incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r887198 - in /sling/trunk/bundles/jcr/jackrabbit-accessmanager: ./ src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/
Date Fri, 04 Dec 2009 13:56:46 GMT
Author: fmeschbe
Date: Fri Dec  4 13:56:45 2009
New Revision: 887198

URL: http://svn.apache.org/viewvc?rev=887198&view=rev
Log:
SLING-1208 Adapt to an API change between Jackrabbit 1.5 and 1.6: If a node as a access control
policy set, the AccessControlManager.getApplicableAccessControlPolicies() returns an empty
iterator. In this case the getAccessControlPolicies returns the current policies. Also upgraded
dependency to Jackrabbit API to 1.6

Modified:
    sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml
    sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
    sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
    sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java

Modified: sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml?rev=887198&r1=887197&r2=887198&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml (original)
+++ sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml Fri Dec  4 13:56:45 2009
@@ -112,7 +112,7 @@
         <dependency>
             <groupId>org.apache.jackrabbit</groupId>
             <artifactId>jackrabbit-api</artifactId>
-            <version>1.5.0</version>
+            <version>1.6.0</version>
         </dependency>
 		<dependency>
 			<groupId>org.apache.sling</groupId>
@@ -120,11 +120,6 @@
 			<version>2.0.4-incubator</version>
 		</dependency>
 		<dependency>
-			<groupId>org.apache.jackrabbit</groupId>
-			<artifactId>jackrabbit-api</artifactId>
-			<version>1.5.0</version>
-		</dependency>
-		<dependency>
 			<groupId>org.osgi</groupId>
 			<artifactId>org.osgi.core</artifactId>
 		</dependency>

Modified: sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java?rev=887198&r1=887197&r2=887198&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
(original)
+++ sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
Fri Dec  4 13:56:45 2009
@@ -26,6 +26,10 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
 import org.apache.sling.api.SlingHttpServletRequest;
 import org.apache.sling.api.SlingHttpServletResponse;
 import org.apache.sling.api.resource.ResourceNotFoundException;
@@ -39,7 +43,7 @@
 import org.slf4j.LoggerFactory;
 
 /**
- * Base class for all the POST servlets for the AccessManager operations 
+ * Base class for all the POST servlets for the AccessManager operations
  */
 public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet {
 	private static final long serialVersionUID = -5918670409789895333L;
@@ -48,7 +52,7 @@
      * default log
      */
     private final Logger log = LoggerFactory.getLogger(getClass());
-   
+
 	/* (non-Javadoc)
 	 * @see org.apache.sling.api.servlets.SlingAllMethodsServlet#doPost(org.apache.sling.api.SlingHttpServletRequest,
org.apache.sling.api.SlingHttpServletResponse)
 	 */
@@ -76,12 +80,12 @@
         Session session = request.getResourceResolver().adaptTo(Session.class);
 
         final List<Modification> changes = new ArrayList<Modification>();
-       
+
         try {
             handleOperation(request, htmlResponse, changes);
-           
+
             //TODO: maybe handle SlingAuthorizablePostProcessor handlers here
-           
+
             // set changes on html response
             for(Modification change : changes) {
                 switch ( change.getType() ) {
@@ -93,7 +97,7 @@
                     case ORDER : htmlResponse.onChange("ordered", change.getSource(), change.getDestination());
break;
                 }
             }
-           
+
             if (session.hasPendingChanges()) {
                 session.save();
             }
@@ -115,7 +119,7 @@
                     e.getMessage(), e);
             }
         }
-       
+
         // check for redirect URL if processing succeeded
         if (htmlResponse.isSuccessful()) {
             String redirect = getRedirectUrl(request, htmlResponse);
@@ -138,8 +142,8 @@
 	 */
 	abstract protected void handleOperation(SlingHttpServletRequest request,
 			HtmlResponse htmlResponse, List<Modification> changes) throws RepositoryException;
-	
-	
+
+
     /**
      * compute redirect URL (SLING-126)
      *
@@ -213,7 +217,7 @@
             SlingPostConstants.RP_STATUS);
         return true;
     }
-	
+
 	// ------ These methods were copied from AbstractSlingPostOperation ------
 
     /**
@@ -250,5 +254,50 @@
 
         return ret.toString();
     }
-   
+
+    /**
+     * Returns an <code>AccessControlList</code> to edit for the node at the
+     * given <code>resourcePath</code>.
+     *
+     * @param accessControlManager The manager providing access control lists
+     * @param resourcePath The node path for which to return an access control
+     *            list
+     * @param mayCreate <code>true</code> if an access control list should be
+     *            created if the node does not have one yet.
+     * @return The <code>AccessControlList</code> to modify to control access
to
+     *         the node.
+     * @throws RepositoryException If the access control manager does not
+     *             provide a <code>AccessControlPolicy</code> which is an
+     *             <code>AccessControlList</code>.
+     */
+    protected AccessControlList getAccessControlList(
+            final AccessControlManager accessControlManager,
+            final String resourcePath, final boolean mayCreate)
+            throws RepositoryException {
+
+        // check for an existing access control list to edit
+        AccessControlPolicy[] policies = accessControlManager.getPolicies(resourcePath);
+        for (AccessControlPolicy policy : policies) {
+            if (policy instanceof AccessControlList) {
+                return (AccessControlList) policy;
+            }
+        }
+
+        // no existing access control list, try to create if allowed
+        if (mayCreate) {
+            AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(resourcePath);
+            while (applicablePolicies.hasNext()) {
+                AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
+                if (policy instanceof AccessControlList) {
+                    return (AccessControlList) policy;
+                }
+            }
+        }
+
+        // neither an existing nor a create AccessControlList is available, fail
+        throw new RepositoryException(
+            "Unable to find or create an access control policy to update for "
+                + resourcePath);
+
+    }
 }

