1 /*****************************************************************************
2 * Copyright Igor Barma, Eric Brun, Alexandre Desoubeaux, Christian Martel,
5 * Ce logiciel est un programme informatique servant à l'évaluation des
8 * Ce logiciel est régi par la licence CeCILL soumise au droit français et
9 * respectant les principes de diffusion des logiciels libres. Vous pouvez
10 * utiliser, modifier et/ou redistribuer ce programme sous les conditions
11 * de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA
12 * sur le site "http://www.cecill.info".
14 * En contrepartie de l'accessibilité au code source et des droits de copie,
15 * de modification et de redistribution accordés par cette licence, il n'est
16 * offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons,
17 * seule une responsabilité restreinte pèse sur l'auteur du programme, le
18 * titulaire des droits patrimoniaux et les concédants successifs.
20 * A cet égard l'attention de l'utilisateur est attirée sur les risques
21 * associés au chargement, à l'utilisation, à la modification et/ou au
22 * développement et à la reproduction du logiciel par l'utilisateur étant
23 * donné sa spécificité de logiciel libre, qui peut le rendre complexe à
24 * manipuler et qui le réserve donc à des développeurs et des professionnels
25 * avertis possédant des connaissances informatiques approfondies. Les
26 * utilisateurs sont donc invités à charger et tester l'adéquation du
27 * logiciel à leurs besoins dans des conditions permettant d'assurer la
28 * sécurité de leurs systèmes et ou de leurs données et, plus généralement,
29 * à l'utiliser et l'exploiter dans les mêmes conditions de sécurité.
31 * Le fait que vous puissiez accéder à cet en-tête signifie que vous avez
32 * pris connaissance de la licence CeCILL, et que vous en avez accepté les
34 *******************************************************************************/
35 package com.pentila.jackrabbit.auth;
37 import java.util.Properties;
39 import javax.jcr.AccessDeniedException;
40 import javax.jcr.ItemNotFoundException;
41 import javax.jcr.NoSuchWorkspaceException;
42 import javax.jcr.Node;
43 import javax.jcr.PathNotFoundException;
44 import javax.jcr.RepositoryException;
45 import javax.jcr.Session;
46 import javax.jcr.SimpleCredentials;
47 import javax.jcr.Value;
48 import javax.naming.InitialContext;
50 import org.apache.jackrabbit.core.ItemId;
51 import org.apache.jackrabbit.core.NodeId;
52 import org.apache.jackrabbit.core.PropertyId;
53 import org.apache.jackrabbit.core.RepositoryImpl;
54 import org.apache.jackrabbit.core.security.AMContext;
55 import org.apache.jackrabbit.core.security.AccessManager;
56 import org.apache.jackrabbit.uuid.UUID;
58 // TODO: Auto-generated Javadoc
60 * The Class SimpleCASAccessManager.
62 public class SimpleCASAccessManager implements AccessManager {
64 /** The am context. */
67 /** The is content node. */
68 boolean isContentNode = false;// = n.getName().equals("jcr:content");
70 /** The is file node type. */
71 boolean isFileNodeType = false;// = n.isNodeType("nt:file");
73 /** The is folder node type. */
74 boolean isFolderNodeType = false;// = n.isNodeType("nt:folder");
77 boolean isOwner = false;// = this.isOwner(n, user);
79 /** The is parent owner. */
80 boolean isParentOwner = false;// = (parent != null) && (this.isOwner(parent,
83 /** The is root folder. */
84 boolean isRootFolder = false;// = n.getPath().equals("/");
86 /** The is root parent. */
87 boolean isRootParent = false;// = n.getParent().getPath().equals("/");
90 boolean isShared = false;// = this.isOwner(n, user);
92 /** The is system node. */
93 boolean isSystemNode = false;// = n.getName().equals("jcr:system");
95 /** The is workspace name. */
96 boolean isWorkspaceName = false;
99 String path = null;// = n.getPath();
108 private static String access = "anonymous";
110 /** The superuser. */
111 private static boolean superuser = false;
114 * Instantiates a new simple cas access manager.
