Author: vramdal
Date: Thu Apr 23 23:04:26 2009
New Revision: 768086
URL: http://svn.apache.org/viewvc?rev=768086&view=rev
Log:
SLING-880 Adding support for a pluggable accessmanager
Added:
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java
Modified:
incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF
Modified: incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml?rev=768086&r1=768085&r2=768086&view=diff
==============================================================================
--- incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml (original)
+++ incubator/sling/trunk/bundles/jcr/jackrabbit-server/pom.xml Thu Apr 23
23:04:26 2009
@@ -167,7 +167,8 @@
org.apache.sling.jcr.jackrabbit.server.Activator
</Bundle-Activator>
<Export-Package>
-
org.apache.sling.jcr.jackrabbit.server.security
+
org.apache.sling.jcr.jackrabbit.server.security.*,
+
org.apache.jackrabbit.core.security.principal
</Export-Package>
<Private-Package>
org.apache.sling.jcr.jackrabbit.server.impl.*
Added:
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java?rev=768086&view=auto
==============================================================================
---
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java
(added)
+++
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/AccessManagerFactoryTracker.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.impl;
+
+import
org.apache.sling.jcr.jackrabbit.server.impl.security.PluggableDefaultAccessManager;
+import
org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPluginFactory;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+import org.osgi.util.tracker.ServiceTracker;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * Tracks the existence of an <code>AccessManagerPluginFactory</code>.
+ */
+public class AccessManagerFactoryTracker extends ServiceTracker {
+
+ private AccessManagerPluginFactory factory;
+ private BundleContext bundleContext;
+ private Set<PluggableDefaultAccessManager> consumers = new
HashSet<PluggableDefaultAccessManager>();
+
+ private static final Logger log =
LoggerFactory.getLogger(AccessManagerFactoryTracker.class);
+
+
+ public AccessManagerFactoryTracker(BundleContext bundleContext) {
+ super(bundleContext, AccessManagerPluginFactory.class.getName(), null);
+ this.bundleContext = bundleContext;
+ }
+
+ @Override
+ public Object addingService(ServiceReference serviceReference) {
+ log.info("AccessManager service added.");
+ closeSessions();
+ this.factory = (AccessManagerPluginFactory)
bundleContext.getService(serviceReference);
+ return super.addingService(serviceReference);
+ }
+
+ @Override
+ public void removedService(ServiceReference serviceReference, Object o) {
+ log.warn("AccessManager service removed.");
+ this.factory = null;
+ // Make a copy of consumers list to avoid concurrent modification
+ closeSessions();
+ super.removedService(serviceReference, o);
+ }
+
+ private void closeSessions() {
+ log.warn("Closing all sessions");
+ Set<PluggableDefaultAccessManager> closing = new
HashSet<PluggableDefaultAccessManager>(consumers);
+ for (PluggableDefaultAccessManager consumer : closing) {
+ try {
+ consumer.endSession();
+ } catch (Throwable throwable) {
+ log.warn("Error closing a PluggableDefaultAccessManager",
throwable);
+ }
+ }
+ }
+
+ @Override
+ public void modifiedService(ServiceReference serviceReference, Object o) {
+ log.info("AccessManager service modified.");
+ super.modifiedService(serviceReference, o);
+ this.factory = (AccessManagerPluginFactory) o;
+ }
+
+ public AccessManagerPluginFactory getFactory(PluggableDefaultAccessManager
consumer) {
+ log.info("Registering PluggableDefaultAccessManager instance");
+ this.consumers.add(consumer);
+ return factory;
+ }
+
+ public void unregister(PluggableDefaultAccessManager consumer) {
+ log.info("Unregistering PluggableDefaultAccessManager instance");
+ this.consumers.remove(consumer);
+ }
+}
Modified:
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java?rev=768086&r1=768085&r2=768086&view=diff
==============================================================================
---
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java
(original)
+++
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/Activator.java
Thu Apr 23 23:04:26 2009
@@ -79,8 +79,14 @@
// empty list of login modules if there are none registered
private static LoginModulePlugin[] EMPTY = new LoginModulePlugin[0];
+// private static AccessManagerPluginFactory accessManagerFactory;
+// private static ServiceTracker accessManagerFactoryTracker;
+// private static int accessManagerCount = -1;
+
// the name of the default sling context
private String slingContext;
+ private static AccessManagerFactoryTracker accessManagerFactoryTracker;
+// protected static ServiceTrackerCustomizer serviceTrackerCustomizer;
protected String getRepositoryName() {
