Package org.apache.jackrabbit.core
Class UserPerWorkspaceSecurityManager
- java.lang.Object
-
- org.apache.jackrabbit.core.DefaultSecurityManager
-
- org.apache.jackrabbit.core.UserPerWorkspaceSecurityManager
-
- All Implemented Interfaces:
JackrabbitSecurityManager
public class UserPerWorkspaceSecurityManager extends DefaultSecurityManager
Derived security manager implementation that expects that users information is present in each workspace instead of having a single, dedicated "security-workspace" that provides user information. Consequently, the UserManager used to retrieve and manipulate user content is always bound to theSessionpassed togetUserManager(Session).In addition the default (user-based) principal provider created by
NOTE: While this security manager asserts that a minimal set of system users (admin and anonymous) is present in each workspace it doesn't make any attempt to set or define the access permissions on the tree containing user related information.DefaultSecurityManagercannot be used to retrieve principals. Instead this implementation keeps a distinct pp-registry for each workspace.
-
-
Field Summary
-
Fields inherited from class org.apache.jackrabbit.core.DefaultSecurityManager
adminId, anonymousId
-
-
Constructor Summary
Constructors Constructor Description UserPerWorkspaceSecurityManager()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidclose()Disposes this security manager instance and cleans all internal caches.protected PrincipalProvidercreateDefaultPrincipalProvider(Properties[] moduleConfig)Always returnsnull.protected WorkspaceAccessManagercreateDefaultWorkspaceAccessManager()Returns a new instance ofSimpleWorkspaceAccessManager, since with theDefaultLoginModulethe existence of the user is checked in order to successfully complete the login.protected PrincipalManagercreatePrincipalManager(SessionImpl session)protected UserManagerImplcreateUserManager(SessionImpl session)Creates a new instanceofTransientChangeUserManagerImpl.voiddispose(String workspaceName)Disposes those parts of this security manager that are related to the workspace indicated by the givenworkspaceName.AuthContextgetAuthContext(Credentials creds, Subject subject, String workspaceName)Creates an AuthContext for the givenCredentialsandSubject.
This includes selection of application specific LoginModules and initialization with credentials and Session to System-Workspaceprotected UserManagergetSystemUserManager(String workspaceName)UserManagergetUserManager(Session session)As this implementation expects that users information in present in every workspace, the UserManager is always created with the given session.voidinit(Repository repository, Session systemSession)-
Methods inherited from class org.apache.jackrabbit.core.DefaultSecurityManager
checkInitialized, getAccessManager, getAuthContextProvider, getConfig, getMembershipCache, getPrincipalManager, getPrincipalProviderRegistry, getRepository, getSystemSession, getUserID
-
-
-
-
Method Detail
-
init
public void init(Repository repository, Session systemSession) throws RepositoryException
- Specified by:
initin interfaceJackrabbitSecurityManager- Overrides:
initin classDefaultSecurityManager- Throws:
RepositoryException- See Also:
JackrabbitSecurityManager.init(Repository, Session)
-
dispose
public void dispose(String workspaceName)
Description copied from interface:JackrabbitSecurityManagerDisposes those parts of this security manager that are related to the workspace indicated by the givenworkspaceName.- Specified by:
disposein interfaceJackrabbitSecurityManager- Overrides:
disposein classDefaultSecurityManager- Parameters:
workspaceName- Name of the workspace that is being disposed.- See Also:
JackrabbitSecurityManager.dispose(String)
-
close
public void close()
Description copied from interface:JackrabbitSecurityManagerDisposes this security manager instance and cleans all internal caches.- Specified by:
closein interfaceJackrabbitSecurityManager- Overrides:
closein classDefaultSecurityManager- See Also:
JackrabbitSecurityManager.close()
-
getUserManager
public UserManager getUserManager(Session session) throws RepositoryException
As this implementation expects that users information in present in every workspace, the UserManager is always created with the given session.- Specified by:
getUserManagerin interfaceJackrabbitSecurityManager- Overrides:
getUserManagerin classDefaultSecurityManager- Returns:
- UserManager for the given
session. - Throws:
UnsupportedRepositoryOperationException- If user management is not supported.RepositoryException- See Also:
JackrabbitSecurityManager.getUserManager(javax.jcr.Session)
-
getAuthContext
public AuthContext getAuthContext(Credentials creds, Subject subject, String workspaceName) throws RepositoryException
Creates an AuthContext for the givenCredentialsandSubject.
This includes selection of application specific LoginModules and initialization with credentials and Session to System-Workspace- Specified by:
getAuthContextin interfaceJackrabbitSecurityManager- Overrides:
getAuthContextin classDefaultSecurityManagerworkspaceName- The name of the workspace to login.- Returns:
- an
AuthContextfor the given Credentials, Subject - Throws:
RepositoryException- in other exceptional repository states
-
createDefaultPrincipalProvider
protected PrincipalProvider createDefaultPrincipalProvider(Properties[] moduleConfig) throws RepositoryException
Always returnsnull. The default principal provider is workspace depending as users are expected to exist in every workspace.- Overrides:
createDefaultPrincipalProviderin classDefaultSecurityManager- Returns:
null- Throws:
RepositoryException
-
getSystemUserManager
protected UserManager getSystemUserManager(String workspaceName) throws RepositoryException
- Overrides:
getSystemUserManagerin classDefaultSecurityManager- Parameters:
workspaceName- The name of the target workspace.- Returns:
- The system user manager. Since this implementation stores users in a dedicated workspace the system user manager is the same for all sessions irrespective of the workspace.
- Throws:
RepositoryException- If an error occurs.
-
createUserManager
protected UserManagerImpl createUserManager(SessionImpl session) throws RepositoryException
Creates a new instanceofTransientChangeUserManagerImpl.- Overrides:
createUserManagerin classDefaultSecurityManager- Parameters:
session- session- Returns:
- an instanceof
TransientChangeUserManagerImpl - Throws:
RepositoryException
-
createPrincipalManager
protected PrincipalManager createPrincipalManager(SessionImpl session) throws RepositoryException
- Overrides:
createPrincipalManagerin classDefaultSecurityManager- Parameters:
session- Session for the principal manager must be created.- Returns:
- A new instance of PrincipalManagerImpl. Note that this implementation
uses a workspace specific principal provider registry, that retrieves
the configured providers from the registry obtained through
DefaultSecurityManager.getPrincipalProviderRegistry()but has a workspace specific default provider. - Throws:
RepositoryException
-
createDefaultWorkspaceAccessManager
protected WorkspaceAccessManager createDefaultWorkspaceAccessManager()
Returns a new instance ofSimpleWorkspaceAccessManager, since with theDefaultLoginModulethe existence of the user is checked in order to successfully complete the login. Since with this SecurityManager users are stored separately in each workspace, a user may only login to a workspace if the corresponding user node exists. Consequently a lazy workspace access manager is sufficient.If this SecurityManager is used with a distinct
LoginModuleimplementation, theconfigurationforWorkspaceAccessManagershould be adjusted as well.- Overrides:
createDefaultWorkspaceAccessManagerin classDefaultSecurityManager- Returns:
- An new instance of
SimpleWorkspaceAccessManager.
-
-