%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.portals.graffito.jcr.security.SimpleAccessManager |
|
|
1 | /* |
|
2 | * Copyright 2004-2005 The Apache Software Foundation or its licensors, |
|
3 | * as applicable. |
|
4 | * |
|
5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
|
6 | * you may not use this file except in compliance with the License. |
|
7 | * You may obtain a copy of the License at |
|
8 | * |
|
9 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
10 | * |
|
11 | * Unless required by applicable law or agreed to in writing, software |
|
12 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
14 | * See the License for the specific language governing permissions and |
|
15 | * limitations under the License. |
|
16 | */ |
|
17 | package org.apache.portals.graffito.jcr.security; |
|
18 | ||
19 | import org.apache.jackrabbit.core.HierarchyManager; |
|
20 | import org.apache.jackrabbit.core.ItemId; |
|
21 | import org.apache.jackrabbit.core.security.AMContext; |
|
22 | import org.apache.jackrabbit.core.security.AccessManager; |
|
23 | import org.apache.jackrabbit.core.security.AnonymousPrincipal; |
|
24 | import org.apache.jackrabbit.core.security.SystemPrincipal; |
|
25 | import org.apache.log4j.Logger; |
|
26 | ||
27 | import javax.jcr.AccessDeniedException; |
|
28 | import javax.jcr.ItemNotFoundException; |
|
29 | import javax.jcr.NoSuchWorkspaceException; |
|
30 | import javax.jcr.RepositoryException; |
|
31 | import javax.security.auth.Subject; |
|
32 | ||
33 | /** |
|
34 | * <code>SimpleAccessManager</code> ... |
|
35 | */ |
|
36 | public class SimpleAccessManager implements AccessManager |
|
37 | { |
|
38 | ||
39 | 0 | private static Logger log = Logger.getLogger(SimpleAccessManager.class); |
40 | ||
41 | /** |
|
42 | * Subject whose access rights this AccessManager should reflect |
|
43 | */ |
|
44 | protected Subject subject; |
|
45 | ||
46 | /** |
|
47 | * hierarchy manager used for ACL-based access control model |
|
48 | */ |
|
49 | protected HierarchyManager hierMgr; |
|
50 | ||
51 | private boolean initialized; |
|
52 | ||
53 | protected boolean system; |
|
54 | ||
55 | protected boolean anonymous; |
|
56 | ||
57 | /** |
|
58 | * Empty constructor |
|
59 | */ |
|
60 | public SimpleAccessManager() |
|
61 | 0 | { |
62 | 0 | initialized = false; |
63 | 0 | anonymous = false; |
64 | 0 | system = false; |
65 | 0 | } |
66 | ||
67 | //--------------------------------------------------------< AccessManager > |
|
68 | /** |
|
69 | * {@inheritDoc} |
|
70 | */ |
|
71 | public void init(AMContext context) throws AccessDeniedException, Exception |
|
72 | { |
|
73 | 0 | if (initialized) |
74 | { |
|
75 | 0 | throw new IllegalStateException("already initialized"); |
76 | } |
|
77 | ||
78 | 0 | subject = context.getSubject(); |
79 | 0 | hierMgr = context.getHierarchyManager(); |
80 | 0 | anonymous = !subject.getPrincipals(AnonymousPrincipal.class).isEmpty(); |
81 | 0 | system = !subject.getPrincipals(SystemPrincipal.class).isEmpty(); |
82 | ||
83 | // @todo check permission to access given workspace based on principals |
|
84 | 0 | initialized = true; |
85 | 0 | } |
86 | ||
87 | /** |
|
88 | * {@inheritDoc} |
|
89 | */ |
|
90 | public synchronized void close() throws Exception |
|
91 | { |
|
92 | 0 | if (!initialized) |
93 | { |
|
94 | 0 | throw new IllegalStateException("not initialized"); |
95 | } |
|
96 | ||
97 | 0 | initialized = false; |
98 | 0 | } |
99 | ||
100 | /** |
|
101 | * {@inheritDoc} |
|
102 | */ |
|
103 | public void checkPermission(ItemId id, int permissions) throws AccessDeniedException, ItemNotFoundException, RepositoryException |
|
104 | { |
|
105 | 0 | if (!initialized) |
106 | { |
|
107 | 0 | throw new IllegalStateException("not initialized"); |
108 | } |
|
109 | ||
110 | 0 | if (system) |
111 | { |
|
112 | // system has always all permissions |
|
113 | 0 | return; |
114 | } |
|
115 | 0 | else if (anonymous) |
116 | { |
|
117 | // anonymous is always denied WRITE & REMOVE premissions |
|
118 | 0 | if ((permissions & WRITE) == WRITE || (permissions & REMOVE) == REMOVE) |
119 | { |
|
120 | 0 | throw new AccessDeniedException(); |
121 | } |
|
122 | } |
|
123 | // @todo check permission based on principals |
|
124 | 0 | } |
125 | ||
126 | /** |
|
127 | * {@inheritDoc} |
|
128 | */ |
|
129 | public boolean isGranted(ItemId id, int permissions) throws ItemNotFoundException, RepositoryException |
|
130 | { |
|
131 | 0 | if (!initialized) |
132 | { |
|
133 | 0 | throw new IllegalStateException("not initialized"); |
134 | } |
|
135 | ||
136 | 0 | if (system) |
137 | { |
|
138 | // system has always all permissions |
|
139 | 0 | return true; |
140 | } |
|
141 | 0 | else if (anonymous) |
142 | { |
|
143 | // anonymous is always denied WRITE & REMOVE premissions |
|
144 | 0 | if ((permissions & WRITE) == WRITE || (permissions & REMOVE) == REMOVE) |
145 | { |
|
146 | 0 | return false; |
147 | } |
|
148 | } |
|
149 | ||
150 | // @todo check permission based on principals |
|
151 | 0 | return true; |
152 | ||
153 | ||
154 | } |
|
155 | ||
156 | /** |
|
157 | * {@inheritDoc} |
|
158 | */ |
|
159 | public boolean canAccess(String workspaceName) throws NoSuchWorkspaceException, RepositoryException |
|
160 | { |
|
161 | // @todo check permission to access given workspace based on principals |
|
162 | 0 | return true; |
163 | } |
|
164 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |