1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.core;
35
36 import info.magnolia.cms.security.AccessManagerImpl;
37
38 import java.security.Principal;
39 import java.util.Set;
40
41 import javax.jcr.AccessDeniedException;
42 import javax.jcr.ItemNotFoundException;
43 import javax.jcr.PathNotFoundException;
44 import javax.jcr.RepositoryException;
45 import javax.jcr.UnsupportedRepositoryOperationException;
46 import javax.jcr.security.AccessControlException;
47 import javax.jcr.security.AccessControlPolicy;
48 import javax.jcr.security.AccessControlPolicyIterator;
49 import javax.jcr.security.Privilege;
50
51 import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
52 import org.apache.jackrabbit.core.id.ItemId;
53 import org.apache.jackrabbit.core.security.AMContext;
54 import org.apache.jackrabbit.core.security.DefaultAccessManager;
55 import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
56 import org.apache.jackrabbit.core.security.authorization.Permission;
57 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
58 import org.apache.jackrabbit.spi.Name;
59 import org.apache.jackrabbit.spi.Path;
60 import org.slf4j.Logger;
61 import org.slf4j.LoggerFactory;
62
63
64
65
66
67
68
69 @Deprecated
70 public class MagnoliaAccessManager extends DefaultAccessManager {
71
72 private static final Logger log = LoggerFactory.getLogger(MagnoliaAccessManager.class);
73 private AMContext amctx;
74 private final AccessManagerImpl ami = new AccessManagerImpl();
75
76 @Override
77 public boolean canAccess(String workspaceName) throws RepositoryException {
78 boolean ret = super.canAccess(workspaceName);
79 log.debug("canAccess({})?{}", workspaceName, ret);
80 if (amctx == null || amctx.getSubject() == null || amctx.getSubject().getPrincipals().size() == 0) {
81 log.warn("not logged in for {}, granting ws level access to everyone", workspaceName);
82 }
83
84 return ret;
85 }
86
87 @Override
88 public boolean canRead(Path itemPath, ItemId itemId) throws RepositoryException {
89 boolean res = super.canRead(itemPath, itemId);
90 boolean ourRes = ami.isGranted(null, Permission.READ);
91 log.debug("can {} read({}:{},{})?{} or {}", new Object[] {printUserNames(amctx.getSubject().getPrincipals()), amctx.getWorkspaceName(), itemPath, itemId, res, ourRes});
92
93 return res;
94 }
95
96 private String printUserNames(Set<Principal> principals) {
97 StringBuilder sb = new StringBuilder();
98 for (Principal p : principals) {
99 sb.append(" or " + p.getName());
100 }
101 sb.delete(0,4);
102 return sb.toString();
103 }
104
105 @Override
106 protected void checkInitialized() {
107 log.debug("checkInitialized()");
108 super.checkInitialized();
109 }
110
111 @Override
112 public void checkPermission(ItemId id, int permissions) throws AccessDeniedException, ItemNotFoundException, RepositoryException {
113 log.debug("checkPermission({},{})", id, permissions + "");
114 super.checkPermission(id, permissions);
115
116 }
117
118 @Override
119 public void checkPermission(Path absPath, int permissions) throws AccessDeniedException, RepositoryException {
120 log.debug("checkPermission({}, {})", absPath, permissions + "");
121 super.checkPermission(absPath, permissions);
122
123 }
124
125 @Override
126 protected void checkPermission(String absPath, int permission) throws AccessDeniedException, RepositoryException {
127 log.debug("checkPermission({}, {})", absPath, permission + "");
128 super.checkPermission(absPath, permission);
129 }
130
131 @Override
132 protected void checkValidNodePath(String absPath) throws PathNotFoundException, RepositoryException {
133 log.debug("checkValidNodePath({})", absPath);
134 super.checkValidNodePath(absPath);
135 }
136
137 @Override
138 public void close() throws Exception {
139 log.debug("{}:close()", this);
140 super.close();
141 }
142
143 @Override
144 public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException,
145 UnsupportedRepositoryOperationException, RepositoryException {
146 log.debug("getApplicablePolicies({})", principal);
147 return super.getApplicablePolicies(principal);
148 }
149
150 @Override
151 public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
152 log.debug("getApplicablePolicies({})", absPath);
153 return super.getApplicablePolicies(absPath);
154 }
155
156 @Override
157 public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws AccessDeniedException, AccessControlException,
158 UnsupportedRepositoryOperationException, RepositoryException {
159 log.debug("getEffectivePolicies({})", principals);
160 return super.getEffectivePolicies(principals);
161 }
162
163 @Override
164 public AccessControlPolicy[] getEffectivePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
165 log.debug("getEffectivePolicies({})", absPath);
166 return super.getEffectivePolicies(absPath);
167 }
168
169 @Override
170 public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessDeniedException, AccessControlException,
171 UnsupportedRepositoryOperationException, RepositoryException {
172 log.debug("getPolicies({})", principal);
173 return super.getPolicies(principal);
174 }
175
176 @Override
177 public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
178 log.debug("getPolicies({})", absPath);
179 return super.getPolicies(absPath);
180 }
181
182 @Override
183 public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, RepositoryException {
184 log.debug("getPrivileges({}, {})", absPath, principals);
185 return super.getPrivileges(absPath, principals);
186 }
187
188 @Override
189 public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
190 log.debug("getPrivileges({})", absPath);
191 return super.getPrivileges(absPath);
192 }
193
194 @Override
195 public boolean hasPrivileges(String absPath, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
196 log.debug("hasPrivileges({}, {})", absPath, privileges);
197 return super.hasPrivileges(absPath, privileges);
198 }
199
200 @Override
201 public boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
202 log.debug("hasPrivileges({}, {}, {})", new Object[] {absPath, principals, privileges});
203 return super.hasPrivileges(absPath, principals, privileges);
204 }
205
206 @Override
207 public void init(AMContext amContext, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager) throws AccessDeniedException, Exception {
208 log.debug("{}:init({}, {}, {})", new Object[] {this, amContext, acProvider, wspAccessManager});
209 super.init(amContext, acProvider, wspAccessManager);
210 this.amctx = amContext;
211 }
212
213 @Override
214 public void init(final AMContext amContext) throws AccessDeniedException, Exception {
215 super.init(amContext);
216 this.amctx = amContext;
217
218 final String user = this.amctx.getSubject().getPrincipals().iterator().next().getName();
219 log.debug("{}:init({})", user, amContext);
220 }
221
222 @Override
223 public boolean isGranted(ItemId id, int actions) throws ItemNotFoundException, RepositoryException {
224 log.debug("isGranted({}, {})", id, actions);
225 return super.isGranted(id, actions);
226 }
227
228 @Override
229 public boolean isGranted(Path absPath, int permissions) throws RepositoryException {
230 log.debug("isGranted({}:{}, {})", new Object[] {amctx.getWorkspaceName(), absPath, permissions});
231 return super.isGranted(absPath, permissions);
232 }
233
234 @Override
235 public boolean isGranted(Path parentPath, Name childName, int permissions) throws RepositoryException {
236 log.debug("isGranted({}, {}, {})", new Object[] {parentPath, childName, permissions});
237 return super.isGranted(parentPath, childName, permissions);
238 }
239
240 @Override
241 public void removePolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException,
242 RepositoryException {
243 log.debug("removePolicy({}, {})", absPath, policy);
244 super.removePolicy(absPath, policy);
245 }
246
247 @Override
248 public void setPolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException,
249 RepositoryException {
250 log.debug("setPolicy({}, {})", absPath, policy);
251 super.setPolicy(absPath, policy);
252 }
253 }