Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Licensed to the Apache Software Foundation (ASF) under one or more
   * contributor license agreements.  See the NOTICE file distributed with
   * this work for additional information regarding copyright ownership.
   * The ASF licenses this file to You under the Apache License, Version 2.0
   * (the "License"); you may not use this file except in compliance with
   * the License.  You may obtain a copy of the License at
   *
   *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sling.jackrabbit.usermanager.impl;
 
 
 
 import  org.osgi.framework.BundleContext;
 import  org.osgi.framework.InvalidSyntaxException;
 import  org.osgi.framework.ServiceReference;
 import  org.osgi.service.component.ComponentContext;
Helper class to assist in the usage of access control of users/groups from scripts. The default access control policy defined by this provider has the following characteristics:
  • everybody has READ permission to all items,
  • every known user is allowed to modify it's own properties except for her/his group membership,
  • members of the 'User administrator' group are allowed to create, modify and remove users,
  • members of the 'Group administrator' group are allowed to create, modify and remove groups,
  • group membership can only be edited by members of the 'Group administrator' and the 'User administrator' group.
 
 @Component (immediate=true, metatype=true)
 	@Property (name="service.description",
 			value="User/Group Privileges Information"),
 	@Property (name="service.vendor",
 			value="The Apache Software Foundation")
 })
 public class AuthorizablePrivilegesInfoImpl implements AuthorizablePrivilegesInfo {

    
default log
 
     private final Logger log = LoggerFactory.getLogger(getClass());

    
The default 'User administrator' group name

See also:
PAR_USER_ADMIN_GROUP_NAME
 
     private static final String DEFAULT_USER_ADMIN_GROUP_NAME = "UserAdmin";
 
    
The name of the configuration parameter providing the 'User administrator' group name.
 
     private static final String PAR_USER_ADMIN_GROUP_NAME = "user.admin.group.name";
 
The default 'User administrator' group name

See also:
PAR_GROUP_ADMIN_GROUP_NAME
    private static final String DEFAULT_GROUP_ADMIN_GROUP_NAME = "GroupAdmin";
 
    
The name of the configuration parameter providing the 'Group administrator' group name.
    private static final String PAR_GROUP_ADMIN_GROUP_NAME = "group.admin.group.name";
    
    
    /* (non-Javadoc)
     * @see org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo#canAddGroup(javax.jcr.Session)
     */
    public boolean canAddGroup(Session jcrSession) {
        try {
            UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
            Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
            if (currentUser != null) {
                if (((User)currentUser).isAdmin()) {
                    return true//admin user has full control
                }
                
                //check if the user is a member of the 'Group administrator' group
                Authorizable groupAdmin = userManager.getAuthorizable(this.);
                if (groupAdmin instanceof Group) {
                    boolean isMember = ((Group)groupAdmin).isMember(currentUser);
                    if (isMember) {
                        return true;
                    }
                }
            }
        } catch (RepositoryException e) {
            .warn("Failed to determine if {} can add a new group"jcrSession.getUserID());
        }
        return false;
    }
    /* (non-Javadoc)
     * @see org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo#canAddUser(javax.jcr.Session)
     */
    public boolean canAddUser(Session jcrSession) {
        try {
            //if self-registration is enabled, then anyone can create a user
            if ( != null) {
                String filter = "(&(sling.servlet.resourceTypes=sling/users)(|(sling.servlet.methods=POST)(sling.servlet.selectors=create)))";
                BundleContext bundleContext = .getBundleContext();
                ServiceReference[] serviceReferences = bundleContext.getServiceReferences(Servlet.class.getName(), filter);
                if (serviceReferences != null) {
                    String propName = "self.registration.enabled";
                    for (ServiceReference serviceReference : serviceReferences) {
                        Object propValue = serviceReference.getProperty(propName);
                        if (propValue != null) {
                            boolean selfRegEnabled = ..equals(propValue);
                            if (selfRegEnabled) {
                                return true;
                            }
                            break;
                        }
                    }
                }
            }
            UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
            Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
            if (currentUser != null) {
                if (((User)currentUser).isAdmin()) {
                    return true//admin user has full control
                }
                
