You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:48:34 UTC
[sling-org-apache-sling-jcr-jackrabbit-accessmanager] 05/35:
SLING-2083 AccessManager permissions manipulation services that mirror the
functionality of the REST operations for programmatic access management
code.
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.jcr.jackrabbit.accessmanager-2.1.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-accessmanager.git
commit fcc025a1005710ad8c3032c00e258c23678c755f
Author: Eric Norman <en...@apache.org>
AuthorDate: Thu May 19 05:24:07 2011 +0000
SLING-2083 AccessManager permissions manipulation services that mirror the functionality of the REST operations for programmatic access management code.
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-accessmanager@1124538 13f79535-47bb-0310-9956-ffa450edef68
---
.../jcr/jackrabbit/accessmanager/DeleteAces.java | 46 ++++++
.../sling/jcr/jackrabbit/accessmanager/GetAcl.java | 48 ++++++
.../jackrabbit/accessmanager/GetEffectiveAcl.java | 48 ++++++
.../jcr/jackrabbit/accessmanager/ModifyAce.java | 54 +++++++
.../accessmanager/post/AbstractGetAclServlet.java | 176 +++++++++++----------
.../accessmanager/post/DeleteAcesServlet.java | 51 +++---
.../accessmanager/post/GetAclServlet.java | 14 +-
.../accessmanager/post/GetEffectiveAclServlet.java | 16 +-
.../accessmanager/post/ModifyAceServlet.java | 113 +++++++------
9 files changed, 410 insertions(+), 156 deletions(-)
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/DeleteAces.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/DeleteAces.java
new file mode 100644
index 0000000..26a03ff
--- /dev/null
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/DeleteAces.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.jcr.jackrabbit.accessmanager;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+/**
+ * The <code>DeleteAces</code> service api.
+ * <p>
+ * This interface is not intended to be implemented by bundles. It is
+ * implemented by this bundle and may be used by client bundles.
+ * </p>
+ */
+public interface DeleteAces {
+
+ /**
+ * Deletes one or more ACEs from the access control list of a resource.
+ *
+ * @param jcrSession the JCR session of the user updating the user
+ * @param resourcePath The path of the resource to update the ACL for (required)
+ * @param principalNamesToDelete An array of ace principal names to delete.. (required)
+ * @throws RepositoryException
+ */
+ public void deleteAces(Session jcrSession,
+ String resourcePath,
+ String [] principalNamesToDelete
+ ) throws RepositoryException;
+
+}
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetAcl.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetAcl.java
new file mode 100644
index 0000000..127b631
--- /dev/null
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetAcl.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.jcr.jackrabbit.accessmanager;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
+
+/**
+ * The <code>GetAcl</code> service api.
+ * <p>
+ * This interface is not intended to be implemented by bundles. It is
+ * implemented by this bundle and may be used by client bundles.
+ * </p>
+ */
+public interface GetAcl {
+
+ /**
+ * Gets the access control list for a resource.
+ *
+ * @param jcrSession the JCR session of the user updating the user
+ * @param resourcePath The path of the resource to get the ACL for (required)
+ * @return the ACL as a JSON object
+ * @throws RepositoryException
+ */
+ public JSONObject getAcl(Session jcrSession,
+ String resourcePath
+ ) throws RepositoryException, JSONException;
+
+}
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetEffectiveAcl.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetEffectiveAcl.java
new file mode 100644
index 0000000..a0e91c7
--- /dev/null
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetEffectiveAcl.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.jcr.jackrabbit.accessmanager;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
+
+/**
+ * The <code>GetAcl</code> service api.
+ * <p>
+ * This interface is not intended to be implemented by bundles. It is
+ * implemented by this bundle and may be used by client bundles.
+ * </p>
+ */
+public interface GetEffectiveAcl {
+
+ /**
+ * Gets the effective access control list for a resource.
+ *
+ * @param jcrSession the JCR session of the user updating the user
+ * @param resourcePath The path of the resource to get the ACL for (required)
+ * @return the ACL as a JSON object
+ * @throws RepositoryException
+ */
+ public JSONObject getEffectiveAcl(Session jcrSession,
+ String resourcePath
+ ) throws RepositoryException, JSONException;
+
+}
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/ModifyAce.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/ModifyAce.java
new file mode 100644
index 0000000..acfc315
--- /dev/null
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/ModifyAce.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.jcr.jackrabbit.accessmanager;
+
+import java.util.Map;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+/**
+ * The <code>ModifyAce</code> service api.
