org.apache.jackrabbit.core

Class UserPerWorkspaceSecurityManager

java.lang.Object

org.apache.jackrabbit.core.DefaultSecurityManager

org.apache.jackrabbit.core.UserPerWorkspaceSecurityManager

All Implemented Interfaces:

JackrabbitSecurityManager

public class UserPerWorkspaceSecurityManager
extends DefaultSecurityManager

Derived security manager implementation that expects that users information is present in each workspace instead of having a single, dedicated "security-workspace" that provides user information. Consequently, the UserManager used to retrieve and manipulate user content is always bound to the Session passed to getUserManager(Session).

In addition the default (user-based) principal provider created by DefaultSecurityManager cannot be used to retrieve principals. Instead this implementation keeps a distinct pp-registry for each workspace.

NOTE: While this security manager asserts that a minimal set of system users (admin and anonymous) is present in each workspace it doesn't make any attempt to set or define the access permissions on the tree containing user related information.

Field Summary

Fields inherited from class org.apache.jackrabbit.core.DefaultSecurityManager

adminId, anonymousId

Constructor Summary

Constructors

Constructor and Description
UserPerWorkspaceSecurityManager()

Method Summary

Modifier and Type	Method and Description
void	close() Disposes this security manager instance and cleans all internal caches.
protected PrincipalProvider	createDefaultPrincipalProvider(Properties[] moduleConfig) Always returns null.
protected WorkspaceAccessManager	createDefaultWorkspaceAccessManager() Returns a new instance of SimpleWorkspaceAccessManager, since with the DefaultLoginModule the existence of the user is checked in order to successfully complete the login.
protected org.apache.jackrabbit.api.security.principal.PrincipalManager	createPrincipalManager(SessionImpl session)
protected UserManagerImpl	createUserManager(SessionImpl session) Creates a new instanceof TransientChangeUserManagerImpl.
void	dispose(String workspaceName) Disposes those parts of this security manager that are related to the workspace indicated by the given workspaceName.
AuthContext	getAuthContext(Credentials creds, Subject subject, String workspaceName) Creates an AuthContext for the given Credentials and Subject. This includes selection of application specific LoginModules and initialization with credentials and Session to System-Workspace
protected org.apache.jackrabbit.api.security.user.UserManager	getSystemUserManager(String workspaceName)
org.apache.jackrabbit.api.security.user.UserManager	getUserManager(Session session) As this implementation expects that users information in present in every workspace, the UserManager is always created with the given session.
void	init(Repository repository, Session systemSession)

Methods inherited from class org.apache.jackrabbit.core.DefaultSecurityManager

checkInitialized, getAccessManager, getAuthContextProvider, getConfig, getMembershipCache, getPrincipalManager, getPrincipalProviderRegistry, getRepository, getSystemSession, getUserID

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UserPerWorkspaceSecurityManager

public UserPerWorkspaceSecurityManager()

Method Detail

init

public void init(Repository repository,
                 Session systemSession)
          throws RepositoryException

Specified by:

init in interface JackrabbitSecurityManager

Overrides:

init in class DefaultSecurityManager

Throws:

RepositoryException

See Also:

JackrabbitSecurityManager.init(Repository, Session)

dispose

public void dispose(String workspaceName)

Description copied from interface: JackrabbitSecurityManager

Disposes those parts of this security manager that are related to the workspace indicated by the given workspaceName.

Specified by:

dispose in interface JackrabbitSecurityManager

Overrides:

dispose in class DefaultSecurityManager

Parameters:

workspaceName - Name of the workspace that is being disposed.

See Also:

JackrabbitSecurityManager.dispose(String)

close

public void close()

Description copied from interface: JackrabbitSecurityManager

Disposes this security manager instance and cleans all internal caches.

Specified by:

close in interface JackrabbitSecurityManager

Overrides:

close in class DefaultSecurityManager

See Also:

JackrabbitSecurityManager.close()

getUserManager

public org.apache.jackrabbit.api.security.user.UserManager getUserManager(Session session)
                                                                   throws RepositoryException

As this implementation expects that users information in present in every workspace, the UserManager is always created with the given session.

Specified by:

getUserManager in interface JackrabbitSecurityManager

Overrides:

getUserManager in class DefaultSecurityManager

Returns:

UserManager for the given session.

Throws:

UnsupportedRepositoryOperationException - If user management is not supported.

RepositoryException

See Also:

JackrabbitSecurityManager.getUserManager(javax.jcr.Session)

getAuthContext

public AuthContext getAuthContext(Credentials creds,
                                  Subject subject,
                                  String workspaceName)
                           throws RepositoryException

Creates an AuthContext for the given Credentials and Subject.
This includes selection of application specific LoginModules and initialization with credentials and Session to System-Workspace

Specified by:

getAuthContext in interface JackrabbitSecurityManager

Overrides:

getAuthContext in class DefaultSecurityManager

workspaceName - The name of the workspace to login.

Returns:

an AuthContext for the given Credentials, Subject

Throws:

RepositoryException - in other exceptional repository states

createDefaultPrincipalProvider

protected PrincipalProvider createDefaultPrincipalProvider(Properties[] moduleConfig)
                                                    throws RepositoryException

Always returns null. The default principal provider is workspace depending as users are expected to exist in every workspace.

Overrides:

createDefaultPrincipalProvider in class DefaultSecurityManager

Returns:

null

Throws:

RepositoryException

getSystemUserManager

protected org.apache.jackrabbit.api.security.user.UserManager getSystemUserManager(String workspaceName)
                                                                            throws RepositoryException

Overrides:

getSystemUserManager in class DefaultSecurityManager

Parameters:

workspaceName - The name of the target workspace.

Returns:

The system user manager. Since this implementation stores users in a dedicated workspace the system user manager is the same for all sessions irrespective of the workspace.

Throws:

RepositoryException - If an error occurs.

createUserManager

protected UserManagerImpl createUserManager(SessionImpl session)
                                     throws RepositoryException

Creates a new instanceof TransientChangeUserManagerImpl.

Overrides:

createUserManager in class DefaultSecurityManager

Parameters:

session - session

Returns:

an instanceof TransientChangeUserManagerImpl

Throws:

RepositoryException

createPrincipalManager

protected org.apache.jackrabbit.api.security.principal.PrincipalManager createPrincipalManager(SessionImpl session)
                                                                                        throws RepositoryException

Overrides:

createPrincipalManager in class DefaultSecurityManager

Parameters:

session - Session for the principal manager must be created.

Returns:

A new instance of PrincipalManagerImpl. Note that this implementation uses a workspace specific principal provider registry, that retrieves the configured providers from the registry obtained through DefaultSecurityManager.getPrincipalProviderRegistry() but has a workspace specific default provider.

Throws:

RepositoryException

createDefaultWorkspaceAccessManager

protected WorkspaceAccessManager createDefaultWorkspaceAccessManager()

Returns a new instance of SimpleWorkspaceAccessManager, since with the DefaultLoginModule the existence of the user is checked in order to successfully complete the login. Since with this SecurityManager users are stored separately in each workspace, a user may only login to a workspace if the corresponding user node exists. Consequently a lazy workspace access manager is sufficient.

If this SecurityManager is used with a distinct LoginModule implementation, the configuration for WorkspaceAccessManager should be adjusted as well.

Overrides:

createDefaultWorkspaceAccessManager in class DefaultSecurityManager

Returns:

An new instance of SimpleWorkspaceAccessManager.