You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:48:00 UTC
[sling-org-apache-sling-jcr-jackrabbit-accessmanager] 16/19:
SLING-1208 Adapt to an API change between Jackrabbit 1.5 and 1.6: If a node
as a access control policy set,
the AccessControlManager.getApplicableAccessControlPolicies() returns an
empty iterator. In this case the getAccessControlPolicies returns the
current policies. Also upgraded dependency to Jackrabbit API to 1.6
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.jcr.jackrabbit.accessmanager-2.0.4
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-accessmanager.git
commit 32c555ad51cf39383259ff8a2a765e89cb64e737
Author: Felix Meschberger <fm...@apache.org>
AuthorDate: Fri Dec 4 13:56:45 2009 +0000
SLING-1208 Adapt to an API change between Jackrabbit 1.5 and 1.6: If a node as a access control policy set, the AccessControlManager.getApplicableAccessControlPolicies() returns an empty iterator. In this case the getAccessControlPolicies returns the current policies. Also upgraded dependency to Jackrabbit API to 1.6
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-accessmanager@887198 13f79535-47bb-0310-9956-ffa450edef68
---
pom.xml | 7 +--
.../post/AbstractAccessPostServlet.java | 71 ++++++++++++++++++----
.../accessmanager/post/DeleteAcesServlet.java | 27 +++-----
.../accessmanager/post/ModifyAceServlet.java | 25 ++------
4 files changed, 74 insertions(+), 56 deletions(-)
diff --git a/pom.xml b/pom.xml
index 03546c5..7856b10 100644
--- a/pom.xml
+++ b/pom.xml
@@ -112,7 +112,7 @@
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>jackrabbit-api</artifactId>
- <version>1.5.0</version>
+ <version>1.6.0</version>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
@@ -120,11 +120,6 @@
<version>2.0.4-incubator</version>
</dependency>
<dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-api</artifactId>
- <version>1.5.0</version>
- </dependency>
- <dependency>
<groupId>org.osgi</groupId>
<artifactId>org.osgi.core</artifactId>
</dependency>
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
index fe9da5b..45d9b2e 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
@@ -26,6 +26,10 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.ResourceNotFoundException;
@@ -39,7 +43,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
- * Base class for all the POST servlets for the AccessManager operations
+ * Base class for all the POST servlets for the AccessManager operations
*/
public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet {
private static final long serialVersionUID = -5918670409789895333L;
@@ -48,7 +52,7 @@ public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet {
* default log
*/
private final Logger log = LoggerFactory.getLogger(getClass());
-
+
/* (non-Javadoc)
* @see org.apache.sling.api.servlets.SlingAllMethodsServlet#doPost(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.SlingHttpServletResponse)
*/
@@ -76,12 +80,12 @@ public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet {
Session session = request.getResourceResolver().adaptTo(Session.class);
final List<Modification> changes = new ArrayList<Modification>();
-
+
try {
handleOperation(request, htmlResponse, changes);
-
+
//TODO: maybe handle SlingAuthorizablePostProcessor handlers here
-
+
// set changes on html response
for(Modification change : changes) {
switch ( change.getType() ) {
@@ -93,7 +97,7 @@ public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet {
case ORDER : htmlResponse.onChange("ordered", change.getSource(), change.getDestination()); break;
}
}
-
+
if (session.hasPendingChanges()) {
session.save();
}
@@ -115,7 +119,7 @@ public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet {
e.getMessage(), e);
}
}
-
+
// check for redirect URL if processing succeeded
if (htmlResponse.isSuccessful()) {
String redirect = getRedirectUrl(request, htmlResponse);
@@ -138,8 +142,8 @@ public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet {
*/
abstract protected void handleOperation(SlingHttpServletRequest request,
HtmlResponse htmlResponse, List<Modification> changes) throws RepositoryException;
-
-
+
+
/**
* compute redirect URL (SLING-126)
*
@@ -213,7 +217,7 @@ public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet {
SlingPostConstants.RP_STATUS);
return true;
}
-
+
// ------ These methods were copied from AbstractSlingPostOperation ------
/**
@@ -250,5 +254,50 @@ public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet {
return ret.toString();
}
-
+
+ /**
+ * Returns an <code>AccessControlList</code> to edit for the node at the
+ * given <code>resourcePath</code>.
+ *
+ * @param accessControlManager The manager providing access control lists
+ * @param resourcePath The node path for which to return an access control
+ * list
+ * @param mayCreate <code>true</code> if an access control list should be
+ * created if the node does not have one yet.
+ * @return The <code>AccessControlList</code> to modify to control access to
+ * the node.
+ * @throws RepositoryException If the access control manager does not
+ * provide a <code>AccessControlPolicy</code> which is an
+ * <code>AccessControlList</code>.
