You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by ju...@apache.org on 2007/04/09 11:32:54 UTC

svn commit: r526687 - /jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java

Author: jukka
Date: Mon Apr  9 02:32:50 2007
New Revision: 526687

URL: http://svn.apache.org/viewvc?view=rev&rev=526687
Log:
JCR-650: Included the SimpleJBossAccessManager class contributed by Darren Hartford.

Added:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java   (with props)

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java?view=auto&rev=526687
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java Mon Apr  9 02:32:50 2007
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.Properties;
+
+import javax.jcr.AccessDeniedException;
+
+import org.apache.jackrabbit.core.ItemId;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The simple JBoss access manager is a specialized Access Manager to
+ * handle Authorization of individuals authenticated through JBoss
+ * login modules. It maps roles from the JBoss simplegroup class to
+ * Jackrabbit permissions.
+ *
+ * @author dhartford
+ * @date 2006-11-27
+ * @see http://wiki.apache.org/jackrabbit/SimpleJbossAccessManager
+ */
+public class SimpleJBossAccessManager implements AccessManager {
+
+    /**
+     * Logger instance.
+     */
+    private static Logger log =
+        LoggerFactory.getLogger(SimpleJBossAccessManager.class);
+
+    protected boolean system = false;
+
+    protected boolean anonymous = false;
+
+    //--------------------------------------------------------< AccessManager >
+
+    public void init(AMContext context)
+            throws AccessDeniedException, Exception {
+        Properties rolemaps = new Properties();
+        File rolemap = new File(context.getHomeDir(), "rolemapping.properties");
+        log.info("Loading jbossgroup role mappings from {}", rolemap.getPath());
+        FileInputStream rolefs = new FileInputStream(rolemap);
+        try {
+            rolemaps.load(rolefs);
+        } finally {
+            rolefs.close();
+        }
+        
+        Iterator iterator = context.getSubject().getPrincipals().iterator();
+        while (iterator.hasNext()) {
+            Principal principal = (Principal) iterator.next();
+            if (principal instanceof Group
+                    && principal.getName().equalsIgnoreCase("Roles")){
+                Group group = (Group) principal;
+                Enumeration members = group.members();
+                while (members.hasMoreElements()) {
+                    Principal member = (Principal) members.nextElement();
+                    String role = rolemaps.getProperty(member.getName());
+                    system = system || "full".equalsIgnoreCase(role);
+                    anonymous = anonymous || "read".equalsIgnoreCase(role);
+                }
+            }
+        }
+
+        // @todo check permission to access given workspace based on principals
+    }
+
+    public synchronized void close() {
+    }
+
+    public void checkPermission(ItemId id, int permissions)
+            throws AccessDeniedException {
+        if (!isGranted(id, permissions)) {
+            throw new AccessDeniedException("Access denied");
+        }
+    }
+
+    public boolean isGranted(ItemId id, int permissions) {
+        // system has always all permissions
+        // anonymous has all but WRITE & REMOVE premissions
+        return system || (anonymous && ((permissions & (WRITE | REMOVE)) == 0));
+    }
+
+    public boolean canAccess(String workspaceName) {
+        return system || anonymous;
+    }
+
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/SimpleJBossAccessManager.java
------------------------------------------------------------------------------
    svn:eol-style = native