Author: fmeschbe
Date: Fri Dec 4 13:56:45 2009
New Revision: 887198
URL: http://svn.apache.org/viewvc?rev=887198&view=rev
Log:
SLING-1208 Adapt to an API change between Jackrabbit 1.5 and 1.6: If a node as
a access control policy set, the
AccessControlManager.getApplicableAccessControlPolicies() returns an empty
iterator. In this case the getAccessControlPolicies returns the current
policies. Also upgraded dependency to Jackrabbit API to 1.6
Modified:
sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
Modified: sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml?rev=887198&r1=887197&r2=887198&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml (original)
+++ sling/trunk/bundles/jcr/jackrabbit-accessmanager/pom.xml Fri Dec 4
13:56:45 2009
@@ -112,7 +112,7 @@
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>jackrabbit-api</artifactId>
- <version>1.5.0</version>
+ <version>1.6.0</version>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
@@ -120,11 +120,6 @@
<version>2.0.4-incubator</version>
</dependency>
<dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-api</artifactId>
- <version>1.5.0</version>
- </dependency>
- <dependency>
<groupId>org.osgi</groupId>
<artifactId>org.osgi.core</artifactId>
</dependency>
Modified:
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java?rev=887198&r1=887197&r2=887198&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
Fri Dec 4 13:56:45 2009
@@ -26,6 +26,10 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.ResourceNotFoundException;
@@ -39,7 +43,7 @@
import org.slf4j.LoggerFactory;
/**
- * Base class for all the POST servlets for the AccessManager operations
+ * Base class for all the POST servlets for the AccessManager operations
*/
public abstract class AbstractAccessPostServlet extends SlingAllMethodsServlet
{
private static final long serialVersionUID = -5918670409789895333L;
@@ -48,7 +52,7 @@
* default log
*/
private final Logger log = LoggerFactory.getLogger(getClass());
-
+
/* (non-Javadoc)
* @see
org.apache.sling.api.servlets.SlingAllMethodsServlet#doPost(org.apache.sling.api.SlingHttpServletRequest,
org.apache.sling.api.SlingHttpServletResponse)
*/
@@ -76,12 +80,12 @@
Session session = request.getResourceResolver().adaptTo(Session.class);
final List<Modification> changes = new ArrayList<Modification>();
-
+
try {
handleOperation(request, htmlResponse, changes);
-
+
//TODO: maybe handle SlingAuthorizablePostProcessor handlers here
-
+
// set changes on html response
for(Modification change : changes) {
switch ( change.getType() ) {
@@ -93,7 +97,7 @@
case ORDER : htmlResponse.onChange("ordered",
change.getSource(), change.getDestination()); break;
}
}
-
+
if (session.hasPendingChanges()) {
session.save();
}
@@ -115,7 +119,7 @@
e.getMessage(), e);
}
}
-
+
// check for redirect URL if processing succeeded
if (htmlResponse.isSuccessful()) {
String redirect = getRedirectUrl(request, htmlResponse);
@@ -138,8 +142,8 @@
*/
abstract protected void handleOperation(SlingHttpServletRequest request,
HtmlResponse htmlResponse, List<Modification> changes)
throws RepositoryException;
-
-
+
+
/**
* compute redirect URL (SLING-126)
*
@@ -213,7 +217,7 @@
SlingPostConstants.RP_STATUS);
return true;
}
-
+
// ------ These methods were copied from AbstractSlingPostOperation
------
/**
@@ -250,5 +254,50 @@
return ret.toString();
}
-
+
+ /**
+ * Returns an <code>AccessControlList</code> to edit for the node at the
+ * given <code>resourcePath</code>.
+ *
+ * @param accessControlManager The manager providing access control lists
+ * @param resourcePath The node path for which to return an access control
+ * list
+ * @param mayCreate <code>true</code> if an access control list should be
+ * created if the node does not have one yet.
+ * @return The <code>AccessControlList</code> to modify to control access
to
+ * the node.
+ * @throws RepositoryException If the access control manager does not
+ * provide a <code>AccessControlPolicy</code> which is an
+ * <code>AccessControlList</code>.