                //check if the user is a member of the 'User administrator' group
                Authorizable userAdmin = userManager.getAuthorizable(this.);
                if (userAdmin instanceof Group) {
                    boolean isMember = ((Group)userAdmin).isMember(currentUser);
                    if (isMember) {
                        return true;
                    }
                }
            }
        } catch (RepositoryException e) {
            .warn("Failed to determine if {} can add a new user"jcrSession.getUserID());
        } catch (InvalidSyntaxException e) {
            .warn("Failed to determine if {} can add a new user"jcrSession.getUserID());
        }
        return false;
    }
    /* (non-Javadoc)
     * @see org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo#canRemove(javax.jcr.Session, java.lang.String)
     */
    public boolean canRemove(Session jcrSessionString principalId) {
        try {
            UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
            Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
            if (((User)currentUser).isAdmin()) {
                return true//admin user has full control
            }
            Authorizable authorizable = userManager.getAuthorizable(principalId);
            if (authorizable instanceof User) {
                //check if the user is a member of the 'User administrator' group
                Authorizable userAdmin = userManager.getAuthorizable(this.);
                if (userAdmin instanceof Group) {
                    boolean isMember = ((Group)userAdmin).isMember(currentUser);
                    if (isMember) {
                        return true;
                    }
                }
            } else if (authorizable instanceof Group) {
                //check if the user is a member of the 'Group administrator' group
                Authorizable groupAdmin = userManager.getAuthorizable(this.);
                if (groupAdmin instanceof Group) {
                    boolean isMember = ((Group)groupAdmin).isMember(currentUser);
                    if (isMember) {
                        return true;
                    }
                }
            }
        } catch (RepositoryException e) {
            .warn("Failed to determine if {} can remove authorizable {}"jcrSession.getUserID(), principalId);
        }
        return false;
    }
    /* (non-Javadoc)
     * @see org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo#canUpdateGroupMembers(javax.jcr.Session, java.lang.String)
     */
    public boolean canUpdateGroupMembers(Session jcrSessionString groupId) {
        try {
            UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
            Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
            if (((User)currentUser).isAdmin()) {
                return true//admin user has full control
            }
            Authorizable authorizable = userManager.getAuthorizable(groupId);
            if (authorizable instanceof Group) {
                //check if the user is a member of the 'Group administrator' group
                Authorizable groupAdmin = userManager.getAuthorizable(this.);
                if (groupAdmin instanceof Group) {
                    boolean isMember = ((Group)groupAdmin).isMember(currentUser);
                    if (isMember) {
                        return true;
                    }
                }
                
                //check if the user is a member of the 'User administrator' group
                Authorizable userAdmin = userManager.getAuthorizable(this.);
                if (userAdmin instanceof Group) {
                    boolean isMember = ((Group)userAdmin).isMember(currentUser);
                    if (isMember) {
                        return true;
                    }
                }
            }
        } catch (RepositoryException e) {
            .warn("Failed to determine if {} can remove authorizable {}"jcrSession.getUserID(), groupId);
        }
        return false;
    }
    /* (non-Javadoc)
     * @see org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo#canUpdateProperties(javax.jcr.Session, java.lang.String)
     */
    public boolean canUpdateProperties(Session jcrSessionString principalId) {
        try {
            if (jcrSession.getUserID().equals(principalId)) {
                //user is allowed to update it's own properties
                return true;
            }
            
            UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
            Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
            if (((User)currentUser).isAdmin()) {
                return true//admin user has full control
            }
            Authorizable authorizable = userManager.getAuthorizable(principalId);
            if (authorizable instanceof User) {
                //check if the user is a member of the 'User administrator' group
                Authorizable userAdmin = userManager.getAuthorizable(this.);
                if (userAdmin instanceof Group) {
                    boolean isMember = ((Group)userAdmin).isMember(currentUser);
                    if (isMember) {
                        return true;
                    }
                }
            } else if (authorizable instanceof Group) {
                //check if the user is a member of the 'Group administrator' group
                Authorizable groupAdmin = userManager.getAuthorizable(this.);
                if (groupAdmin instanceof Group) {
                    boolean isMember = ((Group)groupAdmin).isMember(currentUser);
                    if (isMember) {
                        return true;
                    }
                }
            }
        } catch (RepositoryException e) {
            .warn("Failed to determine if {} can remove authorizable {}"jcrSession.getUserID(), principalId);
        }
        return false;
    }
    // ---------- SCR Integration ----------------------------------------------
    //keep track of the bundle context
    private ComponentContext componentContext;

    
Called by SCR to activate the component.

Throws:
InvalidKeyException
NoSuchAlgorithmException
IllegalStateException
UnsupportedEncodingException
    protected void activate(ComponentContext componentContext)
            throws InvalidKeyExceptionNoSuchAlgorithmException,
        this. = componentContext;
        
        Dictionary<?, ?> properties = componentContext.getProperties();
        this. = OsgiUtil.toString(properties.get(),
                );
        .info("User Admin Group Name {}"this.);
        this. = OsgiUtil.toString(properties.get(), 
                );
        .info("Group Admin Group Name {}"this.);
    }
    protected void deactivate(ComponentContext componentContext) {
    }
New to GrepCode? Check out our FAQ X