incubator-graffito-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From clomb...@apache.org
Subject svn commit: r353842 - in /incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr: security/ transaction/ transaction/jackrabbit/
Date Sun, 04 Dec 2005 10:14:14 GMT
Author: clombart
Date: Sun Dec  4 02:14:07 2005
New Revision: 353842

URL: http://svn.apache.org/viewcvs?rev=353842&view=rev
Log:
Move jcr-mapping project

Added:
    incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/
    incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleAccessManager.java
    incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleLoginModule.java
    incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/transaction/
    incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/transaction/jackrabbit/
    incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/transaction/jackrabbit/UserTransactionImpl.java

Added: incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleAccessManager.java
URL: http://svn.apache.org/viewcvs/incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleAccessManager.java?rev=353842&view=auto
==============================================================================
--- incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleAccessManager.java
(added)
+++ incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleAccessManager.java
Sun Dec  4 02:14:07 2005
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.portals.graffito.jcr.security;
+
+import org.apache.jackrabbit.core.HierarchyManager;
+import org.apache.jackrabbit.core.ItemId;
+import org.apache.jackrabbit.core.security.AMContext;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.core.security.AnonymousPrincipal;
+import org.apache.jackrabbit.core.security.SystemPrincipal;
+import org.apache.log4j.Logger;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.RepositoryException;
+import javax.security.auth.Subject;
+
+/**
+ * <code>SimpleAccessManager</code> ...
+ */
+public class SimpleAccessManager implements AccessManager
+{
+
+	private static Logger log = Logger.getLogger(SimpleAccessManager.class);
+
+	/**
+	 * Subject whose access rights this AccessManager should reflect
+	 */
+	protected Subject subject;
+
+	/**
+	 * hierarchy manager used for ACL-based access control model
+	 */
+	protected HierarchyManager hierMgr;
+
+	private boolean initialized;
+
+	protected boolean system;
+
+	protected boolean anonymous;
+
+	/**
+	 * Empty constructor
+	 */
+	public SimpleAccessManager()
+	{
+		initialized = false;
+		anonymous = false;
+		system = false;
+	}
+
+	//--------------------------------------------------------< AccessManager >
+	/**
+	 * {@inheritDoc}
+	 */
+	public void init(AMContext context) throws AccessDeniedException, Exception
+	{
+		if (initialized)
+		{
+			throw new IllegalStateException("already initialized");
+		}
+
+		subject = context.getSubject();
+		hierMgr = context.getHierarchyManager();
+		anonymous = !subject.getPrincipals(AnonymousPrincipal.class).isEmpty();
+		system = !subject.getPrincipals(SystemPrincipal.class).isEmpty();
+
+		// @todo check permission to access given workspace based on principals
+		initialized = true;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public synchronized void close() throws Exception
+	{
+		if (!initialized)
+		{
+			throw new IllegalStateException("not initialized");
+		}
+
+		initialized = false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void checkPermission(ItemId id, int permissions) throws AccessDeniedException, ItemNotFoundException,
RepositoryException
+	{
+		if (!initialized)
+		{
+			throw new IllegalStateException("not initialized");
+		}
+
+		if (system)
+		{
+			// system has always all permissions
+			return;
+		}
+		else if (anonymous)
+		{
+			// anonymous is always denied WRITE & REMOVE premissions
+			if ((permissions & WRITE) == WRITE || (permissions & REMOVE) == REMOVE)
+			{
+				throw new AccessDeniedException();
+			}
+		}
+		// @todo check permission based on principals
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isGranted(ItemId id, int permissions) throws ItemNotFoundException, RepositoryException
+	{
+		if (!initialized)
+		{
+			throw new IllegalStateException("not initialized");
+		}
+
+		if (system)
+		{
+			// system has always all permissions
+			return true;
+		}
+		else if (anonymous)
+		{
+			// anonymous is always denied WRITE & REMOVE premissions
+			if ((permissions & WRITE) == WRITE || (permissions & REMOVE) == REMOVE)
+			{
+				return false;
+			}
+		}
+
+		// @todo check permission based on principals
+		return true;
+	
+		
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean canAccess(String workspaceName) throws NoSuchWorkspaceException, RepositoryException
+	{
+		// @todo check permission to access given workspace based on principals
+		return true;
+	}
+}

