incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vram...@apache.org
Subject svn commit: r768086 - in /incubator/sling/trunk/bundles/jcr/jackrabbit-server: ./ src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/ src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/ src/main/java/org/apache/sling/jcr/jackrabb...
Date Thu, 23 Apr 2009 23:04:27 GMT
Author: vramdal
Date: Thu Apr 23 23:04:26 2009
New Revision: 768086

URL: http://svn.apache.org/viewvc?rev=768086&view=rev
Log:
SLING-880 Adding support for a pluggable accessmanager

Added:
    incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java
    incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java
    incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/
    incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java
    incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java
    incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java
Modified:
    incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml
    incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java
    incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF

Modified: incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml?rev=768086&r1=768085&r2=768086&view=diff
==============================================================================
--- incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml (original)
+++ incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml Thu Apr 23 23:04:26 2009
@@ -167,7 +167,8 @@
                                             org.apache.sling.jcr.jackrabbit.server.Activator
                                         </Bundle-Activator>
                                         <Export-Package>
-                                        	org.apache.sling.jcr.jackrabbit.server.security
+                                        	org.apache.sling.jcr.jackrabbit.server.security.*,
+                                            org.apache.jackrabbit.core.security.principal
                                         </Export-Package>
                                         <Private-Package>
                                             org.apache.sling.jcr.jackrabbit.server.impl.*

Added: incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java?rev=768086&view=auto
==============================================================================
--- incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java
(added)
+++ incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.impl;
+
+import org.apache.sling.jcr.jackrabbit.server.impl.security.PluggableDefaultAccessManager;
+import org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPluginFactory;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+import org.osgi.util.tracker.ServiceTracker;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * Tracks the existence of an <code>AccessManagerPluginFactory</code>.
+ */
+public class AccessManagerFactoryTracker extends ServiceTracker {
+
+    private AccessManagerPluginFactory factory;
+    private BundleContext bundleContext;
+    private Set<PluggableDefaultAccessManager> consumers = new HashSet<PluggableDefaultAccessManager>();
+
+    private static final Logger log = LoggerFactory.getLogger(AccessManagerFactoryTracker.class);
+
+
+    public AccessManagerFactoryTracker(BundleContext bundleContext) {
+        super(bundleContext, AccessManagerPluginFactory.class.getName(), null);
+        this.bundleContext = bundleContext;
+    }
+
+    @Override
+    public Object addingService(ServiceReference serviceReference) {
+        log.info("AccessManager service added.");
+        closeSessions();
+        this.factory = (AccessManagerPluginFactory) bundleContext.getService(serviceReference);
+        return super.addingService(serviceReference);
+    }
+
+    @Override
+    public void removedService(ServiceReference serviceReference, Object o) {
+        log.warn("AccessManager service removed.");
+        this.factory = null;
+        // Make a copy of consumers list to avoid concurrent modification
+        closeSessions();
+        super.removedService(serviceReference, o);
+    }
+
+    private void closeSessions() {
+        log.warn("Closing all sessions");
+        Set<PluggableDefaultAccessManager> closing = new HashSet<PluggableDefaultAccessManager>(consumers);
+        for (PluggableDefaultAccessManager consumer : closing) {
+            try {
+                consumer.endSession();
+            } catch (Throwable throwable) {
+                log.warn("Error closing a PluggableDefaultAccessManager", throwable);
+            }
+        }
+    }
+
+    @Override
+    public void modifiedService(ServiceReference serviceReference, Object o) {
+        log.info("AccessManager service modified.");
+        super.modifiedService(serviceReference, o);
+        this.factory = (AccessManagerPluginFactory) o;
+    }
+
+    public AccessManagerPluginFactory getFactory(PluggableDefaultAccessManager consumer)
{
+        log.info("Registering PluggableDefaultAccessManager instance");
+        this.consumers.add(consumer);
+        return factory;
+    }
+
+    public void unregister(PluggableDefaultAccessManager consumer) {
+        log.info("Unregistering PluggableDefaultAccessManager instance");
+        this.consumers.remove(consumer);
+    }
+}

Modified: incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java?rev=768086&r1=768085&r2=768086&view=diff
==============================================================================
--- incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java
(original)
+++ incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java
Thu Apr 23 23:04:26 2009
@@ -79,8 +79,14 @@
     // empty list of login modules if there are none registered
     private static LoginModulePlugin[] EMPTY = new LoginModulePlugin[0];
 