+ * <p>
+ * This interface is not intended to be implemented by bundles. It is
+ * implemented by this bundle and may be used by client bundles.
+ * </p>
+ */
+public interface ModifyAce {
+
+ /**
+ * Add or modify the access control entry for the specified user
+ * or group.
+ *
+ * @param jcrSession the JCR session of the user updating the user
+ * @param resourcePath The absolute path of the resource to apply the ACE to (required)
+ * @param principalId The name of the user/group to provision (required)
+ * @param privileges Map of privileges to apply. (optional)
+ * @param changes The list of changes for this operation (optional)
+ * @return the user that was updated or null if not found
+ * @throws RepositoryException
+ */
+ public void modifyAce(Session jcrSession,
+ String resourcePath,
+ String principalId,
+ Map<String, String> privileges,
+ String order
+ ) throws RepositoryException;
+
+}
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractGetAclServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractGetAclServlet.java
index 27986c9..4c0f868 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractGetAclServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractGetAclServlet.java
@@ -23,8 +23,8 @@ import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
-import java.util.Map.Entry;
import java.util.Set;
+import java.util.Map.Entry;
import javax.jcr.AccessDeniedException;
import javax.jcr.Item;
@@ -37,9 +37,9 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
-import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
+import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.slf4j.Logger;
@@ -56,98 +56,20 @@ public abstract class AbstractGetAclServlet extends SlingAllMethodsServlet {
/* (non-Javadoc)
* @see org.apache.sling.api.servlets.SlingSafeMethodsServlet#doGet(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.SlingHttpServletResponse)
*/
- @SuppressWarnings("unchecked")
@Override
protected void doGet(SlingHttpServletRequest request,
SlingHttpServletResponse response) throws ServletException,
IOException {
- try {
- Session session = request.getResourceResolver().adaptTo(Session.class);
- if (session == null) {
- throw new RepositoryException("JCR Session not found");
- }
-
- String resourcePath = null;
- Resource resource = request.getResource();
- if (resource == null) {
- throw new ResourceNotFoundException("Resource not found.");
- } else {
- Item item = resource.adaptTo(Item.class);
- if (item != null) {
- resourcePath = item.getPath();
- } else {
- throw new ResourceNotFoundException("Resource is not a JCR Node");
- }
- }
-
- AccessControlEntry[] declaredAccessControlEntries = getAccessControlEntries(session, resourcePath);
- Map<String, Map<String, Object>> aclMap = new LinkedHashMap<String, Map<String,Object>>();
- int sequence = 0;
- for (AccessControlEntry ace : declaredAccessControlEntries) {
- Principal principal = ace.getPrincipal();
- Map<String, Object> map = aclMap.get(principal.getName());
- if (map == null) {
- map = new LinkedHashMap<String, Object>();
- aclMap.put(principal.getName(), map);
- map.put("order", sequence++);
- }
-
- boolean allow = AccessControlUtil.isAllow(ace);
- if (allow) {
- Set<String> grantedSet = (Set<String>) map.get("granted");
- if (grantedSet == null) {
- grantedSet = new LinkedHashSet<String>();
- map.put("granted", grantedSet);
- }
- Privilege[] privileges = ace.getPrivileges();
- for (Privilege privilege : privileges) {
- grantedSet.add(privilege.getName());
- }
- } else {
- Set<String> deniedSet = (Set<String>) map.get("denied");
- if (deniedSet == null) {
- deniedSet = new LinkedHashSet<String>();
- map.put("denied", deniedSet);
- }
- Privilege[] privileges = ace.getPrivileges();
- for (Privilege privilege : privileges) {
- deniedSet.add(privilege.getName());
- }
- }
- }
-
+ try {
+ Session session = request.getResourceResolver().adaptTo(Session.class);
+ String resourcePath = request.getResource().getPath();
- response.setContentType("application/json");
- response.setCharacterEncoding("UTF-8");
+ JSONObject acl = internalGetAcl(session, resourcePath);
+ response.setContentType("application/json");
+ response.setCharacterEncoding("UTF-8");
- List<JSONObject> aclList = new ArrayList<JSONObject>();
