1 /*****************************************************************************
2 * Copyright Igor Barma, Eric Brun, Alexandre Desoubeaux, Christian Martel,
5 * Ce logiciel est un programme informatique servant à l'évaluation des
8 * Ce logiciel est régi par la licence CeCILL soumise au droit français et
9 * respectant les principes de diffusion des logiciels libres. Vous pouvez
10 * utiliser, modifier et/ou redistribuer ce programme sous les conditions
11 * de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA
12 * sur le site "http://www.cecill.info".
14 * En contrepartie de l'accessibilité au code source et des droits de copie,
15 * de modification et de redistribution accordés par cette licence, il n'est
16 * offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons,
17 * seule une responsabilité restreinte pèse sur l'auteur du programme, le
18 * titulaire des droits patrimoniaux et les concédants successifs.
20 * A cet égard l'attention de l'utilisateur est attirée sur les risques
21 * associés au chargement, à l'utilisation, à la modification et/ou au
22 * développement et à la reproduction du logiciel par l'utilisateur étant
23 * donné sa spécificité de logiciel libre, qui peut le rendre complexe à
24 * manipuler et qui le réserve donc à des développeurs et des professionnels
25 * avertis possédant des connaissances informatiques approfondies. Les
26 * utilisateurs sont donc invités à charger et tester l'adéquation du
27 * logiciel à leurs besoins dans des conditions permettant d'assurer la
28 * sécurité de leurs systèmes et ou de leurs données et, plus généralement,
29 * à l'utiliser et l'exploiter dans les mêmes conditions de sécurité.
31 * Le fait que vous puissiez accéder à cet en-tête signifie que vous avez
32 * pris connaissance de la licence CeCILL, et que vous en avez accepté les
34 *******************************************************************************/
35 package com.pentila.jackrabbit.auth;
37 import java.util.Properties;
39 import javax.jcr.AccessDeniedException;
40 import javax.jcr.ItemNotFoundException;
41 import javax.jcr.NoSuchWorkspaceException;
42 import javax.jcr.Node;
43 import javax.jcr.PathNotFoundException;
44 import javax.jcr.RepositoryException;
45 import javax.jcr.Session;
46 import javax.jcr.SimpleCredentials;
47 import javax.jcr.Value;
48 import javax.naming.InitialContext;
50 import org.apache.jackrabbit.core.ItemId;
51 import org.apache.jackrabbit.core.NodeId;
52 import org.apache.jackrabbit.core.PropertyId;
53 import org.apache.jackrabbit.core.RepositoryImpl;
54 import org.apache.jackrabbit.core.security.AMContext;
55 import org.apache.jackrabbit.core.security.AccessManager;
56 import org.apache.jackrabbit.uuid.UUID;
58 // TODO: Auto-generated Javadoc
60 * The Class SimpleCASAccessManager.
62 public class SimpleCASAccessManager implements AccessManager {
64 /** The am context. */
67 /** The is content node. */
68 boolean isContentNode = false;// = n.getName().equals("jcr:content");
70 /** The is file node type. */
71 boolean isFileNodeType = false;// = n.isNodeType("nt:file");
73 /** The is folder node type. */
74 boolean isFolderNodeType = false;// = n.isNodeType("nt:folder");
77 boolean isOwner = false;// = this.isOwner(n, user);
79 /** The is parent owner. */
80 boolean isParentOwner = false;// = (parent != null) && (this.isOwner(parent,
83 /** The is root folder. */
84 boolean isRootFolder = false;// = n.getPath().equals("/");
86 /** The is root parent. */
87 boolean isRootParent = false;// = n.getParent().getPath().equals("/");
90 boolean isShared = false;// = this.isOwner(n, user);
92 /** The is system node. */
93 boolean isSystemNode = false;// = n.getName().equals("jcr:system");
95 /** The is workspace name. */
96 boolean isWorkspaceName = false;
99 String path = null;// = n.getPath();
108 private static String access = "anonymous";
110 /** The superuser. */
111 private static boolean superuser = false;
114 * Instantiates a new simple cas access manager.
