Attachment 'SimpleJbossAccessManager.java'

Download

   1 /*
   2  * Licensed to the Apache Software Foundation (ASF) under one or more
   3  * contributor license agreements.  See the NOTICE file distributed with
   4  * this work for additional information regarding copyright ownership.
   5  * The ASF licenses this file to You under the Apache License, Version 2.0
   6  * (the "License"); you may not use this file except in compliance with
   7  * the License.  You may obtain a copy of the License at
   8  *
   9  *      http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  * Unless required by applicable law or agreed to in writing, software
  12  * distributed under the License is distributed on an "AS IS" BASIS,
  13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  * See the License for the specific language governing permissions and
  15  * limitations under the License.
  16  */
  17 package org.apache.jackrabbit.core.security.jboss;
  18 
  19 import java.io.FileInputStream;
  20 import java.security.Principal;
  21 import java.util.Enumeration;
  22 import java.util.Properties;
  23 import java.util.Set;
  24 
  25 import javax.jcr.AccessDeniedException;
  26 import javax.jcr.ItemNotFoundException;
  27 import javax.jcr.NoSuchWorkspaceException;
  28 import javax.jcr.RepositoryException;
  29 import javax.security.auth.Subject;
  30 
  31 import org.apache.jackrabbit.core.HierarchyManager;
  32 import org.apache.jackrabbit.core.ItemId;
  33 import org.apache.jackrabbit.core.security.AMContext;
  34 import org.apache.jackrabbit.core.security.AccessManager;
  35 import org.slf4j.Logger;
  36 import org.slf4j.LoggerFactory;
  37 
  38 public class SimpleJbossAccessManager implements AccessManager {
  39 
  40 
  41     private static Logger log = LoggerFactory.getLogger(SimpleJbossAccessManager.class);
  42 
  43     /**
  44      * Subject whose access rights this AccessManager should reflect
  45      */
  46     protected Subject subject;
  47 
  48     /**
  49      * hierarchy manager used for ACL-based access control model
  50      */
  51     protected HierarchyManager hierMgr;
  52 
  53     private boolean initialized;
  54 
  55     protected boolean system;
  56     protected boolean anonymous;
  57 
  58     /**
  59      * Empty constructor
  60      */
  61     public SimpleJbossAccessManager() {
  62         initialized = false;
  63         anonymous = false;
  64         system = false;
  65     }
  66 
  67     //--------------------------------------------------------< AccessManager >
  68     /**
  69      * {@inheritDoc}
  70      */
  71     public void init(AMContext context)
  72             throws AccessDeniedException, Exception {
  73         if (initialized) {
  74             throw new IllegalStateException("already initialized");
  75         }
  76 
  77         subject = context.getSubject();
  78         hierMgr = context.getHierarchyManager();
  79         Set<Principal> ps = subject.getPrincipals();
  80         
  81         
  82         Properties rolemaps = new Properties();
  83         String rolemaploc = context.getHomeDir() + "/rolemappings.properties";
  84         FileInputStream rolefs = new FileInputStream(rolemaploc);
  85         rolemaps.load(rolefs);
  86         rolefs.close();
  87         log.info("Load jbossgroup role mappings from " + rolemaploc);
  88         
  89         for (Principal p : ps){
  90 //        	log.warn(p.getName());
  91         	if (p.getName().equalsIgnoreCase("Roles")){
  92 //        		log.warn("listing roles:");
  93 //        		log.warn(p.getClass().toString());
  94         		 org.jboss.security.SimpleGroup sg = (org.jboss.security.SimpleGroup)p;
  95         		Enumeration<org.jboss.security.SimplePrincipal> em = sg.members();
  96         		while (em.hasMoreElements()) {
  97         			org.jboss.security.SimplePrincipal myp = em.nextElement();
  98         			String role = rolemaps.getProperty(myp.getName());
  99         			
 100         			if (role != null && role.equalsIgnoreCase("full")){
 101         				system = true;
 102         			}else if (role != null && role.equalsIgnoreCase("read")){
 103         				anonymous = true;
 104         			}
 105 				}
 106         	}
 107         }
 108         
 109 
 110 
 111         // @todo check permission to access given workspace based on principals
 112         initialized = true;
 113     }
 114 
 115     /**
 116      * {@inheritDoc}
 117      */
 118     public synchronized void close() throws Exception {
 119         if (!initialized) {
 120             throw new IllegalStateException("not initialized");
 121         }
 122 
 123         initialized = false;
 124     }
 125 
 126     /**
 127      * {@inheritDoc}
 128      */
 129     public void checkPermission(ItemId id, int permissions)
 130             throws AccessDeniedException, ItemNotFoundException,
 131             RepositoryException {
 132         if (!initialized) {
 133             throw new IllegalStateException("not initialized");
 134         }
 135 
 136         if (system) {
 137             // system has always all permissions
 138             return;
 139         } else if (anonymous) {
 140             // anonymous is always denied WRITE & REMOVE permissions
 141             if ((permissions & WRITE) == WRITE
 142                     || (permissions & REMOVE) == REMOVE) {
 143                 throw new AccessDeniedException();
 144             }
 145         }else{
 146         	//no permissions
 147             throw new AccessDeniedException();
 148         }
 149     }
 150 
 151     /**
 152      * {@inheritDoc}
 153      */
 154     public boolean isGranted(ItemId id, int permissions)
 155             throws ItemNotFoundException, RepositoryException {
 156         if (!initialized) {
 157             throw new IllegalStateException("not initialized");
 158         }
 159 
 160         if (system) {
 161             // system has always all permissions
 162             return true;
 163         } else if (anonymous) {
 164             // anonymous is always denied WRITE & REMOVE premissions
 165             if ((permissions & WRITE) == WRITE
 166                     || (permissions & REMOVE) == REMOVE) {
 167                 return false;
 168             }else{
 169             	return true;
 170             }
 171         }
 172         //default to false
 173         return false;
 174     }
 175 
 176     /**
 177      * {@inheritDoc}
 178      */
 179     public boolean canAccess(String workspaceName)
 180             throws NoSuchWorkspaceException, RepositoryException {
 181     	
 182     	if (system || anonymous) return true;
 183     	
 184     	return false;
 185     }
 186 }

Attached Files

To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.

You are not allowed to attach a file to this page.