public ItemState getCanonicalItemState(ItemId id) throws NoSuchItemStateException, ItemStateException { try { if (!accessManager.isGranted(id, AccessManager.READ)) { return null; } } catch (RepositoryException ex) { return null; } return super.getItemState(id); }
/** * Returns the names of all workspaces of this repository with respect of the * access rights of this session. * * @return the names of all accessible workspaces * @throws RepositoryException if an error occurs */ public String[] getAccessibleWorkspaceNames() throws RepositoryException { // check state of this instance sanityCheck(); // filter workspaces according to access rights List<String> names = new ArrayList<String>(); WorkspaceManager manager = context.getRepositoryContext().getWorkspaceManager(); for (String name : manager.getWorkspaceNames()) { try { if (context.getAccessManager().canAccess(name)) { names.add(name); } } catch (NoSuchWorkspaceException e) { log.warn("Workspace disappeared unexpectedly: " + name, e); } } return names.toArray(new String[names.size()]); }
/** * @param parent The item data of the parent node. * @param childId * @return true if the item with the given <code>childId</code> can be read; * <code>false</code> otherwise. * @throws RepositoryException */ private boolean canRead(ItemData parent, ItemId childId) throws RepositoryException { if (parent.getStatus() == ItemState.STATUS_EXISTING) { // child item is for sure not NEW (because then the parent was modified). // safe to use AccessManager#canRead(Path, ItemId). return sessionContext.getAccessManager().canRead(null, childId); } else { // child could be NEW -> don't use AccessManager#canRead(Path, ItemId) return sessionContext.getAccessManager().isGranted(childId, AccessManager.READ); } }
public void registerNamespace(String prefix, String uri) throws NamespaceException, UnsupportedRepositoryOperationException, AccessDeniedException, RepositoryException { session.getAccessManager().checkRepositoryPermission(Permission.NAMESPACE_MNGMT); nsRegistry.registerNamespace(prefix, uri); }
/** * Checks if the current session has version management permission * * @throws AccessDeniedException if version management is not allowed * @throws RepositoryException if an error occurs */ private void checkVersionManagementPermission() throws RepositoryException { try { sessionContext.getAccessManager().checkPermission(getPrimaryPath(), Permission.VERSION_MNGMT); } catch (ItemNotFoundException e) { // ignore. } }
public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException { try { AccessManagerConfig amc = config.getAccessManagerConfig(); AccessManager accessMgr; if (amc == null) { accessMgr = new SimpleAccessManager(); } else { accessMgr = amc.newInstance(AccessManager.class); } accessMgr.init(amContext); return accessMgr; } catch (AccessDeniedException ade) { throw ade; } catch (Exception e) { String msg = "Failed to instantiate AccessManager implementation"; log.error(msg, e); throw new RepositoryException(msg, e); } }
/** * Checks if access is granted to all <code>nodes</code>. * * @param nodes the nodes to check. * @return <code>true</code> if read access is granted to all * <code>nodes</code>. * @throws RepositoryException if an error occurs while checking access * rights. */ protected boolean isAccessGranted(ScoreNode[] nodes) throws RepositoryException { for (ScoreNode node : nodes) { try { if (node != null && !sessionContext.getAccessManager().canRead( null, node.getNodeId())) { return false; } } catch (ItemNotFoundException e) { // node deleted while query was executed } } return true; }
context.getAccessManager().close(); } catch (Exception e) { log.warn("error while closing AccessManager", e);
public void unregisterNamespace(String prefix) throws NamespaceException, UnsupportedRepositoryOperationException, AccessDeniedException, RepositoryException { session.getAccessManager().checkRepositoryPermission(Permission.NAMESPACE_MNGMT); nsRegistry.unregisterNamespace(prefix); }
/** * Checks if the current session has version management permission * * @throws AccessDeniedException if version management is not allowed * @throws RepositoryException if an error occurs */ private void checkVersionManagementPermission() throws RepositoryException { try { sessionContext.getAccessManager().checkPermission(getPrimaryPath(), Permission.VERSION_MNGMT); } catch (ItemNotFoundException e) { // ignore. } }
/** * @see JackrabbitSecurityManager#getAccessManager(Session,AMContext) */ public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException { checkInitialized(); try { String wspName = session.getWorkspace().getName(); AccessControlProvider acP = getAccessControlProvider(systemSession, wspName); AccessManagerConfig amc = config.getAccessManagerConfig(); AccessManager accessMgr; if (amc == null) { accessMgr = new SimpleAccessManager(); } else { accessMgr = amc.newInstance(AccessManager.class); } accessMgr.init(amContext, acP, workspaceAccessManager); return accessMgr; } catch (AccessDeniedException ade) { // re-throw throw ade; } catch (Exception e) { // wrap in RepositoryException String msg = "failed to instantiate AccessManager implementation: " + SimpleAccessManager.class.getName(); log.error(msg, e); throw new RepositoryException(msg, e); } }
