JCRAuthorizationModule


1   /**
2    *
3    * Magnolia and its source-code is licensed under the LGPL.
4    * You may copy, adapt, and redistribute this file for commercial or non-commercial use.
5    * When copying, adapting, or redistributing this document in keeping with the guidelines above,
6    * you are required to provide proper attribution to obinary.
7    * If you reproduce or distribute the document without making any substantive modifications to its content,
8    * please use the following attribution line:
9    *
10   * Copyright 1993-2006 obinary Ltd. (http://www.obinary.com) All rights reserved.
11   *
12   */
13  package info.magnolia.jaas.sp.jcr;
14  
15  import info.magnolia.cms.beans.config.ContentRepository;
16  import info.magnolia.cms.core.Content;
17  import info.magnolia.cms.core.HierarchyManager;
18  import info.magnolia.cms.core.ItemType;
19  import info.magnolia.cms.core.NodeData;
20  import info.magnolia.cms.security.Permission;
21  import info.magnolia.cms.security.PermissionImpl;
22  import info.magnolia.cms.security.auth.ACL;
23  import info.magnolia.cms.security.auth.GroupList;
24  import info.magnolia.cms.security.auth.PrincipalCollection;
25  import info.magnolia.cms.security.auth.RoleList;
26  import info.magnolia.cms.util.SimpleUrlPattern;
27  import info.magnolia.cms.util.UrlPattern;
28  import info.magnolia.jaas.principal.ACLImpl;
29  import info.magnolia.jaas.principal.GroupListImpl;
30  import info.magnolia.jaas.principal.PrincipalCollectionImpl;
31  import info.magnolia.jaas.principal.RoleListImpl;
32  
33  import java.util.Iterator  ;
34  
35  import javax.jcr.ItemNotFoundException;
36  import javax.jcr.PathNotFoundException;
37  import javax.jcr.RepositoryException;
38  import javax.security.auth.login.LoginException  ;
39  
40  import org.apache.commons.lang.StringUtils;
41  import org.slf4j.Logger;
42  import org.slf4j.LoggerFactory;
43  
44  
45  /**
46   * This is a default login module for magnolia, it uses initialized repository as defined by the provider interface
47   * @author Sameer Charles $Id: JCRAuthorizationModule.java 6341 2006-09-12 09:18:27Z philipp $
48   */
49  public class JCRAuthorizationModule extends JCRAuthenticationModule {
50  
51      /**
52       * Logger
53       */
54      private static Logger log = LoggerFactory.getLogger(JCRAuthorizationModule.class);
55  
56      /**
57       * checks if the user exist in the repository
58       * @return boolean
59       */
60      public boolean isValidUser() {
61          HierarchyManager hm = ContentRepository.getHierarchyManager(ContentRepository.USERS);
62          try {
63              this.user = hm.getContent(this.name);
64              return true;
65          }
66          catch (PathNotFoundException pe) {
67              log.info("Unable to locate user [{}], authentication failed", this.name);
68          }
69          catch (RepositoryException re) {
70              log.error("Unable to locate user ["
71                  + this.name
72                  + "], authentication failed due to a "
73                  + re.getClass().getName(), re);
74          }
75          return false;
76      }
77  
78      /**
79       * Update subject with ACL and other properties
80       */
81      public boolean commit() throws LoginException   {
82          if (!this.success) {
83              throw new LoginException  ("failed to authenticate " + this.name);
84          }
85          this.setEntity();
86          this.setACL();
87          return true;
88      }
89  
90      /**
91       * set access control list from the user, roles and groups
92       */
93      public void setACL() {
94          RoleList roleList = new RoleListImpl();
95          PrincipalCollection principalList = new PrincipalCollectionImpl();
96          GroupList groupList = new GroupListImpl();
97  
98          this.setACL(this.user, principalList);
99  
100         this.addGroups(this.user, principalList, groupList, roleList);
101         this.addRoles(this.user, principalList, roleList);
102         /**
103          * set list of group names, info.magnolia.jaas.principal.GroupList
104          */
105         this.subject.getPrincipals().add(groupList);
106         /**
107          * set principal list, a set of info.magnolia.jaas.principal.ACL
108          */
109         this.subject.getPrincipals().add(principalList);
110         /**
111          * set list of role names, info.magnolia.jaas.principal.RoleList
112          */
113         this.subject.getPrincipals().add(roleList);
114     }
115 
116     /**
117      * go through all roles and set ACL
118      */
119     private void addRoles(Content node, PrincipalCollection principalList, RoleList roleList) {
120         HierarchyManager rolesHierarchy = ContentRepository.getHierarchyManager(ContentRepository.USER_ROLES);
121         try {
122             Content rolesNode = node.getContent("roles");
123             Iterator   children = rolesNode.getNodeDataCollection().iterator();
124             while (children.hasNext()) {
125                 String   roleUUID = ((NodeData) children.next()).getString();
126                 Content role;
127                 try {
128                     role = rolesHierarchy.getContentByUUID(roleUUID);
129                 }
130                 catch (ItemNotFoundException e) {
131                     if (log.isDebugEnabled()) {
132                         log.debug("Role does not exist", e);
133                     }
134                     continue;
135                 }
136                 catch (IllegalArgumentException   e) {
137                     // this can happen if the roleUUID is not a valid uuid string
