Class PentahoEntryCollector
- java.lang.Object
-
- org.apache.jackrabbit.core.security.authorization.AccessControlObserver
-
- org.apache.jackrabbit.core.security.authorization.acl.EntryCollector
-
- org.apache.jackrabbit.core.security.authorization.acl.PentahoEntryCollector
-
- All Implemented Interfaces:
javax.jcr.observation.EventListener
,org.apache.jackrabbit.core.observation.SynchronousEventListener
,org.apache.jackrabbit.core.security.authorization.AccessControlConstants
- Direct Known Subclasses:
CachingPentahoEntryCollector
public class PentahoEntryCollector extends org.apache.jackrabbit.core.security.authorization.acl.EntryCollector
Copy-and-paste oforg.apache.jackrabbit.core.security.authorization.acl.EntryCollector
in Jackrabbit 2.4.0. This class is inorg.apache.jackrabbit.core.security.authorization.acl
package due to the scope of collaborating classes.Changes to original:
Entries
always havenull
nextId
.collectEntries()
copied fromEntryCollector
usesentries.getNextId()
instead ofnode.getParentId()
filterEntries()
copied fromEntryCollector
as it wasstatic
andprivate
.- No caching is done in the presence of dynamic ACEs. This may need to be revisited but due to the short lifetime of the way we use Sessions, it may be acceptable.
- Understands
AclMetadataPrincipal
. - Adds
MagicPrincipal
s on the fly. - If access decision on versionStorage, then find the associated file node and use that ACL.
- Author:
- mlowery
-
-
Field Summary
-
Fields inherited from class org.apache.jackrabbit.core.security.authorization.acl.EntryCollector
rootID, systemSession
-
Fields inherited from class org.apache.jackrabbit.core.security.authorization.AccessControlObserver
MOVE, POLICY_ADDED, POLICY_MODIFIED, POLICY_REMOVED
-
Fields inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlConstants
N_ACCESSCONTROL, N_POLICY, N_REPO_POLICY, NT_REP_ACCESS_CONTROL, NT_REP_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_PRINCIPAL_ACCESS_CONTROL, NT_REP_REPO_ACCESS_CONTROLLABLE, P_GLOB, P_PRINCIPAL_NAME, P_PRIVILEGES
-
-
Constructor Summary
Constructors Constructor Description PentahoEntryCollector(org.apache.jackrabbit.core.SessionImpl systemSession, org.apache.jackrabbit.core.id.NodeId rootID, Map configuration)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
addOwnerAce(String owner, org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate acl)
Creates an ACE that gives full access to the owner.protected List
collectEntries(org.apache.jackrabbit.core.NodeImpl node, org.apache.jackrabbit.core.security.authorization.acl.EntryFilter filter)
Overridden sincecollectEntries()
fromEntryCollector
callednode.getParentId()
instead ofentries.getNextId()
.protected void
filterEntries(org.apache.jackrabbit.core.security.authorization.acl.EntryFilter filter, List aces, LinkedList userAces, LinkedList groupAces)
Copied fromEntryCollector
since that method wasprivate
.protected org.apache.jackrabbit.core.NodeImpl
findAccessControlledNode(org.apache.jackrabbit.core.NodeImpl node)
Find the ancestor (maybe the node itself) that is access-controlled.protected org.apache.jackrabbit.core.NodeImpl
findNonInheritingNode(org.apache.jackrabbit.core.NodeImpl node)
Find the ancestor (maybe the node itself) that is not inheriting ACEs.protected List<PentahoEntry>
getAcesIncludingMagicAces(String path, String owner, org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate ancestorAcl, org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate acl)
Extracts ACEs including magic aces.protected org.pentaho.platform.api.engine.IAuthorizationPolicy
getAuthorizationPolicy()
IAuthorizationPolicy
is used in magic ACE definitions.protected org.apache.jackrabbit.core.security.authorization.acl.PentahoEntryCollector.PentahoEntries
getEntries(org.apache.jackrabbit.core.NodeImpl node)
Returns anEntries
for the given node.protected List<PentahoEntry>
getRelevantAncestorAces(org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate ancestorAcl)
Selects (and modifies) ACEs containing JCR_ADD_CHILD_NODES or JCR_REMOVE_CHILD_NODES privileges from the given ACL.protected IRoleAuthorizationPolicyRoleBindingDao
getRoleBindingDao()
protected List<String>
getRuntimeRoleNames()
protected org.apache.jackrabbit.core.NodeImpl
getVersionable(org.apache.jackrabbit.core.NodeImpl node)
Incoming node is in versionStorage.protected boolean
isAllowed(IRoleAuthorizationPolicyRoleBindingDao roleBindingDao, String logicalRoleName)
protected void
notifyListeners(org.apache.jackrabbit.core.security.authorization.AccessControlModifications modifications)