String repoName = bundleContext.getProperty("sling.repository.name");
@@ -123,6 +129,10 @@
ise);
}
}
+ if (accessManagerFactoryTracker == null) {
+ accessManagerFactoryTracker = new
AccessManagerFactoryTracker(bundleContext);
+ }
+ accessManagerFactoryTracker.open();
}
public void stop(BundleContext arg0) {
@@ -150,6 +160,11 @@
loginModuleTracker.close();
loginModuleTracker = null;
}
+
+ if (accessManagerFactoryTracker != null) {
+ accessManagerFactoryTracker.close();
+ accessManagerFactoryTracker = null;
+ }
// clear the bundle context field
bundleContext = null;
@@ -210,6 +225,10 @@
return moduleCache;
}
+ public static AccessManagerFactoryTracker getAccessManagerFactoryTracker()
{
+ return accessManagerFactoryTracker;
+ }
+
// ---------- internal
-----------------------------------------------------
private void verifyConfiguration(ServiceReference ref) {
@@ -329,5 +348,5 @@
SlingServerRepository.copyFile(bundleContext.getBundle(),
"repository.xml", configFile);
return configFile;
}
-
+
}
Added:
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java?rev=768086&view=auto
==============================================================================
---
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java
(added)
+++
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/impl/security/PluggableDefaultAccessManager.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,171 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.impl.security;
+
+import org.apache.jackrabbit.core.HierarchyManager;
+import org.apache.jackrabbit.core.ItemId;
+import org.apache.jackrabbit.core.security.AMContext;
+import org.apache.jackrabbit.core.security.DefaultAccessManager;
+import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
+import
org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.Path;
+import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
+import
org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPlugin;
+import
org.apache.sling.jcr.jackrabbit.server.security.accessmanager.WorkspaceAccessManagerPlugin;
+import
org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPluginFactory;
+import org.apache.sling.jcr.jackrabbit.server.impl.Activator;
+import org.apache.sling.jcr.jackrabbit.server.impl.AccessManagerFactoryTracker;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.security.auth.Subject;
+
+/**
+ * Allows to plugin a custom <code>AccessManager</code> as an OSGi bundle:
+ * <ol>
+ * <li>Set this class as <code>AccessManager</code> in your
<code>repository.xml</code></li>
+ * <li>Implement <code>o.a.s.j.j.s.s.a.AccessManagerPluginFactory</code></li>
+ * </ol>
+ *
+ * <p>If <code>PluggableDefaultAccessManager</code> is specified in
<code>repository.xml</code>, and no
+ * implementation of <code>AccessManagerPluginFactory</code> exists, all calls
will fall back
+ * to <code>DefaultAccessManager</code>.</p>
+ *
+ * <p>See also <a
href="https://issues.apache.org/jira/browse/SLING-880";>SLING-880</a></p>
+ * @see AccessManagerPluginFactory
+ */
+public class PluggableDefaultAccessManager extends DefaultAccessManager {
+
+ /** @scr.reference */ @SuppressWarnings({"UnusedDeclaration"})
+ private AccessManagerPlugin accessManagerPlugin;
+ private NamePathResolver namePathResolver;
+ private HierarchyManager hierarchyManager;
+ private static final Logger log =
LoggerFactory.getLogger(PluggableDefaultAccessManager.class);
+ protected AccessManagerPluginFactory accessManagerFactory;
+ protected AccessManagerFactoryTracker accessManagerFactoryTracker;
+ private Session session;
+ private Subject subject;
+
+ public PluggableDefaultAccessManager() {
+ }
+
+ protected AccessManagerPluginFactory getAccessManagerFactory() {
+ return accessManagerFactoryTracker.getFactory(this);
+ }
+
+ public void init(AMContext context) throws AccessDeniedException,
Exception {
+ this.init(context, null, null);
+ }
+
+ public void init(AMContext context, AccessControlProvider acProvider,
WorkspaceAccessManager wspAccessMgr) throws AccessDeniedException, Exception {
+ accessManagerFactoryTracker =
Activator.getAccessManagerFactoryTracker();
+ accessManagerFactory = getAccessManagerFactory();
+ if (accessManagerFactory != null) {
+ this.accessManagerPlugin = accessManagerFactory.getAccessManager();
+ }
+ this.sanityCheck();
+ super.init(context, acProvider, wspAccessMgr);
+ this.namePathResolver = context.getNamePathResolver();
+ this.hierarchyManager = context.getHierarchyManager();
+ if (this.accessManagerPlugin != null) {
+ this.accessManagerPlugin.init(context.getSubject(),
context.getSession());
+ }
+ this.session = context.getSession();
+ this.subject = context.getSubject();
+
+ }
+
+ public void close() throws Exception {
+ this.accessManagerFactoryTracker.unregister(this);
+ super.close();
+ if (this.accessManagerPlugin != null) {
+ this.accessManagerPlugin.close();
