Package org.apache.jackrabbit.oak.security.authorization.permission

Source Code of org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements.  See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.oak.security.authorization.permission;

import javax.annotation.Nonnull;
import javax.security.auth.Subject;

import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.state.NodeState;

/**
* {@code ValidatorProvider} implementation for permission evaluation associated
* with write operations.
*/
public class PermissionValidatorProvider extends ValidatorProvider {

    private final SecurityProvider securityProvider;
    private final AuthorizationConfiguration acConfig;
    private final long jr2Permissions;

    private final Subject subject;

    private ReadOnlyNodeTypeManager ntMgr;
    private Context acCtx;
    private Context userCtx;

    public PermissionValidatorProvider(
            SecurityProvider securityProvider, Subject subject) {
        this.securityProvider = securityProvider;
        this.acConfig = securityProvider.getConfiguration(AuthorizationConfiguration.class);

        ConfigurationParameters params = acConfig.getParameters();
        String compatValue = params.getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null, String.class);
        jr2Permissions = Permissions.getPermissions(compatValue);

        this.subject = subject;
    }

    //--------------------------------------------------< ValidatorProvider >---
    @Nonnull
    @Override
    public Validator getRootValidator(NodeState before, NodeState after) {
        ntMgr = ReadOnlyNodeTypeManager.getInstance(after);
        PermissionProvider pp = getPermissionProvider();
        return new PermissionValidator(createTree(before), createTree(after), pp, this);
    }

    //--------------------------------------------------------------------------

    Context getAccessControlContext() {
        if (acCtx == null) {
            acCtx = acConfig.getContext();
        }
        return acCtx;
    }

    Context getUserContext() {
        if (userCtx == null) {
            UserConfiguration uc = securityProvider.getConfiguration(UserConfiguration.class);
            userCtx = uc.getContext();
        }
        return userCtx;
    }

    ReadOnlyNodeTypeManager getNodeTypeManager() {
        return ntMgr;
    }

    boolean requiresJr2Permissions(long permission) {
        return Permissions.includes(jr2Permissions, permission);
    }

    private ImmutableTree createTree(NodeState root) {
        return new ImmutableTree(root, new TreeTypeProviderImpl(getAccessControlContext()));
    }

    private PermissionProvider getPermissionProvider() {
        if (subject == null || subject.getPublicCredentials(PermissionProvider.class).isEmpty()) {
            throw new IllegalStateException("Unable to validate permissions; no permission provider associated with the commit call.");
        } else {
            return subject.getPublicCredentials(PermissionProvider.class).iterator().next();
        }
    }
}
TOP

Related Classes of org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider

  • org.apache.jackrabbit.oak.core.ImmutableRoot
  • org.apache.jackrabbit.oak.core.ImmutableTree
  • org.apache.jackrabbit.oak.core.TreeTypeProvider
  • org.apache.jackrabbit.oak.core.TreeTypeProviderImpl
  • org.apache.jackrabbit.oak.plugins.tree.ImmutableTree
  • org.apache.jackrabbit.oak.security.authorization.AccessControlConfigurationImpl
  • org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl
  • org.apache.jackrabbit.oak.spi.commit.MoveInfo
  • org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
  • org.apache.jackrabbit.oak.spi.security.ConfigurationParameters
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.