138                     if (log.isDebugEnabled()) {
139                         log.debug("Exception caught", e);
140                     }
141                     continue;
142                 }
143                 roleList.add(role.getName());
144                 this.setACL(role, principalList);
145             }
146         }
147         catch (PathNotFoundException e) {
148             log.debug(e.getMessage(), e);
149         }
150         catch (RepositoryException re) {
151             log.error(re.getMessage(), re);
152         }
153         catch (Exception   e) {
154             log.error(e.getMessage(), e);
155         }
156     }
157 
158     /**
159      * go through all roles and set ACL
160      */
161     private void addGroups(Content node, PrincipalCollection principalList, GroupList groupList, RoleList roleList) {
162         HierarchyManager groupsHierarchy = ContentRepository.getHierarchyManager(ContentRepository.USER_GROUPS);
163         try {
164             if (!node.hasContent("groups")) {
165                 return;
166             }
167             Content groupNode = node.getContent("groups");
168             Iterator   children = groupNode.getNodeDataCollection().iterator();
169             while (children.hasNext()) {
170                 String   groupUUID = ((NodeData) children.next()).getString();
171                 Content group;
172                 try {
173                     group = groupsHierarchy.getContentByUUID(groupUUID);
174                     // ignore if this groups is already in a list to avoid infinite recursion
175                     if (groupList.has(group.getName())) {
176                         continue;
177                     }
178                 }
179                 catch (ItemNotFoundException e) {
180                     if (log.isDebugEnabled()) {
181                         log.debug("Group does not exist", e);
182                     }
183                     continue;
184                 }
185                 groupList.add(group.getName());
186                 this.addRoles(group, principalList, roleList);
187                 // check for any sub groups
188                 this.addGroups(group, principalList, groupList, roleList);
189             }
190         }
191         catch (PathNotFoundException e) {
192             log.debug(e.getMessage(), e);
193         }
194         catch (RepositoryException re) {
195             log.error(re.getMessage(), re);
196         }
197         catch (Exception   e) {
198             log.error(e.getMessage(), e);
199         }
200     }
201 
202     /**
203      * set access control list from a list of roles under the provided content object
204      * @param role under which roles and ACL are defined
205      */
206     private void setACL(Content role, PrincipalCollection principalList) {
207         try {
208             Iterator   it = role.getChildren(ItemType.CONTENTNODE.getSystemName(), "acl*").iterator();
209             while (it.hasNext()) {
210                 Content aclEntry = (Content) it.next();
211                 String   name = StringUtils.substringAfter(aclEntry.getName(), "acl_");
212                 ACL acl;
213                 String   repositoryName;
214                 String   workspaceName;
215                 if (!StringUtils.contains(name, "_")) {
216 
217                     repositoryName = name;
218                     if (!ContentRepository.hasRepositoryMapping(repositoryName)) {
219                         // may be: default users may have permissions for the workflow or dms repositories, but
220                         // if the optional modules are not installed no ACL should be set
221                         continue;
222                     }
223                     workspaceName = ContentRepository.getDefaultWorkspace(name);
224 
225                     name += ("_" + workspaceName); // default workspace must be added to the name
226                 }
227                 else {
228                     String  [] tokens = StringUtils.split(name, "_");
229                     repositoryName = tokens[0];
230                     workspaceName = tokens[1];
231                 }
232                 // get the existing acl object if created before with some
233                 // other role
234                 if (!principalList.contains(name)) {
235                     acl = new ACLImpl();
236                     principalList.add(acl);
237                 }
238                 else {
239                     acl = (ACL) principalList.get(name);
240                 }
241                 acl.setName(name);
242                 acl.setRepository(repositoryName);
243                 acl.setWorkspace(workspaceName);
244 
245                 // add acl
246                 Iterator   permissionIterator = aclEntry.getChildren().iterator();
247                 while (permissionIterator.hasNext()) {
248                     Content map = (Content) permissionIterator.next();
249                     String   path = map.getNodeData("path").getString();
250                     UrlPattern p = new SimpleUrlPattern(path);
251                     Permission permission = new PermissionImpl();
252                     permission.setPattern(p);
253                     permission.setPermissions(map.getNodeData("permissions").getLong());
254                     acl.addPermission(permission);
255                 }
256             }
257         }
258         catch (Exception   e) {
259             log.error(e.getMessage(), e);
260         }
261 
262     }
263 
264 }
265
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags