Minor formatting...
git-svn-id: https://svn.apache.org/repos/asf/incubator/photark/trunk@986187 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/JCRAccessManager.java b/photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/JCRAccessManager.java
index 15ae0d8..8618007 100644
--- a/photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/JCRAccessManager.java
+++ b/photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/JCRAccessManager.java
@@ -19,21 +19,71 @@
package org.apache.photark.jcr.security.authorization;
+import static org.apache.photark.security.utils.Constants.ALBUM_ADD_IMAGES_PERMISSION;
+import static org.apache.photark.security.utils.Constants.ALBUM_CREATE_PERMISSION;
+import static org.apache.photark.security.utils.Constants.ALBUM_DELETE_IMAGES_PERMISSION;
+import static org.apache.photark.security.utils.Constants.ALBUM_EDIT_ALBUM_DESCRIPTION_PERMISSION;
+import static org.apache.photark.security.utils.Constants.ALBUM_VIEW_IMAGES_PERMISSION;
+import static org.apache.photark.security.utils.Constants.ALL_GROUPS;
+import static org.apache.photark.security.utils.Constants.ALL_PERMISSIONS;
+import static org.apache.photark.security.utils.Constants.ALL_ROLES;
+import static org.apache.photark.security.utils.Constants.ALL_USERS;
+import static org.apache.photark.security.utils.Constants.ALL_USERS_VIEW_ROLE;
+import static org.apache.photark.security.utils.Constants.BLOCKED_USER_LIST;
+import static org.apache.photark.security.utils.Constants.DEFAULT_LISTS;
+import static org.apache.photark.security.utils.Constants.GROUP_OWNER;
+import static org.apache.photark.security.utils.Constants.GROUP_USERS;
+import static org.apache.photark.security.utils.Constants.GUEST;
+import static org.apache.photark.security.utils.Constants.MUTUALLY_EXCLUSIVE_LIST;
+import static org.apache.photark.security.utils.Constants.PERMISSION_DESCRIPTION;
+import static org.apache.photark.security.utils.Constants.REGISTERED_USER_LIST;
+import static org.apache.photark.security.utils.Constants.ROLE_PERMISSIONS;
+import static org.apache.photark.security.utils.Constants.ROLE_USER_GROUPS;
+import static org.apache.photark.security.utils.Constants.SUPER_ADMIN;
+import static org.apache.photark.security.utils.Constants.SUPER_ADMIN_LIST;
+import static org.apache.photark.security.utils.Constants.UNREGISTERED_USER_LIST;
+import static org.apache.photark.security.utils.Constants.USER_DISPLAY_NAME;
+import static org.apache.photark.security.utils.Constants.USER_EMAIL;
+import static org.apache.photark.security.utils.Constants.USER_GROUP_CREATE_PERMISSION;
+import static org.apache.photark.security.utils.Constants.USER_ID;
+import static org.apache.photark.security.utils.Constants.USER_LISTS;
+import static org.apache.photark.security.utils.Constants.USER_REAL_NAME;
+import static org.apache.photark.security.utils.Constants.USER_STORE;
+import static org.apache.photark.security.utils.Constants.USER_WEBSITE;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.jcr.LoginException;
+import javax.jcr.Node;
+import javax.jcr.NodeIterator;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.Property;
+import javax.jcr.PropertyIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.ValueFormatException;
import org.apache.photark.jcr.JCRRepositoryManager;
import org.apache.photark.jcr.services.JCRAlbumImpl;
import org.apache.photark.jcr.util.JCREncoder;
-import org.apache.photark.security.authorization.*;
+import org.apache.photark.security.authorization.AccessList;
+import org.apache.photark.security.authorization.Permission;
+import org.apache.photark.security.authorization.Role;
+import org.apache.photark.security.authorization.User;
+import org.apache.photark.security.authorization.UserInfo;
import org.apache.photark.security.authorization.services.AccessManager;
import org.apache.photark.security.authorization.services.JSONAccessManager;
import org.apache.photark.services.album.Album;
-import org.oasisopen.sca.annotation.*;
-
-import javax.jcr.*;
-import javax.jcr.Property;
-import java.util.*;
-
-import static org.apache.photark.security.utils.Constants.*;
+import org.oasisopen.sca.annotation.Destroy;
+import org.oasisopen.sca.annotation.Init;
+import org.oasisopen.sca.annotation.Reference;
+import org.oasisopen.sca.annotation.Remotable;
+import org.oasisopen.sca.annotation.Scope;
@Remotable
@Scope("COMPOSITE")
@@ -46,7 +96,7 @@
boolean initialised = false;
private static Map<String, Object[]> accessTokenMap = new HashMap<String, Object[]>();
- // JSONRPCSecurityManager jsonSecurityManager= new JSONRPCSecurityManager();
+ // JSONRPCSecurityManager jsonSecurityManager= new JSONRPCSecurityManager();
public JCRAccessManager() {
@@ -56,10 +106,10 @@
protected void setRepositoryManager(JCRRepositoryManager repositoryManager) {
JCRAccessManager.repositoryManager = repositoryManager;
}
+
/*
- *
- * initialing jcr
- * */
+ * initialing jcr
+ */
@Init
public synchronized void init() {
@@ -70,7 +120,9 @@
if (!root.hasNode(USER_STORE)) {
Node userStore = root.addNode(USER_STORE);
Node mutuallyExclusiveRoles = userStore.addNode(MUTUALLY_EXCLUSIVE_LIST);
- mutuallyExclusiveRoles.setProperty(DEFAULT_LISTS, new String[]{BLOCKED_USER_LIST, UNREGISTERED_USER_LIST, REGISTERED_USER_LIST, SUPER_ADMIN_LIST});
+ mutuallyExclusiveRoles
+ .setProperty(DEFAULT_LISTS, new String[] {BLOCKED_USER_LIST, UNREGISTERED_USER_LIST,
+ REGISTERED_USER_LIST, SUPER_ADMIN_LIST});
Node allUsers = userStore.addNode(ALL_USERS);
Node lists = userStore.addNode(USER_LISTS);
@@ -81,15 +133,19 @@
allUsersNode.addNode("boston");
userStore.addNode(ALL_GROUPS);
- //lists
+ // lists
lists.addNode(BLOCKED_USER_LIST);
- Node unRegisteredUserList = lists.addNode(UNREGISTERED_USER_LIST); // logged in but not registered
+ Node unRegisteredUserList = lists.addNode(UNREGISTERED_USER_LIST); // logged
+ // in
+ // but
+ // not
+ // registered
lists.addNode(REGISTERED_USER_LIST);
Node superAdminList = lists.addNode(SUPER_ADMIN_LIST);
- //Default users
+ // Default users
- //super admin
+ // super admin
superAdminList.addNode(SUPER_ADMIN);
Node userNode = allUsers.addNode(SUPER_ADMIN);
userNode.setProperty(USER_DISPLAY_NAME, "SuperAdmin");
@@ -98,7 +154,7 @@
userNode.setProperty(USER_WEBSITE, "");
userNode.setProperty(USER_ID, "SuperAdmin");
- //guest
+ // guest
unRegisteredUserList.addNode(GUEST);
userNode = allUsers.addNode(GUEST);
userNode.setProperty(USER_DISPLAY_NAME, "GuestUser");
@@ -107,11 +163,15 @@
userNode.setProperty(USER_WEBSITE, "");
userNode.setProperty(USER_ID, "GuestUser");
- //per Album permissions
- allPermissions.addNode(ALBUM_VIEW_IMAGES_PERMISSION).setProperty(PERMISSION_DESCRIPTION, "Allow the users to view the album images");
- allPermissions.addNode(ALBUM_ADD_IMAGES_PERMISSION).setProperty(PERMISSION_DESCRIPTION, "Allow the users to add new images to the album");
- allPermissions.addNode(ALBUM_DELETE_IMAGES_PERMISSION).setProperty(PERMISSION_DESCRIPTION, "Allow the users to delete images from the album");
- allPermissions.addNode(ALBUM_EDIT_ALBUM_DESCRIPTION_PERMISSION).setProperty(PERMISSION_DESCRIPTION, "Allow the users to edit Album description");
+ // per Album permissions
+ allPermissions.addNode(ALBUM_VIEW_IMAGES_PERMISSION)
+ .setProperty(PERMISSION_DESCRIPTION, "Allow the users to view the album images");
+ allPermissions.addNode(ALBUM_ADD_IMAGES_PERMISSION)
+ .setProperty(PERMISSION_DESCRIPTION, "Allow the users to add new images to the album");
+ allPermissions.addNode(ALBUM_DELETE_IMAGES_PERMISSION)
+ .setProperty(PERMISSION_DESCRIPTION, "Allow the users to delete images from the album");
+ allPermissions.addNode(ALBUM_EDIT_ALBUM_DESCRIPTION_PERMISSION)
+ .setProperty(PERMISSION_DESCRIPTION, "Allow the users to edit Album description");
session.save();
initialised = true;
@@ -128,10 +188,10 @@
// repositoryManager.releaseSession();
}
- //****************************************************************************************
+ // ****************************************************************************************
// for lists
- //add user to one of the four lists
+ // add user to one of the four lists
public synchronized void addUserToList(User user, String listName) {
if (!initialised) {
@@ -142,7 +202,7 @@
// deleting from other lists
deleteMutuallyExclusiveLists(user.getUserId(), listName);
- Node users = (Node) session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
+ Node users = (Node)session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
Node userNode;
UserInfo userInfo = user.getUserInfo();