/** * Checks if access is granted to all <code>nodes</code>. * * @param nodes the nodes to check. * @return <code>true</code> if read access is granted to all * <code>nodes</code>. * @throws RepositoryException if an error occurs while checking access * rights. */ protected boolean isAccessGranted(ScoreNode[] nodes) throws RepositoryException { for (ScoreNode node : nodes) { try { if (node != null && !sessionContext.getAccessManager().canRead( null, node.getNodeId())) { return false; } } catch (ItemNotFoundException e) { // node deleted while query was executed } } return true; }
context.getAccessManager().close(); } catch (Exception e) { log.warn("error while closing AccessManager", e);
private void checkPermission(NodeImpl node, Name childName, int perm) throws RepositoryException { if (perm > Permission.NONE) { SessionImpl sImpl = (SessionImpl) node.getSession(); AccessManager acMgr = sImpl.getAccessManager(); boolean isGranted = acMgr.isGranted(node.getPrimaryPath(), childName, perm); if (!isGranted) { throw new AccessDeniedException("Permission denied."); } } }
/** * @param parent The item data of the parent node. * @param childId * @return true if the item with the given <code>childId</code> can be read; * <code>false</code> otherwise. * @throws RepositoryException */ private boolean canRead(ItemData parent, ItemId childId) throws RepositoryException { if (parent.getStatus() == ItemState.STATUS_EXISTING) { // child item is for sure not NEW (because then the parent was modified). // safe to use AccessManager#canRead(Path, ItemId). return sessionContext.getAccessManager().canRead(null, childId); } else { // child could be NEW -> don't use AccessManager#canRead(Path, ItemId) return sessionContext.getAccessManager().isGranted(childId, AccessManager.READ); } }
public void unregisterNamespace(String prefix) throws NamespaceException, UnsupportedRepositoryOperationException, AccessDeniedException, RepositoryException { session.getAccessManager().checkRepositoryPermission(Permission.NAMESPACE_MNGMT); nsRegistry.unregisterNamespace(prefix); }
private void checkPermission(ItemImpl item, int perm) throws RepositoryException { if (perm > Permission.NONE) { SessionImpl sImpl = (SessionImpl) item.getSession(); AccessManager acMgr = sImpl.getAccessManager(); Path path = item.getPrimaryPath(); acMgr.checkPermission(path, perm); } }
/** * Returns the names of all workspaces of this repository with respect of the * access rights of this session. * * @return the names of all accessible workspaces * @throws RepositoryException if an error occurs */ public String[] getAccessibleWorkspaceNames() throws RepositoryException { // check state of this instance sanityCheck(); // filter workspaces according to access rights List<String> names = new ArrayList<String>(); WorkspaceManager manager = context.getRepositoryContext().getWorkspaceManager(); for (String name : manager.getWorkspaceNames()) { try { if (context.getAccessManager().canAccess(name)) { names.add(name); } } catch (NoSuchWorkspaceException e) { log.warn("Workspace disappeared unexpectedly: " + name, e); } } return names.toArray(new String[names.size()]); }
/** * @see JackrabbitSecurityManager#getAccessManager(Session,AMContext) */ public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException { checkInitialized(); try { String wspName = session.getWorkspace().getName(); AccessControlProvider acP = getAccessControlProvider(systemSession, wspName); AccessManagerConfig amc = config.getAccessManagerConfig(); AccessManager accessMgr; if (amc == null) { accessMgr = new SimpleAccessManager(); } else { accessMgr = amc.newInstance(AccessManager.class); } accessMgr.init(amContext, acP, workspaceAccessManager); return accessMgr; } catch (AccessDeniedException ade) { // re-throw throw ade; } catch (Exception e) { // wrap in RepositoryException String msg = "failed to instantiate AccessManager implementation: " + SimpleAccessManager.class.getName(); log.error(msg, e); throw new RepositoryException(msg, e); } }
public void testCanReadPathId() throws Exception { Session s = getHelper().getReadOnlySession(); try { AccessManager acMgr = getAccessManager(s); ItemId id = ((NodeImpl) testRootNode).getId(); Path path = ((NodeImpl) testRootNode).getPrimaryPath(); assertTrue(acMgr.canRead(null, id)); assertTrue(acMgr.canRead(path, null)); assertTrue(acMgr.canRead(path, id)); id = ((PropertyImpl) testRootNode.getProperty(jcrPrimaryType)).getId(); path = ((PropertyImpl) testRootNode.getProperty(jcrPrimaryType)).getPrimaryPath(); assertTrue(acMgr.canRead(null, id)); assertTrue(acMgr.canRead(path, null)); assertTrue(acMgr.canRead(path, id)); } finally { s.logout(); } }