+//    private static AccessManagerPluginFactory accessManagerFactory;
+//    private static ServiceTracker accessManagerFactoryTracker;
+//  private static int accessManagerCount = -1;
+
     // the name of the default sling context
     private String slingContext;
+    private static AccessManagerFactoryTracker accessManagerFactoryTracker;
+//    protected static ServiceTrackerCustomizer serviceTrackerCustomizer;
 
     protected String getRepositoryName() {
     	String repoName = bundleContext.getProperty("sling.repository.name");
@@ -123,6 +129,10 @@
                     ise);
             }
         }
+        if (accessManagerFactoryTracker == null) {
+            accessManagerFactoryTracker = new AccessManagerFactoryTracker(bundleContext);
+        }
+        accessManagerFactoryTracker.open();
     }
 
     public void stop(BundleContext arg0) {
@@ -150,6 +160,11 @@
             loginModuleTracker.close();
             loginModuleTracker = null;
         }
+
+        if (accessManagerFactoryTracker != null) {
+            accessManagerFactoryTracker.close();
+            accessManagerFactoryTracker = null;
+        }
         
         // clear the bundle context field
         bundleContext = null;
@@ -210,6 +225,10 @@
         return moduleCache;
     }
 
+    public static AccessManagerFactoryTracker getAccessManagerFactoryTracker() {
+        return accessManagerFactoryTracker;
+    }
+
     // ---------- internal -----------------------------------------------------
 
     private void verifyConfiguration(ServiceReference ref) {
@@ -329,5 +348,5 @@
         SlingServerRepository.copyFile(bundleContext.getBundle(), "repository.xml", configFile);
     	return configFile;
     }
-    
+
 }

Added: incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java?rev=768086&view=auto
==============================================================================
--- incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java
(added)
+++ incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,171 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.impl.security;
+
+import org.apache.jackrabbit.core.HierarchyManager;
+import org.apache.jackrabbit.core.ItemId;
+import org.apache.jackrabbit.core.security.AMContext;
+import org.apache.jackrabbit.core.security.DefaultAccessManager;
+import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.Path;
+import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
+import org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPlugin;
+import org.apache.sling.jcr.jackrabbit.server.security.accessmanager.WorkspaceAccessManagerPlugin;
+import org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPluginFactory;
+import org.apache.sling.jcr.jackrabbit.server.impl.Activator;
+import org.apache.sling.jcr.jackrabbit.server.impl.AccessManagerFactoryTracker;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.security.auth.Subject;
+
+/**
+ * Allows to plugin a custom <code>AccessManager</code> as an OSGi bundle:
+ * <ol>
+ *   <li>Set this class as <code>AccessManager</code> in your <code>repository.xml</code></li>
+ *   <li>Implement <code>o.a.s.j.j.s.s.a.AccessManagerPluginFactory</code></li>
+ * </ol>
+ *
+ * <p>If <code>PluggableDefaultAccessManager</code> is specified in <code>repository.xml</code>,
and no
+ * implementation of <code>AccessManagerPluginFactory</code> exists, all calls
will fall back
+ * to <code>DefaultAccessManager</code>.</p>
+ *
+ * <p>See also <a href="https://issues.apache.org/jira/browse/SLING-880">SLING-880</a></p>
+ * @see AccessManagerPluginFactory
+ */
+public class PluggableDefaultAccessManager extends DefaultAccessManager {
+
+    /** @scr.reference */ @SuppressWarnings({"UnusedDeclaration"})
+    private AccessManagerPlugin accessManagerPlugin;
+    private NamePathResolver namePathResolver;
+    private HierarchyManager hierarchyManager;
+    private static final Logger log = LoggerFactory.getLogger(PluggableDefaultAccessManager.class);
+    protected AccessManagerPluginFactory accessManagerFactory;
+    protected AccessManagerFactoryTracker accessManagerFactoryTracker;
+    private Session session;
+    private Subject subject;
+
+    public PluggableDefaultAccessManager() {
+    }
+
+    protected AccessManagerPluginFactory getAccessManagerFactory() {
+        return accessManagerFactoryTracker.getFactory(this);
+    }
+
+    public void init(AMContext context) throws AccessDeniedException, Exception {
+        this.init(context, null, null);
+    }
+
+    public void init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager
wspAccessMgr) throws AccessDeniedException, Exception {
+        accessManagerFactoryTracker = Activator.getAccessManagerFactoryTracker();
+        accessManagerFactory = getAccessManagerFactory();
+        if (accessManagerFactory != null) {
+            this.accessManagerPlugin = accessManagerFactory.getAccessManager();
+        }
+        this.sanityCheck();
+        super.init(context, acProvider, wspAccessMgr);
+        this.namePathResolver = context.getNamePathResolver();
+        this.hierarchyManager = context.getHierarchyManager();
+        if (this.accessManagerPlugin != null) {
+            this.accessManagerPlugin.init(context.getSubject(), context.getSession());
+        }
+        this.session = context.getSession();
+        this.subject = context.getSubject();
+
+    }
+
+    public void close() throws Exception {
+        this.accessManagerFactoryTracker.unregister(this);
+        super.close();
+        if (this.accessManagerPlugin != null) {
+            this.accessManagerPlugin.close();
+        }
+    }
+
+    public void endSession() {
+        if (this.session != null && this.session.isLive()) {
+            this.session.logout();
+        }
+    }
+
+    public void checkPermission(ItemId id, int permissions) throws AccessDeniedException,
ItemNotFoundException, RepositoryException {
+        this.sanityCheck();
+        super.checkPermission(id, permissions);
+    }
+
+    public boolean isGranted(ItemId id, int permissions) throws ItemNotFoundException, RepositoryException
{
+        return this.isGranted(this.hierarchyManager.getPath(id), permissions);
+    }
+
+    public boolean isGranted(Path absPath, int permissions) throws RepositoryException {
+        if (this.sanityCheck()) {
+            return this.accessManagerPlugin.isGranted(namePathResolver.getJCRPath(absPath),
permissions);
+        } else {
+            return super.isGranted(absPath, permissions);
+        }
+    }
+
+    public boolean isGranted(Path parentPath, Name childName, int permissions) throws RepositoryException
{
+        return super.isGranted(parentPath, childName, permissions);
+    }
+
+    public boolean canRead(Path itemPath) throws RepositoryException {
+        if (this.sanityCheck()) {
+            return this.accessManagerPlugin.canRead(namePathResolver.getJCRPath(itemPath));
+        } else {
+            return super.canRead(itemPath);
+        }
+    }
+
+    public boolean canAccess(String workspaceName) throws RepositoryException {
+        WorkspaceAccessManagerPlugin plugin = null;
+        if (this.sanityCheck()) {
+            plugin = this.accessManagerPlugin.getWorkspaceAccessManager();
+        }
+        if (plugin != null) {
+            return plugin.canAccess(workspaceName);
+        } else {
+            return super.canAccess(workspaceName);
+        }
+    }
+
+    private boolean sanityCheck() throws RepositoryException {
+        if (this.accessManagerPlugin == null) {
+            AccessManagerPluginFactory factory = this.accessManagerFactoryTracker.getFactory(this);
+            if (factory == null) {
+                log.warn("No pluggable AccessManager available, falling back to DefaultAccessManager");
+                return false;
+
+            } else {
+                this.accessManagerPlugin = factory.getAccessManager();
+                try {
+                    this.accessManagerPlugin.init(this.subject, this.session);
+                } catch (Exception e) {
+                    throw new RepositoryException(e);
+                }
+            }
+        }
+        return true;
+    }
+}