if (users != null) {
@@ -153,7 +213,7 @@
}
}
session.save();
- //deleting the accessList of the users
+ // deleting the accessList of the users
removeAccessList(user.getUserId());
addToAllUsers(user);
@@ -173,7 +233,7 @@
try {
Session session = repositoryManager.getSession();
- Node allMutuallyExclusiveRoles = (Node) session.getItem("/" + USER_STORE + "/" + MUTUALLY_EXCLUSIVE_LIST);
+ Node allMutuallyExclusiveRoles = (Node)session.getItem("/" + USER_STORE + "/" + MUTUALLY_EXCLUSIVE_LIST);
for (PropertyIterator pi = allMutuallyExclusiveRoles.getProperties(); pi.hasNext();) {
Property p = pi.nextProperty();
@@ -185,7 +245,7 @@
if (list.contains(roleName)) {
for (Object aList : list) {
- String theList = (String) aList;
+ String theList = (String)aList;
if (!theList.equals(roleName)) {
removeUserFromList(userId, theList);
}
@@ -193,7 +253,6 @@
}
}
-
}
session.save();
} catch (PathNotFoundException e) {
@@ -214,7 +273,7 @@
if (isPermitted(getUserIdFromSecurityToken(securityToken), null, null)) {
try {
Session session = repositoryManager.getSession();
- Node users = (Node) session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
+ Node users = (Node)session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
if (users != null) {
for (NodeIterator ni = users.getNodes(); ni.hasNext();) {
Node userNode = ni.nextNode();
@@ -242,12 +301,12 @@
try {
Session session = repositoryManager.getSession();
- Node usersNode = (Node) session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
+ Node usersNode = (Node)session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
if (usersNode != null) {
usersNode.remove();
session.save();
}
- Node userListNode = (Node) session.getItem("/" + USER_STORE + "/" + USER_LISTS);
+ Node userListNode = (Node)session.getItem("/" + USER_STORE + "/" + USER_LISTS);
if (userListNode != null) {
userListNode.addNode(listName);
@@ -256,7 +315,7 @@
}
session.save();
}
- //deleting the accessList of the users
+ // deleting the accessList of the users
removeAllAccessList();
} catch (Exception e) {
@@ -274,15 +333,14 @@
Session session;
try {
session = repositoryManager.getSession();
- Node listNodeUsers = (Node) session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
+ Node listNodeUsers = (Node)session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
if (listNodeUsers != null) {
if (listNodeUsers.hasNode(JCREncoder.toJCRFormat(userId))) {
- Node userNode = listNodeUsers
- .getNode(JCREncoder.toJCRFormat(userId));
+ Node userNode = listNodeUsers.getNode(JCREncoder.toJCRFormat(userId));
userNode.remove();
session.save();
- //deleting the accessList of the users
+ // deleting the accessList of the users
removeAccessList(userId);
}
}
@@ -307,7 +365,7 @@
}
try {
Session session = repositoryManager.getSession();
- Node subRoleNodeUsers = (Node) session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
+ Node subRoleNodeUsers = (Node)session.getItem("/" + USER_STORE + "/" + USER_LISTS + "/" + listName);
if (subRoleNodeUsers != null && subRoleNodeUsers.hasNode(JCREncoder.toJCRFormat(userId))) {
return true;
}
@@ -327,7 +385,7 @@
Session session = repositoryManager.getSession();
UserInfo userInfo = user.getUserInfo();
Node userNode;
- Node allUsers = (Node) session.getItem("/" + USER_STORE + "/" + ALL_USERS);
+ Node allUsers = (Node)session.getItem("/" + USER_STORE + "/" + ALL_USERS);
if (allUsers != null) {
if (allUsers.hasNode(JCREncoder.toJCRFormat(user.getUserId()))) {
@@ -335,21 +393,17 @@
} else {
userNode = allUsers.addNode(JCREncoder.toJCRFormat(user.getUserId()));
}
- userNode.setProperty(USER_DISPLAY_NAME, JCREncoder.toJCRFormat(userInfo
- .getDisplayName()));
+ userNode.setProperty(USER_DISPLAY_NAME, JCREncoder.toJCRFormat(userInfo.getDisplayName()));
userNode.setProperty(USER_EMAIL, JCREncoder.toJCRFormat(userInfo.getEmail()));
- userNode.setProperty(USER_REAL_NAME, JCREncoder.toJCRFormat(userInfo
- .getRealName()));
- userNode.setProperty(USER_WEBSITE, JCREncoder.toJCRFormat(userInfo
- .getWebsite()));
+ userNode.setProperty(USER_REAL_NAME, JCREncoder.toJCRFormat(userInfo.getRealName()));
+ userNode.setProperty(USER_WEBSITE, JCREncoder.toJCRFormat(userInfo.getWebsite()));
userNode.setProperty(USER_ID, JCREncoder.toJCRFormat(user.getUserId()));
}
session.save();
}
-
- //***************************************************************************
- //for users
+ // ***************************************************************************
+ // for users
// get user for the given user id
// taken from all users group
@@ -364,23 +418,23 @@
User user = null;
try {
Session session = repositoryManager.getSession();
-// //to delete userStore
-// Node root = session.getRootNode();
-// Node userStoreT= root.getNode("userStore");
-// userStoreT.remove();
-// session.save();
-// //
- Node allUsers = (Node) session.getItem("/" + USER_STORE + "/" + ALL_USERS);
+ // //to delete userStore
+ // Node root = session.getRootNode();
+ // Node userStoreT= root.getNode("userStore");
+ // userStoreT.remove();
+ // session.save();
+ // //
+ Node allUsers = (Node)session.getItem("/" + USER_STORE + "/" + ALL_USERS);
Node userNode;
if (allUsers != null && allUsers.hasNode(JCREncoder.toJCRFormat(userId))) {
userNode = allUsers.getNode(JCREncoder.toJCRFormat(userId));
user = new User(JCREncoder.toNormalFormat(userNode.getName()));
- UserInfo userInfo = new UserInfo(
- JCREncoder.toNormalFormat(userNode.getProperty(USER_DISPLAY_NAME).getValue().getString()),
- JCREncoder.toNormalFormat(userNode.getProperty(USER_EMAIL).getValue().getString()),
- JCREncoder.toNormalFormat(userNode.getProperty(USER_REAL_NAME).getValue().getString()),
- JCREncoder.toNormalFormat(userNode.getProperty(USER_WEBSITE).getValue().getString())
- );
+ UserInfo userInfo =
+ new UserInfo(JCREncoder.toNormalFormat(userNode.getProperty(USER_DISPLAY_NAME).getValue()
+ .getString()), JCREncoder.toNormalFormat(userNode.getProperty(USER_EMAIL).getValue()
+ .getString()), JCREncoder.toNormalFormat(userNode.getProperty(USER_REAL_NAME).getValue()
+ .getString()), JCREncoder.toNormalFormat(userNode.getProperty(USER_WEBSITE).getValue()
+ .getString()));
user.setUserInfo(userInfo);
}
} catch (Exception e) {
@@ -401,7 +455,7 @@
User user = null;
try {
Session session = repositoryManager.getSession();
- Node allUsers = (Node) session.getItem("/" + USER_STORE + "/" + ALL_USERS);
+ Node allUsers = (Node)session.getItem("/" + USER_STORE + "/" + ALL_USERS);
NodeIterator userNodes = allUsers.getNodes();
while (userNodes.hasNext()) {
@@ -419,10 +473,10 @@
}
- //**********************************************************
- //for permissions
+ // **********************************************************
+ // for permissions
- // assign Album. Roles , Permissions, User Groups
+ // assign Album. Roles , Permissions, User Groups
public synchronized void addToRole(String albumName, List<String[]> rolesAndUserGroups, String securityToken) {
@@ -431,7 +485,7 @@
try {
Node role;
Session session = repositoryManager.getSession();
- Node roles = (Node) session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
+ Node roles = (Node)session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
for (NodeIterator ni = roles.getNodes(); ni.hasNext();) {
Node roleNode = ni.nextNode();
@@ -451,7 +505,7 @@
}
}
session.save();
- //deleting the accessList of the users
+ // deleting the accessList of the users
removeAllAccessList();
} catch (LoginException e) {
e.printStackTrace();
@@ -474,18 +528,18 @@
return Arrays.asList(album.getOwners()).contains(userId);
}
-
// get all permissions
public synchronized Permission[] getPermissions() {
List<Permission> list = new ArrayList<Permission>();
try {
Session session = repositoryManager.getSession();
- Node allPermissions = (Node) session.getItem("/" + USER_STORE + "/" + ALL_PERMISSIONS);
+ Node allPermissions = (Node)session.getItem("/" + USER_STORE + "/" + ALL_PERMISSIONS);
NodeIterator permissionNodes = allPermissions.getNodes();
while (permissionNodes.hasNext()) {
Node permissionNode = permissionNodes.nextNode();
- list.add(new Permission(permissionNode.getName(), permissionNode.getProperty(PERMISSION_DESCRIPTION).getString()));
+ list.add(new Permission(permissionNode.getName(), permissionNode.getProperty(PERMISSION_DESCRIPTION)
+ .getString()));
}
} catch (ValueFormatException e) {
e.printStackTrace();
@@ -501,9 +555,8 @@
}
-
// get the permission information for the Album
- //Object[] == String [n][1] [<roleName>[1]][<userGroupNames String>[1]]
+ // Object[] == String [n][1] [<roleName>[1]][<userGroupNames String>[1]]
public synchronized Object[] getAlbumPermissionInfo(String albumName, String securityToken) {
List<Object[]> list = new ArrayList<Object[]>();
@@ -511,7 +564,7 @@
try {
Session session = repositoryManager.getSession();
- Node roles = (Node) session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
+ Node roles = (Node)session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
NodeIterator roleNodes = roles.getNodes();
while (roleNodes.hasNext()) {
Node roleNode = roleNodes.nextNode();
@@ -525,7 +578,7 @@
} else {
userGroups = "";
}
- list.add(new String[]{roleNode.getName(), userGroups});
+ list.add(new String[] {roleNode.getName(), userGroups});
break;
}
@@ -545,8 +598,8 @@
}
- //get the permissions to create accessList permissions
- //Map<Album name, List<the user's permissions for that album>>
+ // get the permissions to create accessList permissions
+ // Map<Album name, List<the user's permissions for that album>>
private synchronized Map<String, List<Permission>> getPermissions(String userId) {
if (!initialised) {
@@ -555,7 +608,7 @@
Map<String, List<Permission>> permissions = new HashMap<String, List<Permission>>();
try {
Session session = repositoryManager.getSession();
- Node RolesNode = (Node) session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
+ Node RolesNode = (Node)session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
for (NodeIterator ni = RolesNode.getNodes(); ni.hasNext();) {
Node roleNode = ni.nextNode();
@@ -569,7 +622,8 @@
Property userGroups = albumNode.getProperty(ROLE_USER_GROUPS);
for (String userGroup : userGroups.getString().split(",")) {
if (isUserInGroup(userId, userGroup)) {
- rolePermissionList = concatPermissions(permissions, roleNode, rolePermissionList, albumNode);
+ rolePermissionList =
+ concatPermissions(permissions, roleNode, rolePermissionList, albumNode);
}
}
}
@@ -588,7 +642,10 @@
// adding two permission lists together
- private synchronized List<Permission> concatPermissions(Map<String, List<Permission>> permissions, Node roleNode, List<Permission> rolePermissionList, Node albumNode) throws RepositoryException {
+ private synchronized List<Permission> concatPermissions(Map<String, List<Permission>> permissions,
+ Node roleNode,
+ List<Permission> rolePermissionList,
+ Node albumNode) throws RepositoryException {
List<Permission> list;
if (rolePermissionList == null) {
rolePermissionList = new ArrayList<Permission>();
@@ -619,9 +676,10 @@
Session session;
try {
session = repositoryManager.getSession();
- Node allPermissions = (Node) session.getItem("/" + USER_STORE + "/" + ALL_PERMISSIONS);
+ Node allPermissions = (Node)session.getItem("/" + USER_STORE + "/" + ALL_PERMISSIONS);
if (allPermissions.hasNode(permissionName)) {
- return new Permission(allPermissions.getNode(permissionName).getName(), allPermissions.getNode(permissionName).getProperty(PERMISSION_DESCRIPTION).getString());
+ return new Permission(allPermissions.getNode(permissionName).getName(), allPermissions
+ .getNode(permissionName).getProperty(PERMISSION_DESCRIPTION).getString());
}
} catch (ValueFormatException e) {
e.printStackTrace();
@@ -667,8 +725,12 @@
}
List<Permission> permissions = new ArrayList<Permission>();
// if the user in Registered User List or in the Supper Admin List
- //the user is allowed to create Albums and create User Groups
- if ((allowedPermissions.contains(ALBUM_CREATE_PERMISSION) || allowedPermissions.contains(USER_GROUP_CREATE_PERMISSION)) && (isUserStoredInList(accessList.getUserId(), REGISTERED_USER_LIST) || isUserStoredInList(accessList.getUserId(), SUPER_ADMIN_LIST))) {
+ // the user is allowed to create Albums and create User Groups
+ if ((allowedPermissions.contains(ALBUM_CREATE_PERMISSION) || allowedPermissions
+ .contains(USER_GROUP_CREATE_PERMISSION)) && (isUserStoredInList(accessList.getUserId(),
+ REGISTERED_USER_LIST) || isUserStoredInList(accessList
+ .getUserId(),
+ SUPER_ADMIN_LIST))) {
return true;
}
// owner have rights for his album
@@ -687,9 +749,8 @@
}
-
- //**********************************************************************************
- // for roles
+ // **********************************************************************************
+ // for roles