116 public SimpleCASAccessManager() {
120 Properties props = new Properties();
122 .put("java.naming.factory.initial",
123 "org.apache.jackrabbit.core.jndi.provider.DummyInitialContextFactory");
124 props.put("java.naming.provider.url",
125 "http://www.apache.org/jackrabbit");
127 InitialContext ic = new InitialContext(props);
128 rep = (RepositoryImpl) ic.lookup("jackrabbit.repository");
130 } catch (Exception e) {
131 //e.printStackTrace();
136 * @see org.apache.jackrabbit.core.security.AccessManager#canAccess(java.lang.String)
138 public boolean canAccess(String arg0) throws NoSuchWorkspaceException,
139 RepositoryException {
144 * @see org.apache.jackrabbit.core.security.AccessManager#checkPermission(org.apache.jackrabbit.core.ItemId, int)
146 public void checkPermission(ItemId arg0, int arg1)
147 throws AccessDeniedException, ItemNotFoundException,
148 RepositoryException {
153 * @see org.apache.jackrabbit.core.security.AccessManager#close()
155 public void close() throws Exception {
162 * @return access : anonimus or restricted
164 public String getAccess() {
169 * Used tu get the folder of the current node. if this node is of
170 * "jcr:content" type, which is a child node of "nt:file" which can be in a
171 * "nt:folder" node, it will return the "nt:folder" node.
173 * @param start the node from where the search is made. No matter if the node
174 * it is a folder, it will start looking in the parent node.
176 * @return the first "nt:folder" found
178 private Node getFolder(Node start) {
181 pp = start.getParent();
182 if (pp.isNodeType("nt:folder")) {
187 } catch (Exception e) {
194 * Retreives the node found in requestNode item.
196 * @param requestNode ItemId ( can be NodeId or PropertyId )
197 * @param jcrSession a open session object
199 * @return the Node located in requestNode item
201 * @throws ItemNotFoundException the item not found exception
202 * @throws RepositoryException the repository exception
204 private Node getNode(ItemId requestNode, Session jcrSession)
205 throws ItemNotFoundException, RepositoryException {
209 if (requestNode.denotesNode()) {
210 nid = (NodeId) requestNode;
212 PropertyId pid = (PropertyId) requestNode;
213 nid = pid.getParentId();
215 uuid = nid.getUUID();
216 String u = uuid.toString();
218 return jcrSession.getNodeByUUID(u);
222 * Will test if the following parameters will grant or not the current user.
224 * @param isFileNodeType the is file node type
225 * @param isFolderNodeType the is folder node type
226 * @param isRootFolder the is root folder
227 * @param isContentNode the is content node
228 * @param isSystemNode the is system node
229 * @param isParentOwner the is parent owner
230 * @param isWorkspaceName the is workspace name
231 * @param isOwner the is owner
232 * @param isRootParent the is root parent
233 * @param isShared the is shared
235 * @return true, if checks for access
237 private boolean hasAccess(boolean isFileNodeType, boolean isFolderNodeType,
238 boolean isRootFolder, boolean isContentNode, boolean isSystemNode,
239 boolean isParentOwner, boolean isWorkspaceName, boolean isOwner,
240 boolean isRootParent, boolean isShared) {
242 //TODO : Seriouly must be perform !!!
