Examples of org.apache.jackrabbit.api.security.principal.PrincipalManager

• org.apache.jackrabbit.api.security.principal.PrincipalManager
  This interface defines the principal manager which is the clients view on all principals known to the repository. Each principal manager is bound to a session and is restricted by the respective access control. The principal manager in addition provides basic search facilities.

  A {@link Principal} is an object used to connect to any kind of security mechanism. Example for this are the {@link javax.security.auth.spi.LoginModule login modules} that use principalsto process the login procedure.
  A principal can be a member of a {@link Group}. A group is a principal itself and can therefore be a member of a group again.

  Please note the following security considerations that need to be respected when implementing the PrincipalManager: All principals returned by this manager as well as {@link Group#members()} must respect access restrictionsthat may be present for the Session this manager has been built for. The same applies for {@link #getGroupMembership(Principal)}.

                acMgr.getPolicies(EveryonePrincipal.getInstance()).length > 0) {
            // test expects that only resource-based acl is supported
            throw new NotExecutableException();
        }

        PrincipalManager pmgr = sImpl.getPrincipalManager();
        if (!pmgr.hasPrincipal(SecurityConstants.ADMINISTRATORS_NAME)) {
            UserManager umgr = sImpl.getUserManager();
            umgr.createGroup(new PrincipalImpl(SecurityConstants.ADMINISTRATORS_NAME));
            if (!umgr.isAutoSave()) {
                sImpl.save();
            }
            if (pmgr.hasPrincipal(SecurityConstants.ADMINISTRATORS_NAME)) {
                throw new NotExecutableException();
            }
        }

     * @throws RepositoryException if an error occurs
     */
    static void collectEntries(NodeImpl aclNode, Map<String, List<AccessControlEntry>> princToEntries)
            throws RepositoryException {
        SessionImpl sImpl = (SessionImpl) aclNode.getSession();
        PrincipalManager principalMgr = sImpl.getPrincipalManager();
        AccessControlManager acMgr = sImpl.getAccessControlManager();

        NodeIterator itr = aclNode.getNodes();
        while (itr.hasNext()) {
            NodeImpl aceNode = (NodeImpl) itr.nextNode();
            String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
            // only process aceNode if 'principalName' is contained in the given set
            if (princToEntries.containsKey(principalName)) {
                Principal princ = principalMgr.getPrincipal(principalName);
                if (princ == null) {
                    log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
                    princ = new PrincipalImpl(principalName);
                }

            String rootPath = session.getRootNode().getPath();
            AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath);
            if (acls.length > 0) {
                ACLTemplate acl = (ACLTemplate) acls[0];

                PrincipalManager pMgr = session.getPrincipalManager();
                AccessControlManager acMgr = session.getAccessControlManager();

                log.debug("... Privilege.ALL for administrators.");
                Principal administrators;
                String pName = SecurityConstants.ADMINISTRATORS_NAME;
                if (pMgr.hasPrincipal(pName)) {
                    administrators = pMgr.getPrincipal(pName);
                } else {
                    log.warn("Administrators principal group is missing.");
                    administrators = new PrincipalImpl(pName);
                }
                Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_ALL)};
                acl.addAccessControlEntry(administrators, privs);

                Principal everyone = pMgr.getEveryone();
                log.debug("... Privilege.READ for everyone.");
                privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)};
                acl.addAccessControlEntry(everyone, privs);

                editor.setPolicy(rootPath, acl);

                ValueFactory vf = session.getValueFactory();
                Map<String, Value> restrictions = new HashMap<String, Value>();
                restrictions.put(session.getJCRName(ACLTemplate.P_NODE_PATH), vf.createValue(root.getPath(), PropertyType.PATH));
                restrictions.put(session.getJCRName(ACLTemplate.P_GLOB), vf.createValue(GlobPattern.WILDCARD_ALL));

                PrincipalManager pMgr = session.getPrincipalManager();
                AccessControlManager acMgr = session.getAccessControlManager();

                // initial default permissions for the administrators group
                Principal administrators;
                String pName = SecurityConstants.ADMINISTRATORS_NAME;
                if (pMgr.hasPrincipal(pName)) {
                    administrators = pMgr.getPrincipal(pName);
                    installDefaultPermissions(administrators,
                        new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)},
                        restrictions, editor);
                } else {
                    log.warn("Administrators principal group is missing -> Not adding default permissions.");
                }

                // initialize default permissions for the everyone group
                installDefaultPermissions(pMgr.getEveryone(),
                        new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)},
                        restrictions, editor);

                session.save();
            } catch (RepositoryException e) {

    public PrincipalIterator getImpersonators() throws RepositoryException {
        Set<String> impersonators = getImpersonatorNames();
        if (impersonators.isEmpty()) {
            return PrincipalIteratorAdapter.EMPTY;
        } else {
            final PrincipalManager pMgr = user.getSession().getPrincipalManager();