// add roles
@@ -703,12 +764,12 @@
if (permissions.endsWith(",")) {
permissions = permissions.substring(0, permissions.length() - 1);
}
- //only super admin is allowed
+ // only super admin is allowed
if (isPermitted(getUserIdFromSecurityToken(securityToken), null, null)) {
try {
Node role;
Session session = repositoryManager.getSession();
- Node roles = (Node) session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
+ Node roles = (Node)session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
if (!roles.hasNode(roleName)) {
role = roles.addNode(roleName);
@@ -718,7 +779,7 @@
}
role.setProperty(ROLE_PERMISSIONS, permissions);
session.save();
- //deleting the accessList of the users
+ // deleting the accessList of the users
removeAllAccessList();
} catch (LoginException e) {
@@ -743,12 +804,12 @@
try {
Node role;
Session session = repositoryManager.getSession();
- Node roles = (Node) session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
+ Node roles = (Node)session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
if (roles.hasNode(roleName)) {
role = roles.getNode(roleName);
role.remove();
session.save();
- //deleting the accessList of the users
+ // deleting the accessList of the users
removeAllAccessList();
}
@@ -769,12 +830,16 @@
try {
Session session = repositoryManager.getSession();
- Node roles = (Node) session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
+ Node roles = (Node)session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
NodeIterator groupNodes = roles.getNodes();
while (groupNodes.hasNext()) {
Node roleNode = groupNodes.nextNode();
- //if user is SUPER ADMIN or the user this the owner of the group he will get the group
- // if (accessList.getUserId().equals(SUPER_ADMIN) || groupNode.hasProperty(GROUP_OWNER) && accessList.getUserId().equals(JCREncoder.toNormalFormat(groupNode.getProperty(GROUP_OWNER).getString()))) {
+ // if user is SUPER ADMIN or the user this the owner of the
+ // group he will get the group
+ // if (accessList.getUserId().equals(SUPER_ADMIN) ||
+ // groupNode.hasProperty(GROUP_OWNER) &&
+ // accessList.getUserId().equals(JCREncoder.toNormalFormat(groupNode.getProperty(GROUP_OWNER).getString())))
+ // {
List<Permission> permissionList = new ArrayList<Permission>();
for (String permissionName : roleNode.getProperty(ROLE_PERMISSIONS).getString().split(",")) {
@@ -798,34 +863,34 @@
}
-
- //**********************************************************************************
+ // **********************************************************************************
// for user groups
- //add user group
+ // add user group
public synchronized void addGroup(String groupName, String userIds, String securityToken) {
try {
Node group;
Session session = repositoryManager.getSession();
- Node roles = (Node) session.getItem("/" + USER_STORE + "/" + ALL_GROUPS);
+ Node roles = (Node)session.getItem("/" + USER_STORE + "/" + ALL_GROUPS);
AccessList accessList = getAccessListFromSecurityToken(securityToken);
if (!roles.hasNode(groupName)) {
// super admin not allowed to create groups
- if (!accessList.getUserId().equals(SUPER_ADMIN) && isPermitted(accessList.getUserId(), groupName, new String[]{USER_GROUP_CREATE_PERMISSION})) {
+ if (!accessList.getUserId().equals(SUPER_ADMIN) && isPermitted(accessList.getUserId(),
+ groupName,
+ new String[] {USER_GROUP_CREATE_PERMISSION})) {
group = roles.addNode(groupName);
group.setProperty(GROUP_USERS, JCREncoder.toJCRFormat(userIds));
group.setProperty(GROUP_OWNER, JCREncoder.toJCRFormat(accessList.getUserId()));
-
}
} else {
group = roles.getNode(groupName);
if (group.getProperty(GROUP_OWNER).getString().contains(JCREncoder.toJCRFormat(accessList.getUserId()))) {
- //deleting the accessList of the users
+ // deleting the accessList of the users
for (String userId : group.getProperty(GROUP_USERS).getString().split(",")) {
removeAccessList(JCREncoder.toNormalFormat(userId));
}
@@ -833,7 +898,7 @@
}
}
- //deleting the accessList of the users
+ // deleting the accessList of the users
for (String userId : userIds.split(",")) {
removeAccessList(JCREncoder.toNormalFormat(userId));
}
@@ -856,17 +921,19 @@
try {
Session session = repositoryManager.getSession();
- Node groups = (Node) session.getItem("/" + USER_STORE + "/" + ALL_GROUPS);