Added: incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java?rev=768086&view=auto
==============================================================================
--- incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java
(added)
+++ incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.security.accessmanager;
+
+import org.apache.jackrabbit.core.security.authorization.Permission;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.security.auth.Subject;
+
+/**
+ * A simplified AccessManager interface. 
+ */
+public interface AccessManagerPlugin {
+
+    public static final int READ = Permission.READ;
+    public static final int ADD_NODE = Permission.ADD_NODE;
+    public static final int REMOVE_NODE = Permission.REMOVE_NODE;
+    public static final int SET_PROPERTY = Permission.SET_PROPERTY;
+    public static final int REMOVE_PROPERTY = Permission.REMOVE_PROPERTY;
+    public static final int ALL = Permission.ALL;
+    public static final int NONE = Permission.NONE;
+
+    /**
+     * Initialize this access manager. An <code>AccessDeniedException</code>
will
+     * be thrown if the subject of the given <code>context</code> is not
+     * granted access to the specified workspace.
+     *
+     * @param subject The authenticated Subject
+     * @param session The current JCR session
+     */
+    void init(Subject subject, Session session) throws AccessDeniedException, Exception;
+
+    /**
+     * Close this access manager. After having closed an access manager,
+     * further operations on this object are treated as illegal and throw
+     *
+     * @throws Exception if an error occurs
+     */
+    void close() throws Exception;
+
+    /**
+     * Determines whether the specified <code>permissions</code> are granted
+     * on the item with the specified <code>absPath</code> (i.e. the <i>target</i>
+     * item, that may or may not yet exist).
+     *
+     * @param absPath     the absolute path to test
+     * @param permissions A combination of one or more of the following constants
+     *                    encoded as a bitmask value:
+     * <ul>
+     * <li>{@link org.apache.jackrabbit.core.security.authorization.Permission#READ
READ}</li>
+     * <li>{@link org.apache.jackrabbit.core.security.authorization.Permission#ADD_NODE
ADD_NODE}</code></li>
+     * <li>{@link org.apache.jackrabbit.core.security.authorization.Permission#REMOVE_NODE
REMOVE_NODE}</li>
+     * <li>{@link org.apache.jackrabbit.core.security.authorization.Permission#SET_PROPERTY
SET_PROPERTY}</li>
+     * <li>{@link org.apache.jackrabbit.core.security.authorization.Permission#REMOVE_PROPERTY
REMOVE_PROPERTY}</li>
+     * </ul>
+     * @return <code>true</code> if the specified permissions are granted;
+     * otherwise <code>false</code>.
+     * @throws RepositoryException if an error occurs.
+     */
+    boolean isGranted(String absPath, int permissions) throws RepositoryException;
+
+    /**
+     * Determines whether the item at the specified absolute path can be read.
+     *
+     * @param itemPath Absolute path to the item being accessed
+     * @return <code>true</code> if the item can be read; otherwise <code>false</code>.
+     * @throws RepositoryException if an error occurs.
+     */
+    boolean canRead(String itemPath) throws RepositoryException;
+
+    /**
+     * Returns the <code>WorkspaceAccessManagerPlugin</code> to be used for checking
Workspace access.
+     * If <code>null</code> is returned, the default <code>WorkspaceAccessManager</code>
will be used.
+     * @return An implementation of <code>WorkspaceAccessManagerPlugin</code>,
or <code>null</code> to use
+     * the default <code>WorkspaceAccessManager</code>.
+     *  */
+    WorkspaceAccessManagerPlugin getWorkspaceAccessManager();
+
+}

