails or workspace does not exist
91 * */
92 public Session createRepositorySession(SimpleCredentials credentials,
93 String repositoryName) throws RepositoryException {
94 return this.createRepositorySession
95 (credentials, repositoryName, ContentRepository.getDefaultWorkspace(repositoryName));
96 }
97
98 /**
99 * Login to the specified repository/workspace using given credentials.
100 * @param credentials
101 * @param repositoryName
102 * @param workspaceName
103 * @return newly created JCR session
104 * @throws RepositoryException if login fails or workspace does not exist
105 * */
106 public Session createRepositorySession(SimpleCredentials credentials,
107 String repositoryName,
108 String workspaceName) throws RepositoryException {
109 return createRepositorySession(credentials, ContentRepository.getRepository(repositoryName), workspaceName);
110 }
111
112 /**
113 * Login to the specified repository/workspace using given credentials.
114 * @param credentials
115 * @param repository
116 * @param workspaceName
117 * @return newly created JCR session
118 * @throws RepositoryException if login fails or workspace does not exist
119 * */
120 public Session createRepositorySession(SimpleCredentials credentials,
121 Repository repository,
122 String workspaceName) throws RepositoryException {
123 return repository.login(credentials, ContentRepository.getMappedWorkspaceName(workspaceName));
124 }
125
126 /**
127 * Create access manager of jaas authorized subject.
128 * @param subject
129 * @param repositoryName
130 * @return newly created accessmanager
131 * */
132 public AccessManager createAccessManager(Subject subject, String repositoryName) {
133 return this.createAccessManager(subject, repositoryName, ContentRepository.getDefaultWorkspace(repositoryName));
134 }
135
136 /**
137 * Create access manager of jaas authorized subject.
138 * @param subject
139 * @param repositoryName
140 * @param workspaceName
141 * @return newly created accessmanager
142 * */
143 public AccessManager createAccessManager(Subject subject, String repositoryName, String workspaceName) {
144 List<Permission> permissionList = new ArrayList<Permission>();
145 if (subject != null) {
146 Set<PrincipalCollection> principalSet = subject.getPrincipals(PrincipalCollection.class);
147 Iterator<PrincipalCollection> it = principalSet.iterator();
148 PrincipalCollection principals = it.next();
149 ACL acl = (ACL) principals.get(repositoryName + "_" + workspaceName);
150 if (acl != null) {
151 permissionList = acl.getList();
152 }
153 }
154 return createAccessManager(permissionList, repositoryName, workspaceName);
155 }
156
157 /**
158 * Create access manager for the given permission list.
159 * @param permissions
160 * */
161 public AccessManager createAccessManager(List<Permission> permissions, String repositoryName, String workspaceName) {
162 AccessManager accessManager = new AccessManagerImpl();
163 accessManager.setPermissionList(permissions);
164 return accessManager;
165 }
166
167 /**
168 * Create new access controlled magnolia query manager.
169 * @param jcrSession
170 * @param accessManager
171 * */
172 public QueryManager createQueryManager(Session jcrSession, HierarchyManager hm)
173 throws RepositoryException {
174 javax.jcr.query.QueryManager jcrQueryManager = jcrSession.getWorkspace().getQueryManager();
175 return SearchFactory.getInstance().getQueryManager(jcrQueryManager, hm);
176 }
177
178 /**
179 * Create new instance of DefaultHierarchyManager for the given session.
180 * @param userId this is used in MetaData of objects created via this HierarchyManager instance
181 * @param jcrSession
182 * @param accessManager
183 * @param queryManager
184 * */
185 public HierarchyManager createHierarchyManager(String userId,
186 Session jcrSession,
187 AccessManager accessManager) throws RepositoryException {
188 return new DefaultHierarchyManager(userId ,jcrSession, accessManager);
189 }
190
191 }