Examples of com.ecyrd.jspwiki.auth.acl.Acl

• com.ecyrd.jspwiki.auth.acl.Acl

  Defines an access control list (ACL) for wiki pages. An Access Control List is a data structure used to guard access to resources. An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of positive permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one ACL entry; that is, multiple ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set

  This interface is a highly stripped-down derivation of the java.security.acl.Acl interface. In particular, the notion of an Acl "owner" has been eliminated, since JWPWiki pages do not have owners. An additional simplification compared to the standard Java package is that negative permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" security stance: principals are granted no permissions by default, and posesses only those that have been explicitly granted to them. And finally, the getPermissions() and checkPermission() methods have been eliminated due to the complexities associated with resolving Role principal membership.

  @author Andrew Jaquith @since 2.3

        {
            m_currentElement.addContent( "[" + ruleLine + "]" );
        }

        if( !m_parseAccessRules ) return m_currentElement;
        Acl acl;
        WikiPage          page = m_context.getRealPage();
        // UserDatabase      db = m_context.getEngine().getUserDatabase();

        if( ruleLine.startsWith( "{" ) )
            ruleLine = ruleLine.substring( 1 );
        if( ruleLine.endsWith( "}" ) )
            ruleLine = ruleLine.substring( 0, ruleLine.length() - 1 );

        if( log.isDebugEnabled() ) log.debug("page="+page.getName()+", ACL = "+ruleLine);

        try
        {
            acl = m_engine.getAclManager().parseAcl( page, ruleLine );

            page.setAcl( acl );

            if( log.isDebugEnabled() ) log.debug( acl.toString() );
        }
        catch( WikiSecurityException wse )
        {
            return makeError( wse.getMessage() );
        }

     *  @param newPrincipal the Principal that should receive the old Principals' permissions
     *  @return <code>true</code> if the Acl was actually changed; <code>false</code> otherwise
     */
    protected boolean changeAcl( WikiPage page, Principal[] oldPrincipals, Principal newPrincipal )
    {
        Acl acl = page.getAcl();
        boolean pageChanged = false;
        if ( acl != null )
        {
            Enumeration entries = acl.entries();
            Collection<AclEntry> entriesToAdd    = new ArrayList<AclEntry>();
            Collection<AclEntry> entriesToRemove = new ArrayList<AclEntry>();
            while ( entries.hasMoreElements() )
            {
                AclEntry entry = (AclEntry)entries.nextElement();
                if ( ArrayUtils.contains( oldPrincipals, entry.getPrincipal() ) )
                {
                    // Create new entry
                    AclEntry newEntry = new AclEntryImpl();
                    newEntry.setPrincipal( newPrincipal );
                    Enumeration permissions = entry.permissions();
                    while ( permissions.hasMoreElements() )
                    {
                        Permission permission = (Permission)permissions.nextElement();
                        newEntry.addPermission(permission);
                    }
                    pageChanged = true;
                    entriesToRemove.add( entry );
                    entriesToAdd.add( newEntry );
                }
            }
            for ( Iterator ix = entriesToRemove.iterator(); ix.hasNext(); )
            {
                AclEntry entry = (AclEntry)ix.next();
                acl.removeEntry( entry );
            }
            for ( Iterator ix = entriesToAdd.iterator(); ix.hasNext(); )
            {
                AclEntry entry = (AclEntry)ix.next();
                acl.addEntry( entry );
            }
        }
        return pageChanged;
    }

        //
        //  ACLs
        //

        Acl acl = p.getAcl();

        exportAcl( acl );

        //
        //  Export page content

        //
        // If the page or ACL is null, it's allowed.
        //
        String pageName = ((PagePermission)permission).getPage();
        WikiPage page = m_engine.getPage( pageName );
        Acl acl = ( page == null) ? null : m_engine.getAclManager().getPermissions( page );
        if ( page == null ||  acl == null || acl.isEmpty() )
        {
            fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission );
            return true;
        }

        //
        //  Next, iterate through the Principal objects assigned
        //  this permission. If the context's subject possesses
        //  any of these, the action is allowed.

        Principal[] aclPrincipals = acl.findPrincipals( permission );

        log.debug( "Checking ACL entries..." );
        log.debug( "Acl for this page is: " + acl );
        log.debug( "Checking for principal: " + String.valueOf( aclPrincipals ) );
        log.debug( "Permission: " + permission );

        for( Principal aclPrincipal : aclPrincipals )
        {
            // If the ACL principal we're looking at is unresolved,
            // try to resolve it here & correct the Acl
            if ( aclPrincipal instanceof UnresolvedPrincipal )
            {
                AclEntry aclEntry = acl.getEntry( aclPrincipal );
                aclPrincipal = resolvePrincipal( aclPrincipal.getName() );
                if ( aclEntry != null && !( aclPrincipal instanceof UnresolvedPrincipal ) )
                {
                    aclEntry.setPrincipal( aclPrincipal );
                }