+ */
+ protected AccessControlList getAccessControlList(
+ final AccessControlManager accessControlManager,
+ final String resourcePath, final boolean mayCreate)
+ throws RepositoryException {
+
+ // check for an existing access control list to edit
+ AccessControlPolicy[] policies =
accessControlManager.getPolicies(resourcePath);
+ for (AccessControlPolicy policy : policies) {
+ if (policy instanceof AccessControlList) {
+ return (AccessControlList) policy;
+ }
+ }
+
+ // no existing access control list, try to create if allowed
+ if (mayCreate) {
+ AccessControlPolicyIterator applicablePolicies =
accessControlManager.getApplicablePolicies(resourcePath);
+ while (applicablePolicies.hasNext()) {
+ AccessControlPolicy policy =
applicablePolicies.nextAccessControlPolicy();
+ if (policy instanceof AccessControlList) {
+ return (AccessControlList) policy;
+ }
+ }
+ }
+
+ // neither an existing nor a create AccessControlList is available,
fail
+ throw new RepositoryException(
+ "Unable to find or create an access control policy to update for "
+ + resourcePath);
+
+ }
}
Modified:
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java?rev=887198&r1=887197&r2=887198&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
Fri Dec 4 13:56:45 2009
@@ -29,8 +29,6 @@
import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceNotFoundException;
@@ -86,7 +84,7 @@
protected void handleOperation(SlingHttpServletRequest request,
HtmlResponse htmlResponse, List<Modification> changes)
throws RepositoryException {
-
+
String[] applyTo =
request.getParameterValues(SlingPostConstants.RP_APPLY_TO);
if (applyTo == null) {
throw new RepositoryException("principalIds were not
sumitted.");
@@ -103,31 +101,20 @@
throw new ResourceNotFoundException("Resource
is not a JCR Node");
}
}
-
+
Session session =
request.getResourceResolver().adaptTo(Session.class);
if (session == null) {
throw new RepositoryException("JCR Session not found");
}
-
+
//load the principalIds array into a set for quick lookup below
Set<String> pidSet = new HashSet<String>();
pidSet.addAll(Arrays.asList(applyTo));
-
+
try {
AccessControlManager accessControlManager =
AccessControlUtil.getAccessControlManager(session);
- AccessControlList updatedAcl = null;
- AccessControlPolicyIterator applicablePolicies
= accessControlManager.getApplicablePolicies(resourcePath);
- while (applicablePolicies.hasNext()) {
- AccessControlPolicy policy =
applicablePolicies.nextAccessControlPolicy();
- if (policy instanceof
AccessControlList) {
- updatedAcl =
(AccessControlList)policy;
- break;
- }
- }
- if (updatedAcl == null) {
- throw new RepositoryException("Unable
to find an access control policy to update.");
- }
-
+ AccessControlList updatedAcl =
getAccessControlList(accessControlManager, resourcePath, false);
+
//keep track of the existing Aces for the
target principal
AccessControlEntry[] accessControlEntries =
updatedAcl.getAccessControlEntries();
List<AccessControlEntry> oldAces = new
ArrayList<AccessControlEntry>();
@@ -143,7 +130,7 @@
updatedAcl.removeAccessControlEntry(ace);
}
}
-
+
//apply the changed policy
accessControlManager.setPolicy(resourcePath,
updatedAcl);
} catch (RepositoryException re) {
Modified:
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java?rev=887198&r1=887197&r2=887198&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
Fri Dec 4 13:56:45 2009
@@ -28,8 +28,6 @@
import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlList;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
@@ -132,8 +130,8 @@
throw new ResourceNotFoundException("Resource is not a
JCR Node");
}
}
-
-
+
+
List<String> grantedPrivilegeNames = new ArrayList<String>();
List<String> deniedPrivilegeNames = new ArrayList<String>();
Enumeration parameterNames = request.getParameterNames();
@@ -158,18 +156,7 @@
try {
AccessControlManager accessControlManager =
AccessControlUtil.getAccessControlManager(session);
- AccessControlList updatedAcl = null;
- AccessControlPolicyIterator applicablePolicies =
accessControlManager.getApplicablePolicies(resourcePath);
- while (applicablePolicies.hasNext()) {
- AccessControlPolicy policy =
applicablePolicies.nextAccessControlPolicy();
- if (policy instanceof AccessControlList) {
- updatedAcl = (AccessControlList)policy;
- break;
- }
- }
- if (updatedAcl == null) {
- throw new RepositoryException("Unable to find
an access conrol policy to update.");
- }
+ AccessControlList updatedAcl =
getAccessControlList(accessControlManager, resourcePath, true);
StringBuilder oldPrivileges = null;
StringBuilder newPrivileges = null;
@@ -187,7 +174,7 @@
log.debug("Found Existing ACE
for principal {0} on resource: ", new Object[] {principalId, resourcePath});
}
oldAces.add(ace);
-
+
if (log.isDebugEnabled()) {
//collect the information for
debug logging
boolean isAllow =
AccessControlUtil.isAllow(ace);
@@ -213,7 +200,7 @@
updatedAcl.removeAccessControlEntry(ace);
}
}
-
+
//add a fresh ACE with the granted privileges
List<Privilege> grantedPrivilegeList = new
ArrayList<Privilege>();
for (String name : grantedPrivilegeNames) {
@@ -222,7 +209,7 @@
}
Privilege privilege =
accessControlManager.privilegeFromName(name);
grantedPrivilegeList.add(privilege);
-
+
if (log.isDebugEnabled()) {
if (newPrivileges.length() > 0) {
newPrivileges.append(", ");
//separate entries by commas
