You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/07 16:14:58 UTC
svn commit: r1443540 -
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
Author: angela
Date: Thu Feb 7 15:14:57 2013
New Revision: 1443540
URL: http://svn.apache.org/viewvc?rev=1443540&view=rev
Log:
OAK-50 : Implement User Management
- Impersonation#grant: add shortcut for principals known to the user mgt.
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?rev=1443540&r1=1443539&r2=1443540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java Thu Feb 7 15:14:57 2013
@@ -59,6 +59,7 @@ class ImpersonationImpl implements Imper
}
//------------------------------------------------------< Impersonation >---
+
/**
* @see org.apache.jackrabbit.api.security.user.Impersonation#getImpersonators()
*/
@@ -87,17 +88,10 @@ class ImpersonationImpl implements Imper
*/
@Override
public boolean grantImpersonation(Principal principal) throws RepositoryException {
- String principalName = principal.getName();
- Principal p = principalManager.getPrincipal(principalName);
- if (p == null) {
- log.debug("Cannot grant impersonation to an unknown principal.");
- return false;
- }
- if (p instanceof Group) {
- log.debug("Cannot grant impersonation to a principal that is a Group.");
+ if (!isValidPrincipal(principal)) {
return false;
}
-
+ String principalName = principal.getName();
// make sure user does not impersonate himself
Tree userTree = user.getTree();
PropertyState prop = userTree.getProperty(REP_PRINCIPAL_NAME);
@@ -106,12 +100,6 @@ class ImpersonationImpl implements Imper
return false;
}
- // make sure the given principal doesn't refer to the admin user.
- if (isAdmin(p)) {
- log.debug("Admin principal is already granted impersonation.");
- return false;
- }
-
Set<String> impersonators = getImpersonatorNames(userTree);
if (impersonators.add(principalName)) {
updateImpersonatorNames(userTree, impersonators);
@@ -166,7 +154,7 @@ class ImpersonationImpl implements Imper
}
//------------------------------------------------------------< private >---
- private Set<String> getImpersonatorNames() throws RepositoryException {
+ private Set<String> getImpersonatorNames() {
return getImpersonatorNames(user.getTree());
}
@@ -204,4 +192,36 @@ class ImpersonationImpl implements Imper
}
}
}
+
+ private boolean isValidPrincipal(Principal principal) {
+ Principal p = null;
+ // shortcut for TreeBasedPrincipal
+ if (principal instanceof TreeBasedPrincipal) {
+ try {
+ Authorizable otherUser = user.getUserManager().getAuthorizable(principal);
+ if (otherUser != null) {
+ p = otherUser.getPrincipal();
+ }
+
+ } catch (RepositoryException e) {
+ log.debug(e.getMessage());
+ }
+ } else {
+ p = principalManager.getPrincipal(principal.getName());
+ }
+ if (p == null) {
+ log.debug("Cannot grant impersonation to an unknown principal.");
+ return false;
+ }
+ if (p instanceof Group) {
+ log.debug("Cannot grant impersonation to a principal that is a Group.");
+ return false;
+ }
+ // make sure the given principal doesn't refer to the admin user.
+ if (isAdmin(p)) {
+ log.debug("Admin principal is already granted impersonation.");
+ return false;
+ }
+ return true;
+ }
}