116 public SimpleCASAccessManager() {
120 Properties props = new Properties();
122 .put("java.naming.factory.initial",
123 "org.apache.jackrabbit.core.jndi.provider.DummyInitialContextFactory");
124 props.put("java.naming.provider.url",
125 "http://www.apache.org/jackrabbit");
127 InitialContext ic = new InitialContext(props);
128 rep = (RepositoryImpl) ic.lookup("jackrabbit.repository");
130 } catch (Exception e) {
131 //e.printStackTrace();
136 * @see org.apache.jackrabbit.core.security.AccessManager#canAccess(java.lang.String)
138 public boolean canAccess(String arg0) throws NoSuchWorkspaceException,
139 RepositoryException {
144 * @see org.apache.jackrabbit.core.security.AccessManager#checkPermission(org.apache.jackrabbit.core.ItemId, int)
146 public void checkPermission(ItemId arg0, int arg1)
147 throws AccessDeniedException, ItemNotFoundException,
148 RepositoryException {
153 * @see org.apache.jackrabbit.core.security.AccessManager#close()
155 public void close() throws Exception {
162 * @return access : anonimus or restricted
164 public String getAccess() {
169 * Used tu get the folder of the current node. if this node is of
170 * "jcr:content" type, which is a child node of "nt:file" which can be in a
171 * "nt:folder" node, it will return the "nt:folder" node.
173 * @param start the node from where the search is made. No matter if the node
174 * it is a folder, it will start looking in the parent node.
176 * @return the first "nt:folder" found
178 private Node getFolder(Node start) {
181 pp = start.getParent();
182 if (pp.isNodeType("nt:folder")) {
187 } catch (Exception e) {
194 * Retreives the node found in requestNode item.
196 * @param requestNode ItemId ( can be NodeId or PropertyId )
197 * @param jcrSession a open session object
199 * @return the Node located in requestNode item
201 * @throws ItemNotFoundException the item not found exception
202 * @throws RepositoryException the repository exception
204 private Node getNode(ItemId requestNode, Session jcrSession)
205 throws ItemNotFoundException, RepositoryException {
209 if (requestNode.denotesNode()) {
210 nid = (NodeId) requestNode;
212 PropertyId pid = (PropertyId) requestNode;
213 nid = pid.getParentId();
215 uuid = nid.getUUID();
216 String u = uuid.toString();
218 return jcrSession.getNodeByUUID(u);
222 * Will test if the following parameters will grant or not the current user.
224 * @param isFileNodeType the is file node type
225 * @param isFolderNodeType the is folder node type
226 * @param isRootFolder the is root folder
227 * @param isContentNode the is content node
228 * @param isSystemNode the is system node
229 * @param isParentOwner the is parent owner
230 * @param isWorkspaceName the is workspace name
231 * @param isOwner the is owner
232 * @param isRootParent the is root parent
233 * @param isShared the is shared
235 * @return true, if checks for access
237 private boolean hasAccess(boolean isFileNodeType, boolean isFolderNodeType,
238 boolean isRootFolder, boolean isContentNode, boolean isSystemNode,
239 boolean isParentOwner, boolean isWorkspaceName, boolean isOwner,
240 boolean isRootParent, boolean isShared) {
241 boolean localHasAccess = isOwner || isShared;
243 // System.out.println("## file: " + isFileNodeType + " folder: " +
244 // isFolderNodeType + " path: " + isRootFolder
245 // + " jcr content?: " + isContentNode + " jcr:system?: " +
247 if (isFileNodeType || isFolderNodeType || isRootFolder || isContentNode
249 // System.out.println("#### ok: " + isRootParent + " jcr:content?: "
250 // + isContentNode + " parent owner?" + isParentOwner);
251 if (!localHasAccess && isContentNode && isParentOwner) {
252 localHasAccess = true;
254 // System.out.println("##OK: " + hasAccess + " jcr:system?:" +
256 if (!localHasAccess && (isRootFolder || isSystemNode)) {
257 localHasAccess = true;
259 // System.out.println("#* ok: " + hasAccess + " user=node: "
260 // + isWorkspaceName + " root parent?: " + isRootParent);
261 if (!localHasAccess && isWorkspaceName && isRootParent) // in
