jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r799284 - in /jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple: SimpleSecurityManager.java SimpleWorkspaceAccessManager.java
Date Thu, 30 Jul 2009 14:30:44 GMT
Author: angela
Date: Thu Jul 30 14:30:43 2009
New Revision: 799284

URL: http://svn.apache.org/viewvc?rev=799284&view=rev
Log:
 JCR-1588: JSR 283: Access Control

- minor improvement to SimpleSecurityManager
   -> respect workspace access manager config and use SimpleWorkspaceAccessManager as default
   -> explicitely ignore ac-provider config but allow subclasses to overwrite

- add SimpleWorkspaceAccessManager that allows access to every workspace

Added:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleWorkspaceAccessManager.java
Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java?rev=799284&r1=799283&r2=799284&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
Thu Jul 30 14:30:43 2009
@@ -24,12 +24,15 @@
 import org.apache.jackrabbit.core.config.AccessManagerConfig;
 import org.apache.jackrabbit.core.config.LoginModuleConfig;
 import org.apache.jackrabbit.core.config.SecurityConfig;
+import org.apache.jackrabbit.core.config.SecurityManagerConfig;
 import org.apache.jackrabbit.core.security.AMContext;
 import org.apache.jackrabbit.core.security.AccessManager;
 import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
 import org.apache.jackrabbit.core.security.UserPrincipal;
 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
 import org.apache.jackrabbit.core.security.SecurityConstants;
+import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
+import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.core.security.authentication.AuthContext;
 import org.apache.jackrabbit.core.security.authentication.AuthContextProvider;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
@@ -85,6 +88,11 @@
     private PrincipalProviderRegistry principalProviderRegistry;
 
     /**
+     * The workspace access manager
+     */
+    private WorkspaceAccessManager workspaceAccessManager;
+
+    /**
      * factory for login-context {@see Repository#login())
      */
     private AuthContextProvider authCtxProvider;
@@ -92,6 +100,20 @@
     private String adminID;
     private String anonymID;
 
+    /**
+     * Always returns <code>null</code>. AccessControlProvider configuration
+     * is ignored with this security manager. Subclasses may overwrite this
+     * lazy behavior that originates from the <code>SimpleAccessManager</code>.
+     *
+     * @param systemSession The system session used to init the security manager.
+     * @param workspaceName The name of the workspace for which the provider
+     * should be retrieved.
+     * @return Always returns <code>null</code>.
+     */
+    protected AccessControlProvider getAccessControlProvider(Session systemSession, String
workspaceName) {
+        return null;
+    }
+
     //------------------------------------------< JackrabbitSecurityManager >---
     /**
      * @see JackrabbitSecurityManager#init(Repository, Session)
@@ -151,6 +173,16 @@
             principalProviderRegistry.registerProvider(moduleConfig[i]);
         }
 
+        SecurityManagerConfig smc = config.getSecurityManagerConfig();
+        if (smc != null && smc.getWorkspaceAccessConfig() != null) {
+            workspaceAccessManager = (WorkspaceAccessManager) smc.getWorkspaceAccessConfig().newInstance();
+        } else {
+            // fallback -> the default simple implementation
+            log.debug("No WorkspaceAccessManager configured; using default.");
+            workspaceAccessManager = new SimpleWorkspaceAccessManager();
+        }
+        workspaceAccessManager.init(systemSession);
+
         initialized = true;
     }
 
@@ -175,6 +207,9 @@
     public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException
{
         checkInitialized();
         try {
+            String wspName = session.getWorkspace().getName();
+            AccessControlProvider acP = getAccessControlProvider(systemSession, wspName);
+
             AccessManagerConfig amc = config.getAccessManagerConfig();
             AccessManager accessMgr;
             if (amc == null) {
@@ -182,7 +217,7 @@
             } else {
                 accessMgr = (AccessManager) amc.newInstance();
             }
-            accessMgr.init(amContext);
+            accessMgr.init(amContext, acP, workspaceAccessManager);
             return accessMgr;
         } catch (AccessDeniedException ade) {
             // re-throw

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleWorkspaceAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleWorkspaceAccessManager.java?rev=799284&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleWorkspaceAccessManager.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleWorkspaceAccessManager.java
Thu Jul 30 14:30:43 2009
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.simple;
+
+import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
+
+import javax.jcr.Session;
+import javax.jcr.RepositoryException;
+import java.util.Set;
+
+/**
+ * <code>SimpleWorkspaceAccessManager</code> always allows any set of principals
+ * to access any workspace.
+ */
+public class SimpleWorkspaceAccessManager implements WorkspaceAccessManager {
+
+    /**
+     * @see WorkspaceAccessManager#init(Session)
+     */
+    public void init(Session securitySession) {
+        // nothing to do
+    }
+
+    /**
+     * @see WorkspaceAccessManager#close()
+     */
+    public void close() throws RepositoryException {
+        // nothing to do.
+    }
+
+    /**
+     * Always returns <code>true</code> allowing any set of principals to
+     * access all workspaces.
+     *
+     * @see WorkspaceAccessManager#grants(java.util.Set, String)
+     */
+    public boolean grants(Set principals, String workspaceName) throws RepositoryException
{
+        return true;
+    }
+}
\ No newline at end of file



Mime
View raw message