View Javadoc

1   /**
2    * This file Copyright (c) 2011 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.cms.core;
35  
36  import info.magnolia.cms.security.AccessManagerImpl;
37  
38  import java.security.Principal;
39  import java.util.Set;
40  
41  import javax.jcr.AccessDeniedException;
42  import javax.jcr.ItemNotFoundException;
43  import javax.jcr.PathNotFoundException;
44  import javax.jcr.RepositoryException;
45  import javax.jcr.UnsupportedRepositoryOperationException;
46  import javax.jcr.security.AccessControlException;
47  import javax.jcr.security.AccessControlPolicy;
48  import javax.jcr.security.AccessControlPolicyIterator;
49  import javax.jcr.security.Privilege;
50  
51  import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
52  import org.apache.jackrabbit.core.id.ItemId;
53  import org.apache.jackrabbit.core.security.AMContext;
54  import org.apache.jackrabbit.core.security.DefaultAccessManager;
55  import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
56  import org.apache.jackrabbit.core.security.authorization.Permission;
57  import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
58  import org.apache.jackrabbit.spi.Name;
59  import org.apache.jackrabbit.spi.Path;
60  import org.slf4j.Logger;
61  import org.slf4j.LoggerFactory;
62  
63  /**
64   * Magnolia's own access manager exposing access to repository to all Magnolia users.
65   * @author had
66   * @version $Id: $
67   * @deprecated this class will change package as part of removal direct JR dependencies.
68   */
69  @Deprecated
70  public class MagnoliaAccessManager extends DefaultAccessManager {
71  
72      private static final Logger log = LoggerFactory.getLogger(MagnoliaAccessManager.class);
73      private AMContext amctx;
74      private final AccessManagerImpl ami = new AccessManagerImpl();
75  
76      @Override
77      public boolean canAccess(String workspaceName) throws RepositoryException {
78          boolean ret = super.canAccess(workspaceName);
79          log.debug("canAccess({})?{}", workspaceName, ret);
80          if (amctx == null || amctx.getSubject() == null || amctx.getSubject().getPrincipals().size() == 0) {
81              log.warn("not logged in for {}, granting ws level access to everyone", workspaceName);
82          }
83          //TODO: check real perms here .. or rely on super ... double check
84          return ret;
85      }
86  
87      @Override
88      public boolean canRead(Path itemPath, ItemId itemId) throws RepositoryException {
89          boolean res = super.canRead(itemPath, itemId);
90          boolean ourRes = ami.isGranted(null, Permission.READ);
91          log.debug("can {} read({}:{},{})?{} or {}", new Object[] {printUserNames(amctx.getSubject().getPrincipals()), amctx.getWorkspaceName(), itemPath, itemId, res, ourRes});
92          //TODO: check real perms here .. or rely on super ... double check
93          return res;
94      }
95  
96      private String printUserNames(Set<Principal> principals) {
97          StringBuilder sb = new StringBuilder();
98          for (Principal p : principals) {
99              sb.append(" or " + p.getName());
100         }
101         sb.delete(0,4);
102         return sb.toString();
103     }
104 
105     @Override
106     protected void checkInitialized() {
107         log.debug("checkInitialized()");
108         super.checkInitialized();
109     }
110 
111     @Override
112     public void checkPermission(ItemId id, int permissions) throws AccessDeniedException, ItemNotFoundException, RepositoryException {
113         log.debug("checkPermission({},{})", id, permissions + "");
114         super.checkPermission(id, permissions);
115         //TODO: check real perms here .. or rely on super ... double check
116     }
117 
118     @Override
119     public void checkPermission(Path absPath, int permissions) throws AccessDeniedException, RepositoryException {
120         log.debug("checkPermission({}, {})", absPath, permissions + "");
121         super.checkPermission(absPath, permissions);
122         //TODO: check real perms here .. or rely on super ... double check
123     }
124 
125     @Override
126     protected void checkPermission(String absPath, int permission) throws AccessDeniedException, RepositoryException {
127         log.debug("checkPermission({}, {})", absPath, permission + "");
128         super.checkPermission(absPath, permission);
129     }
130 
131     @Override
132     protected void checkValidNodePath(String absPath) throws PathNotFoundException, RepositoryException {
133         log.debug("checkValidNodePath({})", absPath);
134         super.checkValidNodePath(absPath);
135     }
136 
137     @Override
138     public void close() throws Exception {
139         log.debug("{}:close()", this);
140         super.close();
141     }
142 
143     @Override