+ Node groups = (Node)session.getItem("/" + USER_STORE + "/" + ALL_GROUPS);
if (groups.hasNode(groupName)) {
Node groupNode = groups.getNode(groupName);
- if (accessList.getUserId().equals(SUPER_ADMIN) || groupNode.hasProperty(GROUP_OWNER) && accessList.getUserId().equals(JCREncoder.toNormalFormat(groupNode.getProperty(GROUP_OWNER).getString()))) {
- //deleting the accessList of the users
+ if (accessList.getUserId().equals(SUPER_ADMIN) || groupNode.hasProperty(GROUP_OWNER)
+ && accessList.getUserId().equals(JCREncoder.toNormalFormat(groupNode.getProperty(GROUP_OWNER)
+ .getString()))) {
+ // deleting the accessList of the users
for (String userId : groupNode.getProperty(GROUP_USERS).getString().split(",")) {
removeAccessList(JCREncoder.toNormalFormat(userId));
}
groupNode.remove();
- Node roles = (Node) session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
+ Node roles = (Node)session.getItem("/" + USER_STORE + "/" + ALL_ROLES);
NodeIterator roleNodes = roles.getNodes();
while (roleNodes.hasNext()) {
Node roleNode = roleNodes.nextNode();
@@ -881,7 +948,8 @@
if (userGroups.trim().equals("")) {
albumNode.setProperty(ROLE_USER_GROUPS, "");
} else {
- albumNode.setProperty(ROLE_USER_GROUPS, userGroups.substring(0, userGroups.length() - 1));
+ albumNode.setProperty(ROLE_USER_GROUPS,
+ userGroups.substring(0, userGroups.length() - 1));
}
}
@@ -894,7 +962,6 @@
}
-
} catch (LoginException e) {
e.printStackTrace();
} catch (PathNotFoundException e) {
@@ -903,7 +970,6 @@
e.printStackTrace();
}
-
}
// get user groups owned by the user. If super admin, or all groups
@@ -913,14 +979,21 @@
List<Object[]> groupList = new ArrayList<Object[]>();
try {
Session session = repositoryManager.getSession();
- Node roles = (Node) session.getItem("/" + USER_STORE + "/" + ALL_GROUPS);
+ Node roles = (Node)session.getItem("/" + USER_STORE + "/" + ALL_GROUPS);
NodeIterator groupNodes = roles.getNodes();
while (groupNodes.hasNext()) {
Node groupNode = groupNodes.nextNode();
- //if user is super admin, or the owner of the group he will get the group
- if (accessList.getUserId().equals(SUPER_ADMIN) || groupNode.hasProperty(GROUP_OWNER) && accessList.getUserId().equals(JCREncoder.toNormalFormat(groupNode.getProperty(GROUP_OWNER).getString()))) {
- groupList.add(new Object[]{groupNode.getName(), Arrays.asList(JCREncoder.toNormalFormat(groupNode.getProperty(GROUP_USERS).getString()).split(","))});
- // groupMap.put(groupNode.getName(), Arrays.asList(JCREncoder.toNormalFormat(groupNode.getProperty(GROUP_USERS).getString()).split(",")));
+ // if user is super admin, or the owner of the group he will get
+ // the group
+ if (accessList.getUserId().equals(SUPER_ADMIN) || groupNode.hasProperty(GROUP_OWNER)
+ && accessList.getUserId().equals(JCREncoder.toNormalFormat(groupNode.getProperty(GROUP_OWNER)
+ .getString()))) {
+ groupList.add(new Object[] {
+ groupNode.getName(),
+ Arrays.asList(JCREncoder.toNormalFormat(groupNode
+ .getProperty(GROUP_USERS).getString()).split(","))});
+ // groupMap.put(groupNode.getName(),
+ // Arrays.asList(JCREncoder.toNormalFormat(groupNode.getProperty(GROUP_USERS).getString()).split(",")));
}
}
@@ -945,7 +1018,7 @@
try {
Session session = repositoryManager.getSession();
- Node groups = (Node) session.getItem("/" + USER_STORE + "/" + ALL_GROUPS);
+ Node groups = (Node)session.getItem("/" + USER_STORE + "/" + ALL_GROUPS);
if (groups.hasNode(groupName)) {
Node groupNode = groups.getNode(groupName);
@@ -962,10 +1035,8 @@
return false;
}
-
- //******************************************************************
- //for access list
-
+ // ******************************************************************
+ // for access list
// creating access list for the users
@@ -981,8 +1052,12 @@
if (userId.equals(GUEST) || userId.equals(SUPER_ADMIN)) {
newUser = false;
} else {
- for (Value mutuallyExclusiveList : ((Node) session.getItem("/" + USER_STORE + "/" + MUTUALLY_EXCLUSIVE_LIST)).getProperty(DEFAULT_LISTS).getValues()) {
- if ((!UNREGISTERED_USER_LIST.equals(mutuallyExclusiveList.getString())) && (isUserStoredInList(userId, mutuallyExclusiveList.getString()))) {
+ for (Value mutuallyExclusiveList : ((Node)session.getItem("/" + USER_STORE
+ + "/"