            Set<Principal> s = new HashSet<Principal>();
            for (String pName: impersonators) {
                Principal p = pMgr.getPrincipal(pName);
                if (p == null) {
                    log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
                    p = new PrincipalImpl(pName);
                }
                s.add(p);

    public PrincipalIterator getImpersonators() throws RepositoryException {
        Set<String> impersonators = getImpersonatorNames();
        if (impersonators.isEmpty()) {
            return PrincipalIteratorAdapter.EMPTY;
        } else {
            final PrincipalManager pMgr = getPrincipalManager();
            Set<Principal> s = new HashSet<Principal>();
            for (final String pName : impersonators) {
                Principal p = pMgr.getPrincipal(pName);
                if (p == null) {
                    log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
                    p = new Principal() {
                        @Override
                        public String getName() {

     * @see org.apache.jackrabbit.api.security.user.Impersonation#grantImpersonation(Principal)
     */
    @Override
    public synchronized boolean grantImpersonation(Principal principal) throws RepositoryException {
        String principalName = principal.getName();
        PrincipalManager pMgr = getPrincipalManager();
        if (!pMgr.hasPrincipal(principalName)) {
            log.debug("Cannot grant impersonation to an unknown principal.");
            return false;
        }

        Principal p = pMgr.getPrincipal(principalName);
        if (p instanceof Group) {
            log.debug("Cannot grant impersonation to a principal that is a Group.");
            return false;
        }

            String rootPath = session.getRootNode().getPath();
            AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath);
            if (acls.length > 0) {
                ACLTemplate acl = (ACLTemplate) acls[0];

                PrincipalManager pMgr = session.getPrincipalManager();
                AccessControlManager acMgr = session.getAccessControlManager();

                String pName = SecurityConstants.ADMINISTRATORS_NAME;
                if (pMgr.hasPrincipal(pName)) {
                    Principal administrators = pMgr.getPrincipal(pName);
                    log.debug("... Privilege.ALL for administrators.");
                    Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_ALL)};
                    acl.addAccessControlEntry(administrators, privs);
                } else {
                    log.info("Administrators principal group is missing -> omitting initialization of default permissions.");
                }

                Principal everyone = pMgr.getEveryone();
                log.debug("... Privilege.READ for everyone.");
                Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)};
                acl.addAccessControlEntry(everyone, privs);

                editor.setPolicy(rootPath, acl);

         * @param aclNode acl node
         * @throws RepositoryException if an error occurs
         */
        private void collectEntriesFromAcl(NodeImpl aclNode) throws RepositoryException {
            SessionImpl sImpl = (SessionImpl) aclNode.getSession();
            PrincipalManager principalMgr = sImpl.getPrincipalManager();
            AccessControlManager acMgr = sImpl.getAccessControlManager();

            // first collect aces present on the given aclNode.
            List<AccessControlEntry> gaces = new ArrayList<AccessControlEntry>();
            List<AccessControlEntry> uaces = new ArrayList<AccessControlEntry>();

            NodeIterator itr = aclNode.getNodes();
            while (itr.hasNext()) {
                NodeImpl aceNode = (NodeImpl) itr.nextNode();
                String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
                // only process aceNode if 'principalName' is contained in the given set
                if (principalNames.contains(principalName)) {
                    Principal princ = principalMgr.getPrincipal(principalName);
                    if (princ == null) {
                        log.warn("Principal with name " + principalName + " unknown to PrincipalManager -> Ignored from AC evaluation.");
                        continue;
                    }

                ValueFactory vf = session.getValueFactory();
                Map<String, Value> restrictions = new HashMap<String, Value>();
                restrictions.put(session.getJCRName(ACLTemplate.P_NODE_PATH), vf.createValue(root.getPath(), PropertyType.PATH));
                restrictions.put(session.getJCRName(ACLTemplate.P_GLOB), vf.createValue(GlobPattern.WILDCARD_ALL));

                PrincipalManager pMgr = session.getPrincipalManager();
                AccessControlManager acMgr = session.getAccessControlManager();

                // initial default permissions for the administrators group
                String pName = SecurityConstants.ADMINISTRATORS_NAME;
                if (pMgr.hasPrincipal(pName)) {
                    Principal administrators = pMgr.getPrincipal(pName);
                    installDefaultPermissions(administrators,
                        new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)},
                        restrictions, editor);
                } else {
                    log.info("Administrators principal group is missing -> Not adding default permissions.");
                }

                // initialize default permissions for the everyone group
                installDefaultPermissions(pMgr.getEveryone(),
                        new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)},
                        restrictions, editor);

                session.save();
            } catch (RepositoryException e) {