144     public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException,
145     UnsupportedRepositoryOperationException, RepositoryException {
146         log.debug("getApplicablePolicies({})", principal);
147         return super.getApplicablePolicies(principal);
148     }
149 
150     @Override
151     public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
152         log.debug("getApplicablePolicies({})", absPath);
153         return super.getApplicablePolicies(absPath);
154     }
155 
156     @Override
157     public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws AccessDeniedException, AccessControlException,
158     UnsupportedRepositoryOperationException, RepositoryException {
159         log.debug("getEffectivePolicies({})", principals);
160         return super.getEffectivePolicies(principals);
161     }
162 
163     @Override
164     public AccessControlPolicy[] getEffectivePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
165         log.debug("getEffectivePolicies({})", absPath);
166         return super.getEffectivePolicies(absPath);
167     }
168 
169     @Override
170     public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessDeniedException, AccessControlException,
171     UnsupportedRepositoryOperationException, RepositoryException {
172         log.debug("getPolicies({})", principal);
173         return super.getPolicies(principal);
174     }
175 
176     @Override
177     public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
178         log.debug("getPolicies({})", absPath);
179         return super.getPolicies(absPath);
180     }
181 
182     @Override
183     public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, RepositoryException {
184         log.debug("getPrivileges({}, {})", absPath, principals);
185         return super.getPrivileges(absPath, principals);
186     }
187 
188     @Override
189     public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
190         log.debug("getPrivileges({})", absPath);
191         return super.getPrivileges(absPath);
192     }
193 
194     @Override
195     public boolean hasPrivileges(String absPath, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
196         log.debug("hasPrivileges({}, {})", absPath, privileges);
197         return super.hasPrivileges(absPath, privileges);
198     }
199 
200     @Override
201     public boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
202         log.debug("hasPrivileges({}, {}, {})", new Object[] {absPath, principals, privileges});
203         return super.hasPrivileges(absPath, principals, privileges);
204     }
205 
206     @Override
207     public void init(AMContext amContext, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager) throws AccessDeniedException, Exception {
208         log.debug("{}:init({}, {}, {})", new Object[] {this, amContext, acProvider, wspAccessManager});
209         super.init(amContext, acProvider, wspAccessManager);
210         this.amctx = amContext;
211     }
212 
213     @Override
214     public void init(final AMContext amContext) throws AccessDeniedException, Exception {
215         super.init(amContext);
216         this.amctx = amContext;
217         // can get our user from here as we put it in the list of principals
218         final String user = this.amctx.getSubject().getPrincipals().iterator().next().getName();
219         log.debug("{}:init({})", user, amContext);
220     }
221 
222     @Override
223     public boolean isGranted(ItemId id, int actions) throws ItemNotFoundException, RepositoryException {
224         log.debug("isGranted({}, {})", id, actions);
225         return super.isGranted(id, actions);
226     }
227 
228     @Override
229     public boolean isGranted(Path absPath, int permissions) throws RepositoryException {
230         log.debug("isGranted({}:{}, {})", new Object[] {amctx.getWorkspaceName(), absPath, permissions});
231         return super.isGranted(absPath, permissions);
232     }
233 
234     @Override
235     public boolean isGranted(Path parentPath, Name childName, int permissions) throws RepositoryException {
236         log.debug("isGranted({}, {}, {})", new Object[] {parentPath, childName, permissions});
237         return super.isGranted(parentPath, childName, permissions);
238     }
239 
240     @Override
241     public void removePolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException,
242     RepositoryException {
243         log.debug("removePolicy({}, {})", absPath, policy);
244         super.removePolicy(absPath, policy);
245     }
246 
247     @Override
248     public void setPolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException,
249     RepositoryException {
250         log.debug("setPolicy({}, {})", absPath, policy);
251         super.setPolicy(absPath, policy);
252     }
253 }