- Set<Entry<String, Map<String, Object>>> entrySet = aclMap.entrySet();
- for (Entry<String, Map<String, Object>> entry : entrySet) {
- String principalName = entry.getKey();
- Map<String, Object> value = entry.getValue();
-
- JSONObject aceObject = new JSONObject();
- aceObject.put("principal", principalName);
-
- Set<String> grantedSet = (Set<String>) value.get("granted");
- if (grantedSet != null) {
- aceObject.put("granted", grantedSet);
- }
-
- Set<String> deniedSet = (Set<String>) value.get("denied");
- if (deniedSet != null) {
- aceObject.put("denied", deniedSet);
- }
- aceObject.put("order", value.get("order"));
- aclList.add(aceObject);
- }
- JSONObject jsonAclMap = new JSONObject(aclMap);
- for ( JSONObject jsonObj : aclList) {
- jsonAclMap.put(jsonObj.getString("principal"), jsonObj);
- }
- jsonAclMap.write(response.getWriter());
- // do the dump
+ acl.write(response.getWriter());
} catch (AccessDeniedException ade) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
} catch (ResourceNotFoundException rnfe) {
@@ -160,6 +82,86 @@ public abstract class AbstractGetAclServlet extends SlingAllMethodsServlet {
}
}
+ @SuppressWarnings("unchecked")
+ protected JSONObject internalGetAcl(Session jcrSession, String resourcePath)
+ throws RepositoryException, JSONException {
+
+ if (jcrSession == null) {
+ throw new RepositoryException("JCR Session not found");
+ }
+
+ Item item = jcrSession.getItem(resourcePath);
+ if (item != null) {
+ resourcePath = item.getPath();
+ } else {
+ throw new ResourceNotFoundException("Resource is not a JCR Node");
+ }
+
+ AccessControlEntry[] declaredAccessControlEntries = getAccessControlEntries(jcrSession, resourcePath);
+ Map<String, Map<String, Object>> aclMap = new LinkedHashMap<String, Map<String,Object>>();
+ int sequence = 0;
+ for (AccessControlEntry ace : declaredAccessControlEntries) {
+ Principal principal = ace.getPrincipal();
+ Map<String, Object> map = aclMap.get(principal.getName());
+ if (map == null) {
+ map = new LinkedHashMap<String, Object>();
+ aclMap.put(principal.getName(), map);
+ map.put("order", sequence++);
+ }
+
+ boolean allow = AccessControlUtil.isAllow(ace);
+ if (allow) {
+ Set<String> grantedSet = (Set<String>) map.get("granted");
+ if (grantedSet == null) {
+ grantedSet = new LinkedHashSet<String>();
+ map.put("granted", grantedSet);
+ }
+ Privilege[] privileges = ace.getPrivileges();
+ for (Privilege privilege : privileges) {
+ grantedSet.add(privilege.getName());
+ }
+ } else {
+ Set<String> deniedSet = (Set<String>) map.get("denied");
+ if (deniedSet == null) {
+ deniedSet = new LinkedHashSet<String>();
+ map.put("denied", deniedSet);
+ }
+ Privilege[] privileges = ace.getPrivileges();
+ for (Privilege privilege : privileges) {
+ deniedSet.add(privilege.getName());
+ }
+ }
+ }
+
+ List<JSONObject> aclList = new ArrayList<JSONObject>();
+ Set<Entry<String, Map<String, Object>>> entrySet = aclMap.entrySet();
+ for (Entry<String, Map<String, Object>> entry : entrySet) {
+ String principalName = entry.getKey();
+ Map<String, Object> value = entry.getValue();
+
+ JSONObject aceObject = new JSONObject();
+ aceObject.put("principal", principalName);
+
+ Set<String> grantedSet = (Set<String>) value.get("granted");
+ if (grantedSet != null) {
+ aceObject.put("granted", grantedSet);
+ }
+
+ Set<String> deniedSet = (Set<String>) value.get("denied");
+ if (deniedSet != null) {
+ aceObject.put("denied", deniedSet);
+ }
+ aceObject.put("order", value.get("order"));
+ aclList.add(aceObject);
+ }
+ JSONObject jsonAclMap = new JSONObject(aclMap);
+ for ( JSONObject jsonObj : aclList) {
+ jsonAclMap.put(jsonObj.getString("principal"), jsonObj);
+ }
+
+ return jsonAclMap;
+ }
+
protected abstract AccessControlEntry[] getAccessControlEntries(Session session, String absPath) throws RepositoryException;
}
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
index dba545a..15f2d2c 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
@@ -25,15 +25,15 @@ import java.util.Set;
import javax.jcr.Item;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
+
import org.apache.sling.api.SlingHttpServletRequest;
-import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.jcr.base.util.AccessControlUtil;
+import org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.post.SlingPostConstants;