245 boolean localHasAccess = isOwner || isShared;
248 return localHasAccess;
252 if (isFileNodeType || isFolderNodeType || isRootFolder || isContentNode
255 if (!localHasAccess && isContentNode && isParentOwner) {
257 localHasAccess = true;
260 if (!localHasAccess && (isRootFolder || isSystemNode)) {
262 localHasAccess = true;
265 if (!localHasAccess && isWorkspaceName && isRootParent) // in
271 localHasAccess = true;
276 localHasAccess = true;
283 if (!localHasAccess && isWorkspaceName && isRootParent) // in in
287 localHasAccess = true;
291 return localHasAccess;
295 * @see org.apache.jackrabbit.core.security.AccessManager#init(org.apache.jackrabbit.core.security.AMContext)
297 public void init(AMContext amContext) throws AccessDeniedException,
300 user = amContext.getSubject().getPrincipals().iterator().next()
302 if (user.equals("system")){
305 this.amContext = amContext;
309 * Main method called by the cas. In permissionLevel will be the action: 1
310 * is read 2 is add 0 is delete
312 * @param arg0 the arg0
313 * @param permissionLevel the permission level
315 * @return true, if checks if is granted
317 * @throws ItemNotFoundException the item not found exception
318 * @throws RepositoryException the repository exception
320 public boolean isGranted(ItemId arg0, int permissionLevel)
321 throws ItemNotFoundException, RepositoryException {
323 // TODO : must be perform
325 if (access.equals("anonymous")) {
327 } else if (access.equals("restricted")) {
331 Session jcrSession = rep.login(new SimpleCredentials(user, user
336 Node n = this.getNode(arg0, jcrSession);
338 isContentNode = n.getName().equals("jcr:content");
339 isSystemNode = n.getName().equals("jcr:system");
345 isFileNodeType = n.isNodeType("nt:file");
346 isFolderNodeType = n.isNodeType("nt:folder");
347 isRootFolder = n.getPath().equals("/");
350 isOwner = this.isOwner(n, user);
351 isShared = this.isShared(n, user);
353 Node parent = getFolder(n);
354 boolean foundInHierarchy = false;
356 while (parent != null && !foundInHierarchy) {
358 foundInHierarchy = this.isOwner(parent, user) || this.isShared(parent, user);
359 if (foundInHierarchy){
362 parent = this.getFolder(parent);
365 isParentOwner = (foundInHierarchy)
366 || ((parent != null) && (this.isOwner(parent, user)));
369 isRootParent = n.getParent().getPath().equals("/");
370 } catch (Exception e) {
372 isWorkspaceName = n.getName().equals(user)
373 || n.getName().equals(user + "_eval");
376 boolean retVal = this.hasAccess(isFileNodeType, isFolderNodeType,
377 isRootFolder, isContentNode, isSystemNode, isParentOwner,
378 isWorkspaceName, isOwner, isRootParent, isShared);
387 * Tests if the node has the userName in access list.
390 * @param userName user
392 * @return true if found
394 private boolean isOwner(Node node, String userName) {
395 boolean retVal = false;
396 String type = "jcr:owner";
400 Value ownersList[] = node.getProperty(type).getValues();
401 // System.out.println("numar values found:" +
402 // ownersList.length);
403 for (Value i : ownersList) {
404 /*System.out.println(node.getName() + " >> "
405 + i.getString() + ".");*/
406 if (i.getString().equals(userName)) {
412 } catch (PathNotFoundException e) {
414 //e.printStackTrace();
415 } catch (RepositoryException e) {
417 //e.printStackTrace();
424 * Checks if the node has the user in access list.
426 * @param node the node
427 * @param userName the user name
429 * @return true if found
431 private boolean isShared(Node node, String userName) {
432 boolean retVal = false;
433 String type = "jcr:shared";
436 Value ownersList[] = node.getProperty(type).getValues();
437 // System.out.println("shared list size:" +
438 // ownersList.length);
439 for (Value i : ownersList) {
440 // System.out.println(" >> " + i.getString() + ".");
441 if (i.getString().equals(userName)) {
447 } catch (PathNotFoundException e) {
449 //e.printStackTrace();
450 } catch (RepositoryException e) {
452 //e.printStackTrace();
459 * Set the access parameter which can be modified in the repository.xml
462 * @param access the access
464 public void setAccess(String access) {
465 SimpleCASAccessManager.access = access;