UserPerWorkspaceSecurityManager (Apache Jackrabbit 2.2.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.jackrabbit.core
Class UserPerWorkspaceSecurityManager

java.lang.Object
  org.apache.jackrabbit.core.DefaultSecurityManager
      org.apache.jackrabbit.core.UserPerWorkspaceSecurityManager

All Implemented Interfaces:: JackrabbitSecurityManager

public class UserPerWorkspaceSecurityManager
extends DefaultSecurityManager
extends DefaultSecurityManager

Derived security manager implementation that expects that users information is present in each workspace instead of having a single, dedicated "security-workspace" that provides user information. Consequently, the UserManager used to retrieve and manipulate user content is always bound to the Session passed to getUserManager(Session).

In addition the default (user-based) principal provider created by DefaultSecurityManager cannot be used to retrieve principals. Instead this implementation keeps a distinct pp-registry for each workspace.

NOTE: While this security manager asserts that a minimal set of system users (admin and anonymous) is present in each workspace it doesn't make any attempt to set or define the access permissions on the tree containing user related information.

Field Summary

Fields inherited from class org.apache.jackrabbit.core.DefaultSecurityManager
`adminId, anonymousId`

Constructor Summary
`UserPerWorkspaceSecurityManager()`

Method Summary
`void`	`close()` Disposes this security manager instance and cleans all internal caches.
`protected PrincipalProvider`	`createDefaultPrincipalProvider()` Always returns `null`.
`protected WorkspaceAccessManager`	`createDefaultWorkspaceAccessManager()` Returns a new instance of `SimpleWorkspaceAccessManager`, since with the `DefaultLoginModule` the existance of the user is checked in order to successfully complete the login.
`protected PrincipalManager`	`createPrincipalManager(SessionImpl session)`
`protected UserManagerImpl`	`createUserManager(SessionImpl session)` Creates a new instanceof `TransientChangeUserManagerImpl`.
`void`	`dispose(String workspaceName)` Disposes those parts of this security manager that are related to the workspace indicated by the given `workspaceName`.
`AuthContext`	`getAuthContext(Credentials creds, Subject subject, String workspaceName)` Creates an AuthContext for the given `Credentials` and `Subject`.
`protected UserManager`	`getSystemUserManager(String workspaceName)`
`UserManager`	`getUserManager(Session session)` As this implementation expectes that users information in present in every workspace, the UserManager is always created with the given session.
`void`	`init(Repository repository, Session systemSession)`

Methods inherited from class org.apache.jackrabbit.core.DefaultSecurityManager
`checkInitialized, getAccessManager, getAuthContextProvider, getConfig, getMembershipCache, getPrincipalManager, getPrincipalProviderRegistry, getRepository, getSystemSession, getUserID`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

UserPerWorkspaceSecurityManager

public UserPerWorkspaceSecurityManager()

Method Detail

init

public void init(Repository repository,
                 Session systemSession)
          throws RepositoryException

Specified by:: init in interface JackrabbitSecurityManager
Overrides:: init in class DefaultSecurityManager

Throws:: RepositoryException
See Also:: JackrabbitSecurityManager.init(Repository, Session)

dispose

public void dispose(String workspaceName)

Description copied from interface: JackrabbitSecurityManager

Disposes those parts of this security manager that are related to the workspace indicated by the given workspaceName.

Specified by:: dispose in interface JackrabbitSecurityManager
Overrides:: dispose in class DefaultSecurityManager

Parameters:: workspaceName - Name of the workspace that is being disposed.
See Also:: JackrabbitSecurityManager.dispose(String)

close

public void close()

Description copied from interface: JackrabbitSecurityManager

Disposes this security manager instance and cleans all internal caches.

Specified by:: close in interface JackrabbitSecurityManager
Overrides:: close in class DefaultSecurityManager

See Also:: JackrabbitSecurityManager.close()

getUserManager

public UserManager getUserManager(Session session)
                           throws RepositoryException

As this implementation expectes that users information in present in every workspace, the UserManager is always created with the given session.

Specified by:: getUserManager in interface JackrabbitSecurityManager
Overrides:: getUserManager in class DefaultSecurityManager

Returns:: UserManager for the given session.
Throws:: UnsupportedRepositoryOperationException - If user management is not supported.; RepositoryException
See Also:: JackrabbitSecurityManager.getUserManager(javax.jcr.Session)

getAuthContext

public AuthContext getAuthContext(Credentials creds,
                                  Subject subject,
                                  String workspaceName)
                           throws RepositoryException

Creates an AuthContext for the given Credentials and Subject.
This includes selection of application specific LoginModules and initialization with credentials and Session to System-Workspace

Specified by:: getAuthContext in interface JackrabbitSecurityManager
Overrides:: getAuthContext in class DefaultSecurityManager

workspaceName - The name of the workspace to login.
Returns:: an AuthContext for the given Credentials, Subject
Throws:: RepositoryException - in other exceptional repository states

createDefaultPrincipalProvider

protected PrincipalProvider createDefaultPrincipalProvider()
                                                    throws RepositoryException

Always returns null. The default principal provider is workspace depending as users are expected to exist in every workspace.

Overrides:: createDefaultPrincipalProvider in class DefaultSecurityManager

Returns:: null
Throws:: RepositoryException

getSystemUserManager

protected UserManager getSystemUserManager(String workspaceName)
                                    throws RepositoryException

Overrides:: getSystemUserManager in class DefaultSecurityManager

Returns:: The system user manager. Since this implementation stores users in a dedicated workspace the system user manager is the same for all sessions irrespective of the workspace.
Throws:: RepositoryException

createUserManager

protected UserManagerImpl createUserManager(SessionImpl session)
                                     throws RepositoryException

Creates a new instanceof TransientChangeUserManagerImpl.

Overrides:: createUserManager in class DefaultSecurityManager

Parameters:: session - session
Returns:: an instanceof TransientChangeUserManagerImpl
Throws:: RepositoryException

createPrincipalManager

protected PrincipalManager createPrincipalManager(SessionImpl session)
                                           throws RepositoryException

Overrides:: createPrincipalManager in class DefaultSecurityManager

Parameters:: session - Session for the principal manager must be created.
Returns:: A new instance of PrincipalManagerImpl. Note that this implementation uses a workspace specific principal provider registry, that retrieves the configured providers from the registry obtained throug DefaultSecurityManager.getPrincipalProviderRegistry() but has a workspace specific default provider.
Throws:: RepositoryException

createDefaultWorkspaceAccessManager

protected WorkspaceAccessManager createDefaultWorkspaceAccessManager()

Returns a new instance of SimpleWorkspaceAccessManager, since with the DefaultLoginModule the existance of the user is checked in order to successfully complete the login. Since with this SecurityManager users are stored separately in each workspace, a user may only login to a workspace if the corresponding user node exists. Consequently a lazy workspace access manager is sufficient.

If this SecurityManager is used with a distict LoginModule implementation, the configuration for WorkspaceAccessManager should be adjusted as well.

Overrides:: createDefaultWorkspaceAccessManager in class DefaultSecurityManager

Returns:: An new instance of SimpleWorkspaceAccessManager.