@@ -70,11 +70,12 @@ import org.apache.sling.servlets.post.SlingPostConstants;
*
* @scr.component immediate="true"
* @scr.service interface="javax.servlet.Servlet"
+ * @scr.service interface="org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces"
* @scr.property name="sling.servlet.resourceTypes" value="sling/servlet/default"
* @scr.property name="sling.servlet.methods" value="POST"
* @scr.property name="sling.servlet.selectors" value="deleteAce"
*/
-public class DeleteAcesServlet extends AbstractAccessPostServlet {
+public class DeleteAcesServlet extends AbstractAccessPostServlet implements DeleteAces {
private static final long serialVersionUID = 3784866802938282971L;
/* (non-Javadoc)
@@ -85,34 +86,42 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet {
HtmlResponse htmlResponse, List<Modification> changes)
throws RepositoryException {
+ Session session = request.getResourceResolver().adaptTo(Session.class);
+ String resourcePath = request.getResource().getPath();
String[] applyTo = request.getParameterValues(SlingPostConstants.RP_APPLY_TO);
- if (applyTo == null) {
+ deleteAces(session, resourcePath, applyTo);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces#deleteAces(javax.jcr.Session, java.lang.String, java.lang.String[])
+ */
+ public void deleteAces(Session jcrSession, String resourcePath,
+ String[] principalNamesToDelete) throws RepositoryException {
+
+ if (principalNamesToDelete == null) {
throw new RepositoryException("principalIds were not sumitted.");
} else {
- String resourcePath = null;
- Resource resource = request.getResource();
- if (resource == null) {
- throw new ResourceNotFoundException("Resource not found.");
- } else {
- Item item = resource.adaptTo(Item.class);
- if (item != null) {
- resourcePath = item.getPath();
- } else {
- throw new ResourceNotFoundException("Resource is not a JCR Node");
- }
+ if (jcrSession == null) {
+ throw new RepositoryException("JCR Session not found");
+ }
+
+ if (resourcePath == null) {
+ throw new ResourceNotFoundException("Resource path was not supplied.");
}
- Session session = request.getResourceResolver().adaptTo(Session.class);
- if (session == null) {
- throw new RepositoryException("JCR Session not found");
+ Item item = jcrSession.getItem(resourcePath);
+ if (item != null) {
+ resourcePath = item.getPath();
+ } else {
+ throw new ResourceNotFoundException("Resource is not a JCR Node");
}
//load the principalIds array into a set for quick lookup below
Set<String> pidSet = new HashSet<String>();
- pidSet.addAll(Arrays.asList(applyTo));
+ pidSet.addAll(Arrays.asList(principalNamesToDelete));
try {
- AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
+ AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(jcrSession);
AccessControlList updatedAcl = getAccessControlList(accessControlManager, resourcePath, false);
//keep track of the existing Aces for the target principal
@@ -138,5 +147,5 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet {
}
}
}
-
+
}
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java
index 399dbb1..c0f907c 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java
@@ -23,7 +23,10 @@ import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.jcr.base.util.AccessControlUtil;
+import org.apache.sling.jcr.jackrabbit.accessmanager.GetAcl;
/**
* <p>
@@ -92,14 +95,23 @@ import org.apache.sling.jcr.base.util.AccessControlUtil;
*
* @scr.component immediate="true"
* @scr.service interface="javax.servlet.Servlet"
+ * @scr.service interface="org.apache.sling.jcr.jackrabbit.accessmanager.GetAcl"
* @scr.property name="sling.servlet.resourceTypes" value="sling/servlet/default"
* @scr.property name="sling.servlet.methods" value="GET"
* @scr.property name="sling.servlet.selectors" value="acl"
* @scr.property name="sling.servlet.extensions" value="json"
*/
-public class GetAclServlet extends AbstractGetAclServlet {
+public class GetAclServlet extends AbstractGetAclServlet implements GetAcl {
private static final long serialVersionUID = 3391376559396223185L;
+ /* (non-Javadoc)
+ * @see org.apache.sling.jcr.jackrabbit.accessmanager.GetAcl#getAcl(javax.jcr.Session, java.lang.String)
+ */
+ public JSONObject getAcl(Session jcrSession, String resourcePath)
+ throws RepositoryException, JSONException {
