AbstractAccessControlManager.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.core.security;

import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
import org.apache.jackrabbit.core.security.authorization.Permission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import java.security.Principal;

/**
 * <code>AbstractAccessControlManager</code>...
 */
public abstract class AbstractAccessControlManager implements JackrabbitAccessControlManager {

    private static Logger log = LoggerFactory.getLogger(AbstractAccessControlManager.class);

    /**
     * Always returns all registered <code>Privilege</code>s.
     *
     * @param absPath Path to an existing node.
     * @return Always returns all registered <code>Privilege</code>s.
     * @see javax.jcr.security.AccessControlManager#getSupportedPrivileges(String)
     */
    public Privilege[] getSupportedPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
        checkInitialized();
        checkValidNodePath(absPath);

        // return all known privileges everywhere.
        return getPrivilegeManager().getRegisteredPrivileges();
    }

    /**
     * @see javax.jcr.security.AccessControlManager#privilegeFromName(String)
     */
    public Privilege privilegeFromName(String privilegeName)
            throws AccessControlException, RepositoryException {
        checkInitialized();

        return getPrivilegeManager().getPrivilege(privilegeName);
    }

    /**
     * Returns <code>null</code>.
     *
     * @param absPath Path to an existing node.
     * @return always returns <code>null</code>.
     * @see javax.jcr.security.AccessControlManager#getApplicablePolicies(String)
     */
    public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        checkInitialized();
        checkPermission(absPath, Permission.READ_AC);

        log.debug("Implementation does not provide applicable policies -> getPolicy() always returns an empty array.");
        return new AccessControlPolicy[0];
    }

    /**
     * Returns an empty iterator.
     *
     * @param absPath Path to an existing node.
     * @return always returns an empty iterator.
     * @see javax.jcr.security.AccessControlManager#getApplicablePolicies(String)
     */
    public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
        checkInitialized();
        checkPermission(absPath, Permission.READ_AC);

        log.debug("Implementation does not provide applicable policies -> returning empty iterator.");
        return AccessControlPolicyIteratorAdapter.EMPTY;
    }

    /**
     * Always throws <code>AccessControlException</code>
     *
     * @see javax.jcr.security.AccessControlManager#setPolicy(String, AccessControlPolicy)
     */
    public void setPolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException {
        checkInitialized();
        checkPermission(absPath, Permission.MODIFY_AC);

        throw new AccessControlException("AccessControlPolicy " + policy + " cannot be applied.");
    }

    /**
     * Always throws <code>AccessControlException</code>
     *
     * @see javax.jcr.security.AccessControlManager#removePolicy(String, AccessControlPolicy)
     */
    public void removePolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException {
        checkInitialized();
        checkPermission(absPath, Permission.MODIFY_AC);

        throw new AccessControlException("No AccessControlPolicy has been set through this API -> Cannot be removed.");
    }


    //-------------------------------------< JackrabbitAccessControlManager >---
    /**
     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getApplicablePolicies(java.security.Principal)
     */
    public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
        checkInitialized();

        log.debug("Implementation does not provide applicable policies -> returning empty array.");
        return new JackrabbitAccessControlPolicy[0];
    }

    /**
     * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlManager#getPolicies(java.security.Principal)
     */
    public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
        checkInitialized();

        log.debug("Implementation does not provide applicable policies -> returning empty array.");
        return new JackrabbitAccessControlPolicy[0];
    }
    
    //--------------------------------------------------------------------------
    /**
     * Check if this manager has been properly initialized.
     *
     * @throws IllegalStateException If this manager has not been properly initialized.
     */
    protected abstract void checkInitialized() throws IllegalStateException;

    /**
     * Check if the specified privileges are granted at <code>absPath</code>.
     *
     * @param absPath Path to an existing node.
     * @param permission Permissions to be checked.
     * @throws AccessDeniedException if the session does not have the
     * specified privileges.
     * @throws PathNotFoundException if no node exists at <code>absPath</code>
     * of if the session does not have the permission to READ it.
     * @throws RepositoryException If another error occurs.
     */
    protected abstract void checkPermission(String absPath, int permission) throws AccessDeniedException, PathNotFoundException, RepositoryException;

    /**
     * @return the privilege manager
     * @throws RepositoryException If another error occurs.
     */
    protected abstract PrivilegeManager getPrivilegeManager() throws RepositoryException;

    /**
     * Tests if the given <code>absPath</code> is absolute and points to an existing node.
     *
     * @param absPath Path to an existing node.
     * @throws PathNotFoundException if no node at <code>absPath</code> exists
     * or the session does not have privilege to retrieve the node.
     * @throws RepositoryException If the given <code>absPath</code> is not
     * absolute or if some other error occurs.
     */
    protected abstract void checkValidNodePath(String absPath) throws PathNotFoundException, RepositoryException;

}