266 localHasAccess = true;
268 // System.out.println(" is parent owner? " +
271 localHasAccess = true;
277 // System.out.println("# ok: " + hasAccess + " user=node: " +
278 // isWorkspaceName + " root parent?: " + isRootParent);
279 if (!localHasAccess && isWorkspaceName && isRootParent) // in in
282 localHasAccess = true;
285 return localHasAccess;
289 * @see org.apache.jackrabbit.core.security.AccessManager#init(org.apache.jackrabbit.core.security.AMContext)
291 public void init(AMContext amContext) throws AccessDeniedException,
294 user = amContext.getSubject().getPrincipals().iterator().next()
296 if (user.equals("system")){
299 this.amContext = amContext;
303 * Main method called by the cas. In permissionLevel will be the action: 1
304 * is read 2 is add 0 is delete
306 * @param arg0 the arg0
307 * @param permissionLevel the permission level
309 * @return true, if checks if is granted
311 * @throws ItemNotFoundException the item not found exception
312 * @throws RepositoryException the repository exception
314 public boolean isGranted(ItemId arg0, int permissionLevel)
315 throws ItemNotFoundException, RepositoryException {
316 if (access.equals("anonymous")) {
318 } else if (access.equals("restricted")) {
322 Session jcrSession = rep.login(new SimpleCredentials(user, user
327 Node n = this.getNode(arg0, jcrSession);
328 isFileNodeType = n.isNodeType("nt:file");
329 isFolderNodeType = n.isNodeType("nt:folder");
330 isRootFolder = n.getPath().equals("/");
332 isContentNode = n.getName().equals("jcr:content");
333 isSystemNode = n.getName().equals("jcr:system");
334 isOwner = this.isOwner(n, user);
335 isShared = this.isShared(n, user);
337 Node parent = getFolder(n);
338 boolean foundInHierarchy = this.isOwner(parent, user);
340 while (parent != null && !foundInHierarchy) {
341 parent = this.getFolder(parent);
342 foundInHierarchy = this.isOwner(parent, user);
345 isParentOwner = (foundInHierarchy)
346 || ((parent != null) && (this.isOwner(parent, user)));
349 isRootParent = n.getParent().getPath().equals("/");
350 } catch (Exception e) {
352 isWorkspaceName = n.getName().equals(user)
353 || n.getName().equals(user + "_eval");
356 boolean retVal = this.hasAccess(isFileNodeType, isFolderNodeType,
357 isRootFolder, isContentNode, isSystemNode, isParentOwner,
358 isWorkspaceName, isOwner, isRootParent, isShared);
359 // System.out.println("User: " + jcrSession.getUserID() +
360 // " ACCESS:: " + retVal + " :: " + path + " parent?:" +
370 * Tests if the node has the userName in access list.
373 * @param userName user
375 * @return true if found
377 private boolean isOwner(Node node, String userName) {
378 boolean retVal = false;
379 String type = "jcr:owner";
386 Value ownersList[] = node.getProperty(type).getValues();
387 // System.out.println("numar values found:" +
388 // ownersList.length);
389 for (Value i : ownersList) {
390 /*System.out.println(node.getName() + " >> "
391 + i.getString() + ".");*/
392 if (i.getString().equals(userName)) {
398 } catch (PathNotFoundException e) {
400 //e.printStackTrace();
401 } catch (RepositoryException e) {
403 //e.printStackTrace();
410 * Checks if the node has the user in access list.
412 * @param node the node
413 * @param userName the user name
415 * @return true if found
417 private boolean isShared(Node node, String userName) {
418 boolean retVal = false;
419 String type = "jcr:shared";
422 Value ownersList[] = node.getProperty(type).getValues();
423 // System.out.println("shared list size:" +
424 // ownersList.length);
425 for (Value i : ownersList) {
426 // System.out.println(" >> " + i.getString() + ".");
427 if (i.getString().equals(userName)) {
433 } catch (PathNotFoundException e) {
435 //e.printStackTrace();
436 } catch (RepositoryException e) {
438 //e.printStackTrace();
445 * Set the access parameter which can be modified in the repository.xml
448 * @param access the access
450 public void setAccess(String access) {
451 SimpleCASAccessManager.access = access;