Added: incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleLoginModule.java
URL: http://svn.apache.org/viewcvs/incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleLoginModule.java?rev=353842&view=auto
==============================================================================
--- incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleLoginModule.java
(added)
+++ incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/security/SimpleLoginModule.java
Sun Dec  4 02:14:07 2005
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.portals.graffito.jcr.security;
+
+import org.apache.jackrabbit.core.security.AnonymousPrincipal;
+import org.apache.jackrabbit.core.security.CredentialsCallback;
+import org.apache.jackrabbit.core.security.SecurityConstants;
+import org.apache.jackrabbit.core.security.UserPrincipal;
+import org.apache.log4j.Logger;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * A <code>SimpleLoginModule</code> ...
+ */
+public class SimpleLoginModule implements LoginModule
+{
+
+	private static Logger log = Logger.getLogger(SimpleLoginModule.class);
+
+	/**
+	 * Name of the anonymous user id option in the LoginModule configuration
+	 */
+	private static final String OPT_ANONYMOUS = "anonymousId";
+
+	/**
+	 * The default user id for anonymous login
+	 */
+	private static final String DEFAULT_ANONYMOUS_ID = "anonymous";
+
+	// initial state
+	private Subject subject;
+
+	private CallbackHandler callbackHandler;
+
+	private Map sharedState;
+
+	private Map options;
+
+	// configurable options
+	//private boolean someOpt = false;
+
+	// local authentication state:
+	// the principals, i.e. the authenticated identities
+	private final Set principals = new HashSet();
+
+	/**
+	 * Id of an anonymous user login
+	 */
+	private String anonymousUserId = DEFAULT_ANONYMOUS_ID;
+
+	/**
+	 * Constructor
+	 */
+	public SimpleLoginModule()
+	{
+	}
+
+	//----------------------------------------------------------< LoginModule >
+	/**
+	 * {@inheritDoc}
+	 */
+	public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState,
Map options)
+	{
+		this.subject = subject;
+		this.callbackHandler = callbackHandler;
+		this.sharedState = sharedState;
+		this.options = options;
+
+		// initialize any configured options
+		//someOpt = "true".equalsIgnoreCase((String)options.get("someOpt"));
+		String userId = (String) options.get(OPT_ANONYMOUS);
+		if (userId != null)
+		{
+			anonymousUserId = userId;
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean login() throws LoginException
+	{
+		// prompt for a user name and password
+		if (callbackHandler == null)
+		{
+			throw new LoginException("no CallbackHandler available");
+		}
+
+		Callback[] callbacks = new Callback[]
+		{ new CredentialsCallback() };
+
+		boolean authenticated = false;
+		principals.clear();
+		try
+		{
+			callbackHandler.handle(callbacks);
+			// credentials
+			CredentialsCallback ccb = (CredentialsCallback) callbacks[0];
+			Credentials creds = ccb.getCredentials();
+			if (creds != null)
+			{
+				if (creds instanceof SimpleCredentials)
+				{
+					SimpleCredentials sc = (SimpleCredentials) creds;
+					// authenticate
+
+					Object attr = sc.getAttribute(SecurityConstants.IMPERSONATOR_ATTRIBUTE);
+					if (attr != null && attr instanceof Subject)
+					{
+						Subject impersonator = (Subject) attr;
+						// @todo check privileges to 'impersonate' the user represented by the supplied credentials
+					}
+					else
+					{
+						// @todo implement simple username/password authentication
+					}
+
+					if (anonymousUserId.equals(sc.getUserID()))
+					{
+						principals.add(new AnonymousPrincipal());
+					}
+					else
+					{
+						// else assume the user we authenticated is the UserPrincipal
+						principals.add(new UserPrincipal(sc.getUserID()));
+					}
+					authenticated = true;
+				}
+			}
+		}
+		catch (java.io.IOException ioe)
+		{
+			throw new LoginException(ioe.toString());
+		}
+		catch (UnsupportedCallbackException uce)
+		{
+			throw new LoginException(uce.getCallback().toString() + " not available");
+		}
+
+		if (authenticated)
+		{
+			return !principals.isEmpty();
+		}
+		else
+		{
+			// authentication failed: clean out state
+			principals.clear();
+			throw new FailedLoginException();
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean commit() throws LoginException
+	{
+		if (principals.isEmpty())
+		{
+			return false;
+		}
+		else
+		{
+			// add a principals (authenticated identities) to the Subject
+			subject.getPrincipals().addAll(principals);
+			return true;
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean abort() throws LoginException
+	{
+		if (principals.isEmpty())
+		{
+			return false;
+		}
+		else
+		{
+			logout();
+		}
+		return true;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean logout() throws LoginException
+	{
+		subject.getPrincipals().removeAll(principals);
+		principals.clear();
+		return true;
+	}
+}