+ return internalGetAcl(jcrSession, resourcePath);
+ }
+
@Override
protected AccessControlEntry[] getAccessControlEntries(Session session, String absPath) throws RepositoryException {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java
index 813d35f..e92ad7c 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java
@@ -23,7 +23,10 @@ import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.jcr.base.util.AccessControlUtil;
+import org.apache.sling.jcr.jackrabbit.accessmanager.GetEffectiveAcl;
/**
* <p>
@@ -92,15 +95,24 @@ import org.apache.sling.jcr.base.util.AccessControlUtil;
*
* @scr.component immediate="true"
* @scr.service interface="javax.servlet.Servlet"
+ * @scr.service interface="org.apache.sling.jcr.jackrabbit.accessmanager.GetEffectiveAcl"
* @scr.property name="sling.servlet.resourceTypes" value="sling/servlet/default"
* @scr.property name="sling.servlet.methods" value="GET"
* @scr.property name="sling.servlet.selectors" value="eacl"
* @scr.property name="sling.servlet.extensions" value="json"
*/
@SuppressWarnings("serial")
-public class GetEffectiveAclServlet extends AbstractGetAclServlet {
+public class GetEffectiveAclServlet extends AbstractGetAclServlet implements GetEffectiveAcl {
- @Override
+ /* (non-Javadoc)
+ * @see org.apache.sling.jcr.jackrabbit.accessmanager.GetEffectiveAcl#getEffectiveAcl(javax.jcr.Session, java.lang.String)
+ */
+ public JSONObject getEffectiveAcl(Session jcrSession, String resourcePath)
+ throws RepositoryException, JSONException {
+ return internalGetAcl(jcrSession, resourcePath);
+ }
+
+ @Override
protected AccessControlEntry[] getAccessControlEntries(Session session, String absPath) throws RepositoryException {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
AccessControlPolicy[] policies = accessControlManager.getEffectivePolicies(absPath);
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
index f259e96..c916380 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
@@ -16,24 +16,27 @@
*/
package org.apache.sling.jcr.jackrabbit.accessmanager.post;
-import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.sling.api.SlingHttpServletRequest;
-import org.apache.sling.api.resource.Resource;
-import org.apache.sling.api.resource.ResourceNotFoundException;
-import org.apache.sling.api.servlets.HtmlResponse;
-import org.apache.sling.jcr.base.util.AccessControlUtil;
-import org.apache.sling.servlets.post.Modification;
-
import java.security.Principal;
import java.util.Enumeration;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
+import java.util.Map.Entry;
import javax.jcr.Item;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.sling.api.SlingHttpServletRequest;
+import org.apache.sling.api.resource.ResourceNotFoundException;
+import org.apache.sling.api.servlets.HtmlResponse;
+import org.apache.sling.jcr.base.util.AccessControlUtil;
+import org.apache.sling.jcr.jackrabbit.accessmanager.ModifyAce;
+import org.apache.sling.servlets.post.Modification;
+
/**
* <p>
* Sling Post Servlet implementation for modifying the ACEs for a principal on a JCR
@@ -77,11 +80,12 @@ import javax.jcr.Session;
*
* @scr.component immediate="true"
* @scr.service interface="javax.servlet.Servlet"
+ * @scr.service interface="org.apache.sling.jcr.jackrabbit.accessmanager.ModifyAce"
* @scr.property name="sling.servlet.resourceTypes" value="sling/servlet/default"
* @scr.property name="sling.servlet.methods" value="POST"
* @scr.property name="sling.servlet.selectors" value="modifyAce"
*/
-public class ModifyAceServlet extends AbstractAccessPostServlet {
+public class ModifyAceServlet extends AbstractAccessPostServlet implements ModifyAce {
private static final long serialVersionUID = -9182485466670280437L;
/* (non-Javadoc)
@@ -92,68 +96,87 @@ public class ModifyAceServlet extends AbstractAccessPostServlet {
HtmlResponse htmlResponse, List<Modification> changes)
throws RepositoryException {
Session session = request.getResourceResolver().adaptTo(Session.class);
- if (session == null) {
+ String resourcePath = request.getResource().getPath();
+ String principalId = request.getParameter("principalId");
+ Map<String, String> privileges = new HashMap<String, String>();
+ Enumeration<?> parameterNames = request.getParameterNames();