Modified: sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java?rev=887198&r1=887197&r2=887198&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
(original)
+++ sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
Fri Dec  4 13:56:45 2009
@@ -29,8 +29,6 @@
 import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
 import org.apache.sling.api.SlingHttpServletRequest;
 import org.apache.sling.api.resource.Resource;
 import org.apache.sling.api.resource.ResourceNotFoundException;
@@ -86,7 +84,7 @@
 	protected void handleOperation(SlingHttpServletRequest request,
 			HtmlResponse htmlResponse, List<Modification> changes)
 			throws RepositoryException {
-		
+
         String[] applyTo = request.getParameterValues(SlingPostConstants.RP_APPLY_TO);
         if (applyTo == null) {
 			throw new RepositoryException("principalIds were not sumitted.");
@@ -103,31 +101,20 @@
         			throw new ResourceNotFoundException("Resource is not a JCR Node");
         		}
         	}
-        	
+
     		Session session = request.getResourceResolver().adaptTo(Session.class);
     		if (session == null) {
     			throw new RepositoryException("JCR Session not found");
     		}
-        	
+
     		//load the principalIds array into a set for quick lookup below
 			Set<String> pidSet = new HashSet<String>();
 			pidSet.addAll(Arrays.asList(applyTo));
-			
+
 			try {
 				AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
-				AccessControlList updatedAcl = null;
-				AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(resourcePath);
-				while (applicablePolicies.hasNext()) {
-					AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
-					if (policy instanceof AccessControlList) {
-						updatedAcl = (AccessControlList)policy;
-						break;
-					}
-				}
-				if (updatedAcl == null) {
-					throw new RepositoryException("Unable to find an access control policy to update.");
-				}
-				
+				AccessControlList updatedAcl = getAccessControlList(accessControlManager, resourcePath,
false);
+
 				//keep track of the existing Aces for the target principal
 				AccessControlEntry[] accessControlEntries = updatedAcl.getAccessControlEntries();
 				List<AccessControlEntry> oldAces = new ArrayList<AccessControlEntry>();
@@ -143,7 +130,7 @@
 						updatedAcl.removeAccessControlEntry(ace);
 					}
 				}
-				
+
 				//apply the changed policy
 				accessControlManager.setPolicy(resourcePath, updatedAcl);
 			} catch (RepositoryException re) {

Modified: sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java?rev=887198&r1=887197&r2=887198&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
(original)
+++ sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
Fri Dec  4 13:56:45 2009
@@ -28,8 +28,6 @@
 import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
 import org.apache.jackrabbit.api.jsr283.security.Privilege;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.UserManager;
@@ -132,8 +130,8 @@
     			throw new ResourceNotFoundException("Resource is not a JCR Node");
     		}
     	}
-		
-		
+
+
 		List<String> grantedPrivilegeNames = new ArrayList<String>();
 		List<String> deniedPrivilegeNames = new ArrayList<String>();
 		Enumeration parameterNames = request.getParameterNames();
@@ -158,18 +156,7 @@
 
 		try {
 			AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
-			AccessControlList updatedAcl = null;
-			AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(resourcePath);
-			while (applicablePolicies.hasNext()) {
-				AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
-				if (policy instanceof AccessControlList) {
-					updatedAcl = (AccessControlList)policy;
-					break;
-				}
-			}
-			if (updatedAcl == null) {
-				throw new RepositoryException("Unable to find an access conrol policy to update.");
-			}
+			AccessControlList updatedAcl = getAccessControlList(accessControlManager, resourcePath,
true);
 
 			StringBuilder oldPrivileges = null;
 			StringBuilder newPrivileges = null;
@@ -187,7 +174,7 @@
 						log.debug("Found Existing ACE for principal {0} on resource: ", new Object[] {principalId,
resourcePath});
 					}
 					oldAces.add(ace);
-					
+
 					if (log.isDebugEnabled()) {
 						//collect the information for debug logging
 						boolean isAllow = AccessControlUtil.isAllow(ace);
@@ -213,7 +200,7 @@
 					updatedAcl.removeAccessControlEntry(ace);
 				}
 			}
-			
+
 			//add a fresh ACE with the granted privileges
 			List<Privilege> grantedPrivilegeList = new ArrayList<Privilege>();
 			for (String name : grantedPrivilegeNames) {
@@ -222,7 +209,7 @@
 				}
 				Privilege privilege = accessControlManager.privilegeFromName(name);
 				grantedPrivilegeList.add(privilege);
-					
+
 				if (log.isDebugEnabled()) {
 					if (newPrivileges.length() > 0) {
 						newPrivileges.append(", "); //separate entries by commas



Mime
View raw message