Added: incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java?rev=768086&view=auto
==============================================================================
--- incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java
(added)
+++ incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.security.accessmanager;
+
+/**
+ * <p>Implementations of this interface, provided as an OSGi service,
+ * will be used by {@link org.apache.sling.jcr.jackrabbit.server.impl.security.PluggableDefaultAccessManager
+ * PluggableDefaultAccessManager}.</p>
+ * <p>This makes it possible to use a custom <code>AccessManager</code>
with Sling.</p>
+ * <p>See <a href="https://issues.apache.org/jira/browse/SLING-880">SLING-880</a></p>
+ */
+public interface AccessManagerPluginFactory {
+
+    AccessManagerPlugin getAccessManager();
+
+}

Added: incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java?rev=768086&view=auto
==============================================================================
--- incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java
(added)
+++ incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.security.accessmanager;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * An <code>AccessManagerPlugin</code> can define its own <code>WorkspaceAccessManagerPlugin</code>,
+ * if desired.
+ * @see org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPlugin#getWorkspaceAccessManager()
+ */
+public interface WorkspaceAccessManagerPlugin {
+
+    /**
+     * Determines whether the subject of the current context is granted access
+     * to the given workspace. Note that an implementation is free to test for
+     * the existance of a workspace with the specified name. In this case
+     * the expected return value is <code>false</code>, if no such workspace
+     * exists.
+     *
+     * @param workspaceName name of workspace
+     * @return <code>true</code> if the subject of the current context is
+     *         granted access to the given workspace; otherwise <code>false</code>.
+     * @throws javax.jcr.RepositoryException if an error occurs.
+     */
+    boolean canAccess(String workspaceName) throws RepositoryException;
+}

Modified: incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF?rev=768086&r1=768085&r2=768086&view=diff
==============================================================================
--- incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF
(original)
+++ incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF
Thu Apr 23 23:04:26 2009
@@ -18,8 +18,15 @@
  erby-10.2.1.6.jar,poi-3.0.2-FINAL.jar,xercesImpl-2.8.1.jar,pdfbox-0.7
  .3.jar,jackrabbit-spi-1.5.0.jar,poi-scratchpad-3.0.2-FINAL.jar
 Export-Package: org.apache.sling.jcr.jackrabbit.server.security;uses:=
- "javax.jcr,javax.security.auth.callback,javax.security.auth.login";ve
- rsion="2.0.3.incubator-SNAPSHOT"
+ "javax.jcr,javax.security.auth.callback,javax.security.auth.login,jav
+ ax.security.auth";version="2.0.3.incubator-SNAPSHOT",org.apache.jackr
+ abbit.core.security.principal;uses:="javax.jcr,org.slf4j,org.apache.c
+ ommons.collections.iterators,org.apache.jackrabbit.api.security.user,
+ org.apache.commons.collections.map,javax.jcr.observation,org.apache.j
+ ackrabbit.api.security.principal,org.apache.commons.collections.set";
+ version="2.0.3.incubator-SNAPSHOT",org.apache.sling.jcr.jackrabbit.se
+ rver.security.accessmanager;uses:="javax.jcr,javax.security.auth";ver
+ sion="2.0.3.incubator-SNAPSHOT"
 Import-Package: javax.jcr,javax.jcr.lock,javax.jcr.nodetype,javax.jcr.
  observation,javax.jcr.query,javax.jcr.util,javax.jcr.version,javax.na
  ming,javax.naming.directory,javax.naming.spi,javax.security.auth,java



Mime
View raw message