+ while (parameterNames.hasMoreElements()) {
+ Object nextElement = parameterNames.nextElement();
+ if (nextElement instanceof String) {
+ String paramName = (String)nextElement;
+ if (paramName.startsWith("privilege@")) {
+ String privilegeName = paramName.substring(10);
+ String parameterValue = request.getParameter(paramName);
+ privileges.put(privilegeName, parameterValue);
+ }
+ }
+ }
+ String order = request.getParameter("order");
+ modifyAce(session, resourcePath, principalId, privileges, order);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.sling.jcr.jackrabbit.accessmanager.ModifyAce#modifyAce(javax.jcr.Session, java.lang.String, java.lang.String, java.util.Map, java.lang.String)
+ */
+ public void modifyAce(Session jcrSession, String resourcePath,
+ String principalId, Map<String, String> privileges, String order)
+ throws RepositoryException {
+ if (jcrSession == null) {
throw new RepositoryException("JCR Session not found");
}
- String principalId = request.getParameter("principalId");
if (principalId == null) {
throw new RepositoryException("principalId was not submitted.");
}
- PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session);
+ PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(jcrSession);
Principal principal = principalManager.getPrincipal(principalId);
- String resourcePath = null;
- Resource resource = request.getResource();
- if (resource == null) {
- throw new ResourceNotFoundException("Resource not found.");
+
+ if (resourcePath == null) {
+ throw new ResourceNotFoundException("Resource path was not supplied.");
+ }
+
+ Item item = jcrSession.getItem(resourcePath);
+ if (item != null) {
+ resourcePath = item.getPath();
} else {
- Item item = resource.adaptTo(Item.class);
- if (item != null) {
- resourcePath = item.getPath();
- } else {
- throw new ResourceNotFoundException("Resource is not a JCR Node");
- }
+ throw new ResourceNotFoundException("Resource is not a JCR Node");
}
-
+
// Collect the modified privileges from the request.
Set<String> grantedPrivilegeNames = new HashSet<String>();
Set<String> deniedPrivilegeNames = new HashSet<String>();
Set<String> removedPrivilegeNames = new HashSet<String>();
- Enumeration<?> parameterNames = request.getParameterNames();
- while (parameterNames.hasMoreElements()) {
- Object nextElement = parameterNames.nextElement();
- if (nextElement instanceof String) {
- String paramName = (String)nextElement;
- if (paramName.startsWith("privilege@")) {
- String privilegeName = paramName.substring(10);
- String parameterValue = request.getParameter(paramName);
- if (parameterValue != null && parameterValue.length() > 0) {
- if ("granted".equals(parameterValue)) {
- grantedPrivilegeNames.add(privilegeName);
- } else if ("denied".equals(parameterValue)) {
- deniedPrivilegeNames.add(privilegeName);
- } else if ("none".equals(parameterValue)){
- removedPrivilegeNames.add(privilegeName);
- }
- }
+ Set<Entry<String, String>> entrySet = privileges.entrySet();
+ for (Entry<String, String> entry : entrySet) {
+ String privilegeName = entry.getKey();
+ if (privilegeName.startsWith("privilege@")) {
+ privilegeName = privilegeName.substring(10);
+ }
+ String parameterValue = entry.getValue();
+ if (parameterValue != null && parameterValue.length() > 0) {
+ if ("granted".equals(parameterValue)) {
+ grantedPrivilegeNames.add(privilegeName);
+ } else if ("denied".equals(parameterValue)) {
+ deniedPrivilegeNames.add(privilegeName);
+ } else if ("none".equals(parameterValue)){
+ removedPrivilegeNames.add(privilegeName);
}
}
}
- String order = request.getParameter("order");
-
// Make the actual changes.
try {
- AccessControlUtil.replaceAccessControlEntry(session, resourcePath, principal,
+ AccessControlUtil.replaceAccessControlEntry(jcrSession, resourcePath, principal,
grantedPrivilegeNames.toArray(new String[grantedPrivilegeNames.size()]),
deniedPrivilegeNames.toArray(new String[deniedPrivilegeNames.size()]),
removedPrivilegeNames.toArray(new String[removedPrivilegeNames.size()]),
order);
- if (session.hasPendingChanges()) {
- session.save();
+ if (jcrSession.hasPendingChanges()) {
+ jcrSession.save();
}
} catch (RepositoryException re) {
throw new RepositoryException("Failed to create ace.", re);
}
}
+
}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.