+ */
+ protected AccessControlList getAccessControlList(
+ final AccessControlManager accessControlManager,
+ final String resourcePath, final boolean mayCreate)
+ throws RepositoryException {
+
+ // check for an existing access control list to edit
+ AccessControlPolicy[] policies = accessControlManager.getPolicies(resourcePath);
+ for (AccessControlPolicy policy : policies) {
+ if (policy instanceof AccessControlList) {
+ return (AccessControlList) policy;
+ }
+ }
+
+ // no existing access control list, try to create if allowed
+ if (mayCreate) {
+ AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(resourcePath);
+ while (applicablePolicies.hasNext()) {
+ AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
+ if (policy instanceof AccessControlList) {
+ return (AccessControlList) policy;
+ }
+ }
+ }
+
+ // neither an existing nor a create AccessControlList is available, fail
+ throw new RepositoryException(
+ "Unable to find or create an access control policy to update for "
+ + resourcePath);
+
+ }
}
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
index 4dc695c..3d8ea7e 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
@@ -29,8 +29,6 @@ import javax.jcr.Session;
import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceNotFoundException;
@@ -86,7 +84,7 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet {
protected void handleOperation(SlingHttpServletRequest request,
HtmlResponse htmlResponse, List<Modification> changes)
throws RepositoryException {
-
+
String[] applyTo = request.getParameterValues(SlingPostConstants.RP_APPLY_TO);
if (applyTo == null) {
throw new RepositoryException("principalIds were not sumitted.");
@@ -103,31 +101,20 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet {
throw new ResourceNotFoundException("Resource is not a JCR Node");
}
}
-
+
Session session = request.getResourceResolver().adaptTo(Session.class);
if (session == null) {
throw new RepositoryException("JCR Session not found");
}
-
+
//load the principalIds array into a set for quick lookup below
Set<String> pidSet = new HashSet<String>();
pidSet.addAll(Arrays.asList(applyTo));
-
+
try {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
- AccessControlList updatedAcl = null;
- AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(resourcePath);
- while (applicablePolicies.hasNext()) {
- AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
- if (policy instanceof AccessControlList) {
- updatedAcl = (AccessControlList)policy;
- break;
- }
- }
- if (updatedAcl == null) {
- throw new RepositoryException("Unable to find an access control policy to update.");
- }
-
+ AccessControlList updatedAcl = getAccessControlList(accessControlManager, resourcePath, false);
+
//keep track of the existing Aces for the target principal
AccessControlEntry[] accessControlEntries = updatedAcl.getAccessControlEntries();
List<AccessControlEntry> oldAces = new ArrayList<AccessControlEntry>();
@@ -143,7 +130,7 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet {
updatedAcl.removeAccessControlEntry(ace);
}
}
-
+
//apply the changed policy
accessControlManager.setPolicy(resourcePath, updatedAcl);
} catch (RepositoryException re) {
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
index 4b37e76..07715f5 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
@@ -28,8 +28,6 @@ import javax.jcr.Session;
import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
@@ -132,8 +130,8 @@ public class ModifyAceServlet extends AbstractAccessPostServlet {
throw new ResourceNotFoundException("Resource is not a JCR Node");
}
}
-
-
+
+
List<String> grantedPrivilegeNames = new ArrayList<String>();
List<String> deniedPrivilegeNames = new ArrayList<String>();
Enumeration parameterNames = request.getParameterNames();
@@ -158,18 +156,7 @@ public class ModifyAceServlet extends AbstractAccessPostServlet {
try {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
- AccessControlList updatedAcl = null;
- AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(resourcePath);
- while (applicablePolicies.hasNext()) {
- AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
- if (policy instanceof AccessControlList) {
- updatedAcl = (AccessControlList)policy;
- break;
- }
- }
- if (updatedAcl == null) {
- throw new RepositoryException("Unable to find an access conrol policy to update.");
- }
+ AccessControlList updatedAcl = getAccessControlList(accessControlManager, resourcePath, true);
StringBuilder oldPrivileges = null;
StringBuilder newPrivileges = null;
@@ -187,7 +174,7 @@ public class ModifyAceServlet extends AbstractAccessPostServlet {
log.debug("Found Existing ACE for principal {0} on resource: ", new Object[] {principalId, resourcePath});
}
oldAces.add(ace);
-
+
if (log.isDebugEnabled()) {
//collect the information for debug logging
boolean isAllow = AccessControlUtil.isAllow(ace);
@@ -213,7 +200,7 @@ public class ModifyAceServlet extends AbstractAccessPostServlet {
updatedAcl.removeAccessControlEntry(ace);
}
}
-
+
//add a fresh ACE with the granted privileges
List<Privilege> grantedPrivilegeList = new ArrayList<Privilege>();
for (String name : grantedPrivilegeNames) {
@@ -222,7 +209,7 @@ public class ModifyAceServlet extends AbstractAccessPostServlet {
}
Privilege privilege = accessControlManager.privilegeFromName(name);
grantedPrivilegeList.add(privilege);
-
+
if (log.isDebugEnabled()) {
if (newPrivileges.length() > 0) {
newPrivileges.append(", "); //separate entries by commas
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.