-
Methods inherited from class org.apache.jackrabbit.core.security.authorization.acl.EntryCollector
close, getEntries, onEvent
-
-
-
-
Constructor Detail
-
PentahoEntryCollector
public PentahoEntryCollector(org.apache.jackrabbit.core.SessionImpl systemSession, org.apache.jackrabbit.core.id.NodeId rootID, Map configuration) throws javax.jcr.RepositoryException
- Throws:
javax.jcr.RepositoryException
-
-
Method Detail
-
findAccessControlledNode
protected org.apache.jackrabbit.core.NodeImpl findAccessControlledNode(org.apache.jackrabbit.core.NodeImpl node) throws javax.jcr.RepositoryException
Find the ancestor (maybe the node itself) that is access-controlled.- Throws:
javax.jcr.RepositoryException
-
findNonInheritingNode
protected org.apache.jackrabbit.core.NodeImpl findNonInheritingNode(org.apache.jackrabbit.core.NodeImpl node) throws javax.jcr.RepositoryException
Find the ancestor (maybe the node itself) that is not inheriting ACEs.- Throws:
javax.jcr.RepositoryException
-
getEntries
protected org.apache.jackrabbit.core.security.authorization.acl.PentahoEntryCollector.PentahoEntries getEntries(org.apache.jackrabbit.core.NodeImpl node) throws javax.jcr.RepositoryException
Returns anEntries
for the given node. This is where most of the customization lives.- Overrides:
getEntries
in classorg.apache.jackrabbit.core.security.authorization.acl.EntryCollector
- Throws:
javax.jcr.RepositoryException
-
getVersionable
protected org.apache.jackrabbit.core.NodeImpl getVersionable(org.apache.jackrabbit.core.NodeImpl node) throws javax.jcr.RepositoryException
Incoming node is in versionStorage. Find its associated versionable--the node associated with this version history node.- Throws:
javax.jcr.RepositoryException
-
getAuthorizationPolicy
protected org.pentaho.platform.api.engine.IAuthorizationPolicy getAuthorizationPolicy()
IAuthorizationPolicy
is used in magic ACE definitions.
-
getRoleBindingDao
protected IRoleAuthorizationPolicyRoleBindingDao getRoleBindingDao()
-
getAcesIncludingMagicAces
protected List<PentahoEntry> getAcesIncludingMagicAces(String path, String owner, org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate ancestorAcl, org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate acl) throws javax.jcr.RepositoryException
Extracts ACEs including magic aces. Magic ACEs are added for (1) the owner, (2) as a result of magic ACE definitions, and (3) as a result of ancestor ACL contributions.Modifications to these ACLs are not persisted.
- Throws:
javax.jcr.RepositoryException
-
getRelevantAncestorAces
protected List<PentahoEntry> getRelevantAncestorAces(org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate ancestorAcl) throws javax.jcr.RepositoryException
Selects (and modifies) ACEs containing JCR_ADD_CHILD_NODES or JCR_REMOVE_CHILD_NODES privileges from the given ACL.Modifications to this ACL are not persisted. ACEs must be created in the given ACL because the path embedded in the given ACL plays into authorization decisions using parentPrivs.
- Throws:
javax.jcr.RepositoryException
-
addOwnerAce
protected void addOwnerAce(String owner, org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate acl) throws javax.jcr.RepositoryException
Creates an ACE that gives full access to the owner.Modifications to this ACL are not persisted.
- Throws:
javax.jcr.RepositoryException
-
collectEntries
protected List collectEntries(org.apache.jackrabbit.core.NodeImpl node, org.apache.jackrabbit.core.security.authorization.acl.EntryFilter filter) throws javax.jcr.RepositoryException
Overridden sincecollectEntries()
fromEntryCollector
callednode.getParentId()
instead ofentries.getNextId()
.- Overrides:
collectEntries
in classorg.apache.jackrabbit.core.security.authorization.acl.EntryCollector
- Throws:
javax.jcr.RepositoryException
-
filterEntries
protected void filterEntries(org.apache.jackrabbit.core.security.authorization.acl.EntryFilter filter, List aces, LinkedList userAces, LinkedList groupAces)
Copied fromEntryCollector
since that method wasprivate
.
-
isAllowed
protected boolean isAllowed(IRoleAuthorizationPolicyRoleBindingDao roleBindingDao, String logicalRoleName) throws javax.jcr.RepositoryException
- Throws:
javax.jcr.RepositoryException
-
notifyListeners
protected void notifyListeners(org.apache.jackrabbit.core.security.authorization.AccessControlModifications modifications)
- Overrides:
notifyListeners
in classorg.apache.jackrabbit.core.security.authorization.AccessControlObserver
-
-