Added: incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/transaction/jackrabbit/UserTransactionImpl.java
URL: http://svn.apache.org/viewcvs/incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/transaction/jackrabbit/UserTransactionImpl.java?rev=353842&view=auto
==============================================================================
--- incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/transaction/jackrabbit/UserTransactionImpl.java
(added)
+++ incubator/graffito/trunk/jcr-mapping/src/java/org/apache/portals/graffito/jcr/transaction/jackrabbit/UserTransactionImpl.java
Sun Dec  4 02:14:07 2005
@@ -0,0 +1,213 @@
+/*
+ * Copyright 2004-2005 The Apache Software Foundation or its licensors,
+ *                     as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.portals.graffito.jcr.transaction.jackrabbit;
+
+import javax.transaction.xa.XAResource;
+import javax.transaction.xa.Xid;
+import javax.transaction.xa.XAException;
+import javax.transaction.UserTransaction;
+import javax.transaction.Status;
+import javax.transaction.NotSupportedException;
+import javax.transaction.SystemException;
+import javax.transaction.HeuristicMixedException;
+import javax.transaction.HeuristicRollbackException;
+import javax.transaction.RollbackException;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.core.XASession;
+
+/**
+ * Internal {@link javax.transaction.UserTransaction} implementation.
+ */
+public class UserTransactionImpl implements UserTransaction {
+
+    /**
+     * Global transaction id counter
+     */
+    private static byte counter = 0;
+
+    /**
+     * XAResource
+     */
+    private final XAResource xares;
+
+    /**
+     * Xid
+     */
+    private Xid xid;
+
+    /**
+     * Status
+     */
+    private int status = Status.STATUS_NO_TRANSACTION;
+
+    /**
+     * Create a new instance of this class. Takes a session as parameter.
+     * @param session session. If session is not of type
+     * {@link XASession}, an <code>IllegalArgumentException</code>
+     * is thrown
+     */
+    public UserTransactionImpl(Session session) {
+        if (session instanceof XASession) {
+            xares = ((XASession) session).getXAResource();
+        } else {
+            throw new IllegalArgumentException("Session not of type XASession");
+        }
+    }
+
+    /**
+     * @see javax.transaction.UserTransaction#begin
+     */
+    public void begin() throws NotSupportedException, SystemException {
+        if (status != Status.STATUS_NO_TRANSACTION) {
+            throw new IllegalStateException("Transaction already active");
+        }
+
+        try {
+            xid = new XidImpl(counter++);
+            xares.start(xid, XAResource.TMNOFLAGS);
+            status = Status.STATUS_ACTIVE;
+
+        } catch (XAException e) {
+
+            throw new SystemException("Unable to begin transaction: " +
+                    "XA_ERR=" + e.errorCode);
+        }
+    }
+
+    /**
+     * @see javax.transaction.UserTransaction#commit
+     */
+    public void commit() throws HeuristicMixedException,
+            HeuristicRollbackException, IllegalStateException,
+            RollbackException, SecurityException, SystemException {
+
+        if (status != Status.STATUS_ACTIVE) {
+            throw new IllegalStateException("Transaction not active");
+        }
+
+        try {
+            xares.end(xid, XAResource.TMSUCCESS);
+
+            status = Status.STATUS_PREPARING;
+            xares.prepare(xid);
+            status = Status.STATUS_PREPARED;
+
+            status = Status.STATUS_COMMITTING;
+            xares.commit(xid, false);
+            status = Status.STATUS_COMMITTED;
+
+        } catch (XAException e) {
+
+            if (e.errorCode >= XAException.XA_RBBASE &&
+                    e.errorCode <= XAException.XA_RBEND) {
+                throw new RollbackException();
+            } else {
+                throw new SystemException("Unable to commit transaction: " +
+                    "XA_ERR=" + e.errorCode);
+            }
+        }
+    }
+
+    /**
+     * @see javax.transaction.UserTransaction#getStatus
+     */
+    public int getStatus() throws SystemException {
+        return status;
+    }
+
+    /**
+     * @see javax.transaction.UserTransaction#rollback
+     */
+    public void rollback() throws IllegalStateException, SecurityException,
+            SystemException {
+
+        if (status != Status.STATUS_ACTIVE &&
+                status != Status.STATUS_MARKED_ROLLBACK) {
+
+            throw new IllegalStateException("Transaction not active");
+        }
+
+        try {
+            xares.end(xid, XAResource.TMFAIL);
+
+            status = Status.STATUS_ROLLING_BACK;
+            xares.rollback(xid);
+            status = Status.STATUS_ROLLEDBACK;
+
+        } catch (XAException e) {
+
+            throw new SystemException("Unable to rollback transaction: " +
+                    "XA_ERR=" + e.errorCode);
+        }
+    }
+
+    /**
+     * @see javax.transaction.UserTransaction#setRollbackOnly()
+     */
+    public void setRollbackOnly() throws IllegalStateException, SystemException {
+        if (status != Status.STATUS_ACTIVE) {
+            throw new IllegalStateException("Transaction not active");
+        }
+        status = Status.STATUS_MARKED_ROLLBACK;
+    }
+
+    /**
+     * @see javax.transaction.UserTransaction#setTransactionTimeout
+     */
+    public void setTransactionTimeout(int seconds) throws SystemException {}
+
+
+    /**
+     * Internal {@link Xid} implementation.
+     */
+    class XidImpl implements Xid {
+
+        /** Global transaction id */
+        private final byte[] globalTxId;
+
+        /**
+         * Create a new instance of this class. Takes a global
+         * transaction number as parameter
+         * @param globalTxNumber global transaction number
+         */
+        public XidImpl(byte globalTxNumber) {
+            this.globalTxId = new byte[] { globalTxNumber };
+        }
+
+        /**
+         * @see javax.transaction.xa.Xid#getFormatId()
+         */
+        public int getFormatId() {
+            return 0;
+        }
+
+        /**
+         * @see javax.transaction.xa.Xid#getBranchQualifier()
+         */
+        public byte[] getBranchQualifier() {
+            return new byte[0];
+        }
+
+        /**
+         * @see javax.transaction.xa.Xid#getGlobalTransactionId()
+         */
+        public byte[] getGlobalTransactionId() {
+            return globalTxId;
+        }
+    }
+}



Mime
View raw message