+ }
+ }
+
+ public void endSession() {
+ if (this.session != null && this.session.isLive()) {
+ this.session.logout();
+ }
+ }
+
+ public void checkPermission(ItemId id, int permissions) throws
AccessDeniedException, ItemNotFoundException, RepositoryException {
+ this.sanityCheck();
+ super.checkPermission(id, permissions);
+ }
+
+ public boolean isGranted(ItemId id, int permissions) throws
ItemNotFoundException, RepositoryException {
+ return this.isGranted(this.hierarchyManager.getPath(id), permissions);
+ }
+
+ public boolean isGranted(Path absPath, int permissions) throws
RepositoryException {
+ if (this.sanityCheck()) {
+ return
this.accessManagerPlugin.isGranted(namePathResolver.getJCRPath(absPath),
permissions);
+ } else {
+ return super.isGranted(absPath, permissions);
+ }
+ }
+
+ public boolean isGranted(Path parentPath, Name childName, int permissions)
throws RepositoryException {
+ return super.isGranted(parentPath, childName, permissions);
+ }
+
+ public boolean canRead(Path itemPath) throws RepositoryException {
+ if (this.sanityCheck()) {
+ return
this.accessManagerPlugin.canRead(namePathResolver.getJCRPath(itemPath));
+ } else {
+ return super.canRead(itemPath);
+ }
+ }
+
+ public boolean canAccess(String workspaceName) throws RepositoryException {
+ WorkspaceAccessManagerPlugin plugin = null;
+ if (this.sanityCheck()) {
+ plugin = this.accessManagerPlugin.getWorkspaceAccessManager();
+ }
+ if (plugin != null) {
+ return plugin.canAccess(workspaceName);
+ } else {
+ return super.canAccess(workspaceName);
+ }
+ }
+
+ private boolean sanityCheck() throws RepositoryException {
+ if (this.accessManagerPlugin == null) {
+ AccessManagerPluginFactory factory =
this.accessManagerFactoryTracker.getFactory(this);
+ if (factory == null) {
+ log.warn("No pluggable AccessManager available, falling back
to DefaultAccessManager");
+ return false;
+
+ } else {
+ this.accessManagerPlugin = factory.getAccessManager();
+ try {
+ this.accessManagerPlugin.init(this.subject, this.session);
+ } catch (Exception e) {
+ throw new RepositoryException(e);
+ }
+ }
+ }
+ return true;
+ }
+}
Added:
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java?rev=768086&view=auto
==============================================================================
---
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java
(added)
+++
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPlugin.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.security.accessmanager;
+
+import org.apache.jackrabbit.core.security.authorization.Permission;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.security.auth.Subject;
+
+/**
+ * A simplified AccessManager interface.
+ */
+public interface AccessManagerPlugin {
+
+ public static final int READ = Permission.READ;
+ public static final int ADD_NODE = Permission.ADD_NODE;
+ public static final int REMOVE_NODE = Permission.REMOVE_NODE;
+ public static final int SET_PROPERTY = Permission.SET_PROPERTY;
+ public static final int REMOVE_PROPERTY = Permission.REMOVE_PROPERTY;
+ public static final int ALL = Permission.ALL;
+ public static final int NONE = Permission.NONE;
+
+ /**
+ * Initialize this access manager. An <code>AccessDeniedException</code>
will
+ * be thrown if the subject of the given <code>context</code> is not
+ * granted access to the specified workspace.
+ *
+ * @param subject The authenticated Subject
+ * @param session The current JCR session
+ */
+ void init(Subject subject, Session session) throws AccessDeniedException,
Exception;
+
+ /**
+ * Close this access manager. After having closed an access manager,
+ * further operations on this object are treated as illegal and throw
+ *
+ * @throws Exception if an error occurs
+ */
+ void close() throws Exception;
+
+ /**
+ * Determines whether the specified <code>permissions</code> are granted
+ * on the item with the specified <code>absPath</code> (i.e. the
<i>target</i>
+ * item, that may or may not yet exist).
+ *
+ * @param absPath the absolute path to test
+ * @param permissions A combination of one or more of the following
constants
+ * encoded as a bitmask value:
+ * <ul>
+ * <li>{...@link
org.apache.jackrabbit.core.security.authorization.Permission#READ READ}</li>
+ * <li>{...@link
org.apache.jackrabbit.core.security.authorization.Permission#ADD_NODE
ADD_NODE}</code></li>
+ * <li>{...@link
org.apache.jackrabbit.core.security.authorization.Permission#REMOVE_NODE
REMOVE_NODE}</li>
+ * <li>{...@link
org.apache.jackrabbit.core.security.authorization.Permission#SET_PROPERTY
SET_PROPERTY}</li>
+ * <li>{...@link
org.apache.jackrabbit.core.security.authorization.Permission#REMOVE_PROPERTY
REMOVE_PROPERTY}</li>
+ * </ul>
+ * @return <code>true</code> if the specified permissions are granted;
+ * otherwise <code>false</code>.
+ * @throws RepositoryException if an error occurs.
