SimpleAccessManager xref

View Javadoc

1   /*
2    * Copyright 2004-2005 The Apache Software Foundation or its licensors,
3    *                     as applicable.
4    *
5    * Licensed under the Apache License, Version 2.0 (the "License");
6    * you may not use this file except in compliance with the License.
7    * You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.portals.graffito.jcr.security;
18  
19  import org.apache.jackrabbit.core.HierarchyManager;
20  import org.apache.jackrabbit.core.ItemId;
21  import org.apache.jackrabbit.core.security.AMContext;
22  import org.apache.jackrabbit.core.security.AccessManager;
23  import org.apache.jackrabbit.core.security.AnonymousPrincipal;
24  import org.apache.jackrabbit.core.security.SystemPrincipal;
25  import org.apache.log4j.Logger;
26  
27  import javax.jcr.AccessDeniedException;
28  import javax.jcr.ItemNotFoundException;
29  import javax.jcr.NoSuchWorkspaceException;
30  import javax.jcr.RepositoryException;
31  import javax.security.auth.Subject;
32  
33  /***
34   * <code>SimpleAccessManager</code> ...
35   */
36  public class SimpleAccessManager implements AccessManager
37  {
38  
39  	private static Logger log = Logger.getLogger(SimpleAccessManager.class);
40  
41  	/***
42  	 * Subject whose access rights this AccessManager should reflect
43  	 */
44  	protected Subject subject;
45  
46  	/***
47  	 * hierarchy manager used for ACL-based access control model
48  	 */
49  	protected HierarchyManager hierMgr;
50  
51  	private boolean initialized;
52  
53  	protected boolean system;
54  
55  	protected boolean anonymous;
56  
57  	/***
58  	 * Empty constructor
59  	 */
60  	public SimpleAccessManager()
61  	{
62  		initialized = false;
63  		anonymous = false;
64  		system = false;
65  	}
66  
67  	//--------------------------------------------------------< AccessManager >
68  	/***
69  	 * {@inheritDoc}
70  	 */
71  	public void init(AMContext context) throws AccessDeniedException, Exception
72  	{
73  		if (initialized)
74  		{
75  			throw new IllegalStateException("already initialized");
76  		}
77  
78  		subject = context.getSubject();
79  		hierMgr = context.getHierarchyManager();
80  		anonymous = !subject.getPrincipals(AnonymousPrincipal.class).isEmpty();
81  		system = !subject.getPrincipals(SystemPrincipal.class).isEmpty();
82  
83  		// @todo check permission to access given workspace based on principals
84  		initialized = true;
85  	}
86  
87  	/***
88  	 * {@inheritDoc}
89  	 */
90  	public synchronized void close() throws Exception
91  	{
92  		if (!initialized)
93  		{
94  			throw new IllegalStateException("not initialized");
95  		}
96  
97  		initialized = false;
98  	}
99  
100 	/***
101 	 * {@inheritDoc}
102 	 */
103 	public void checkPermission(ItemId id, int permissions) throws AccessDeniedException, ItemNotFoundException, RepositoryException
104 	{
105 		if (!initialized)
106 		{
107 			throw new IllegalStateException("not initialized");
108 		}
109 
110 		if (system)
111 		{
112 			// system has always all permissions
113 			return;
114 		}
115 		else if (anonymous)
116 		{
117 			// anonymous is always denied WRITE & REMOVE premissions
118 			if ((permissions & WRITE) == WRITE || (permissions & REMOVE) == REMOVE)
119 			{
120 				throw new AccessDeniedException();
121 			}
122 		}
123 		// @todo check permission based on principals
124 	}
125 
126 	/***
127 	 * {@inheritDoc}
128 	 */
129 	public boolean isGranted(ItemId id, int permissions) throws ItemNotFoundException, RepositoryException
130 	{
131 		if (!initialized)
132 		{
133 			throw new IllegalStateException("not initialized");
134 		}
135 
136 		if (system)
137 		{
138 			// system has always all permissions
139 			return true;
140 		}
141 		else if (anonymous)
142 		{
143 			// anonymous is always denied WRITE & REMOVE premissions
144 			if ((permissions & WRITE) == WRITE || (permissions & REMOVE) == REMOVE)
145 			{
146 				return false;
147 			}
148 		}
149 
150 		// @todo check permission based on principals
151 		return true;
152 	
153 		
154 	}
155 
156 	/***
157 	 * {@inheritDoc}
158 	 */
159 	public boolean canAccess(String workspaceName) throws NoSuchWorkspaceException, RepositoryException
160 	{
161 		// @todo check permission to access given workspace based on principals
162 		return true;
163 	}
164 }