+ */
+ boolean isGranted(String absPath, int permissions) throws
RepositoryException;
+
+ /**
+ * Determines whether the item at the specified absolute path can be read.
+ *
+ * @param itemPath Absolute path to the item being accessed
+ * @return <code>true</code> if the item can be read; otherwise
<code>false</code>.
+ * @throws RepositoryException if an error occurs.
+ */
+ boolean canRead(String itemPath) throws RepositoryException;
+
+ /**
+ * Returns the <code>WorkspaceAccessManagerPlugin</code> to be used for
checking Workspace access.
+ * If <code>null</code> is returned, the default
<code>WorkspaceAccessManager</code> will be used.
+ * @return An implementation of <code>WorkspaceAccessManagerPlugin</code>,
or <code>null</code> to use
+ * the default <code>WorkspaceAccessManager</code>.
+ * */
+ WorkspaceAccessManagerPlugin getWorkspaceAccessManager();
+
+}
Added:
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java?rev=768086&view=auto
==============================================================================
---
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java
(added)
+++
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/AccessManagerPluginFactory.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.security.accessmanager;
+
+/**
+ * <p>Implementations of this interface, provided as an OSGi service,
+ * will be used by {...@link
org.apache.sling.jcr.jackrabbit.server.impl.security.PluggableDefaultAccessManager
+ * PluggableDefaultAccessManager}.</p>
+ * <p>This makes it possible to use a custom <code>AccessManager</code> with
Sling.</p>
+ * <p>See <a
href="https://issues.apache.org/jira/browse/SLING-880";>SLING-880</a></p>
+ */
+public interface AccessManagerPluginFactory {
+
+ AccessManagerPlugin getAccessManager();
+
+}
Added:
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java?rev=768086&view=auto
==============================================================================
---
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java
(added)
+++
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/java/org/apache/sling/jcr/jackrabbit/server/security/accessmanager/WorkspaceAccessManagerPlugin.java
Thu Apr 23 23:04:26 2009
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.sling.jcr.jackrabbit.server.security.accessmanager;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * An <code>AccessManagerPlugin</code> can define its own
<code>WorkspaceAccessManagerPlugin</code>,
+ * if desired.
+ * @see
org.apache.sling.jcr.jackrabbit.server.security.accessmanager.AccessManagerPlugin#getWorkspaceAccessManager()
+ */
+public interface WorkspaceAccessManagerPlugin {
+
+ /**
+ * Determines whether the subject of the current context is granted access
+ * to the given workspace. Note that an implementation is free to test for
+ * the existance of a workspace with the specified name. In this case
+ * the expected return value is <code>false</code>, if no such workspace
+ * exists.
+ *
+ * @param workspaceName name of workspace
+ * @return <code>true</code> if the subject of the current context is
+ * granted access to the given workspace; otherwise
<code>false</code>.
+ * @throws javax.jcr.RepositoryException if an error occurs.
+ */
+ boolean canAccess(String workspaceName) throws RepositoryException;
+}
Modified:
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF?rev=768086&r1=768085&r2=768086&view=diff
==============================================================================
---
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF
(original)
+++
incubator/sling/trunk/bundles/jcr/jackrabbit-server/src/main/resources/META-INF/MANIFEST.MF
Thu Apr 23 23:04:26 2009
@@ -18,8 +18,15 @@
erby-10.2.1.6.jar,poi-3.0.2-FINAL.jar,xercesImpl-2.8.1.jar,pdfbox-0.7
.3.jar,jackrabbit-spi-1.5.0.jar,poi-scratchpad-3.0.2-FINAL.jar
Export-Package: org.apache.sling.jcr.jackrabbit.server.security;uses:=
- "javax.jcr,javax.security.auth.callback,javax.security.auth.login";ve
- rsion="2.0.3.incubator-SNAPSHOT"
+ "javax.jcr,javax.security.auth.callback,javax.security.auth.login,jav
+ ax.security.auth";version="2.0.3.incubator-SNAPSHOT",org.apache.jackr
+ abbit.core.security.principal;uses:="javax.jcr,org.slf4j,org.apache.c
+ ommons.collections.iterators,org.apache.jackrabbit.api.security.user,
+ org.apache.commons.collections.map,javax.jcr.observation,org.apache.j
+ ackrabbit.api.security.principal,org.apache.commons.collections.set";
+ version="2.0.3.incubator-SNAPSHOT",org.apache.sling.jcr.jackrabbit.se
+ rver.security.accessmanager;uses:="javax.jcr,javax.security.auth";ver
+ sion="2.0.3.incubator-SNAPSHOT"
Import-Package: javax.jcr,javax.jcr.lock,javax.jcr.nodetype,javax.jcr.
observation,javax.jcr.query,javax.jcr.util,javax.jcr.version,javax.na
ming,javax.naming.directory,javax.naming.spi,javax.security.auth,java