+ + MUTUALLY_EXCLUSIVE_LIST)).getProperty(DEFAULT_LISTS).getValues()) {
+ if ((!UNREGISTERED_USER_LIST.equals(mutuallyExclusiveList.getString())) && (isUserStoredInList(userId,
+ mutuallyExclusiveList
+ .getString()))) {
newUser = false;
break;
}
@@ -1014,12 +1089,12 @@
return new AccessList(userId, permissions);
}
- //get SecurityToken From UserId
+ // get SecurityToken From UserId
public synchronized String getSecurityTokenFromUserId(String userId) {
if (accessTokenMap.containsKey(userId)) {
Object[] accessListAndToken = accessTokenMap.get(userId);
- return (String) accessListAndToken[1];
+ return (String)accessListAndToken[1];
} else {
return null;
}
@@ -1032,12 +1107,12 @@
String userId = getUserIdFromSecurityToken(token);
if (accessTokenMap.containsKey(userId)) {
Object[] accessListAndToken = accessTokenMap.get(userId);
- if (((String) accessListAndToken[1]).equals(token)) {
+ if (((String)accessListAndToken[1]).equals(token)) {
if (accessListAndToken[0] != null) {
- return (AccessList) accessListAndToken[0];
+ return (AccessList)accessListAndToken[0];
} else {
AccessList accessList = updateAccessList(userId);
- putAccessListAndToken(accessList, (String) accessListAndToken[1]);
+ putAccessListAndToken(accessList, (String)accessListAndToken[1]);
return accessList;
}
}
@@ -1045,16 +1120,16 @@
return createAccessList(GUEST, "");
}
- //get AccessList From UserId
+ // get AccessList From UserId
public synchronized AccessList getAccessListFromUserId(String userId) {
if (accessTokenMap.containsKey(userId)) {
Object[] accessListAndToken = accessTokenMap.get(userId);
if (accessListAndToken[0] != null) {
- return (AccessList) accessListAndToken[0];
+ return (AccessList)accessListAndToken[0];
} else {
AccessList accessList = updateAccessList(userId);
- putAccessListAndToken(accessList, (String) accessListAndToken[1]);
+ putAccessListAndToken(accessList, (String)accessListAndToken[1]);
return accessList;
}
@@ -1066,8 +1141,11 @@
// get UserId From SecurityToken
public String getUserIdFromSecurityToken(String token) {
- String userId = token.substring(0, token.length() - 25); //don't use this anywhere else
- // getSecurityToken(userId);
+ String userId = token.substring(0, token.length() - 25); // don't use
+ // this
+ // anywhere
+ // else
+ // getSecurityToken(userId);
if (token.equals(getSecurityTokenFromUserId(userId))) {
return userId;
}
@@ -1078,7 +1156,7 @@
// save access list and token in the access token map
public synchronized void putAccessListAndToken(AccessList accessList, String token) {
- accessTokenMap.put(accessList.getUserId(), new Object[]{accessList, token});
+ accessTokenMap.put(accessList.getUserId(), new Object[] {accessList, token});
}
@@ -1091,18 +1169,18 @@
}
- // remove access list from the access token map
+ // remove access list from the access token map
private synchronized void removeAccessList(String userId) {
if (accessTokenMap.containsKey(userId)) {
- accessTokenMap.put(userId, new Object[]{null, getSecurityTokenFromUserId(userId)});
+ accessTokenMap.put(userId, new Object[] {null, getSecurityTokenFromUserId(userId)});
// putAccessListAndToken(null, );
}
}
- // remove all access list from the access token map
+ // remove all access list from the access token map
private synchronized void removeAllAccessList() {
for (String userId : accessTokenMap.keySet()) {
@@ -1111,7 +1189,7 @@
}
- //check is the user in the access token map
+ // check is the user in the access token map
public boolean isUserActive(String userId) {
return accessTokenMap.containsKey(userId);
diff --git a/photark-security/src/main/java/org/apache/photark/security/authorization/services/AccessManager.java b/photark-security/src/main/java/org/apache/photark/security/authorization/services/AccessManager.java
index 4264936..0377d48 100644
--- a/photark-security/src/main/java/org/apache/photark/security/authorization/services/AccessManager.java
+++ b/photark-security/src/main/java/org/apache/photark/security/authorization/services/AccessManager.java
@@ -6,33 +6,27 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
+ * under the License.
*/
package org.apache.photark.security.authorization.services;
import org.apache.photark.security.authorization.AccessList;
-import org.apache.photark.security.authorization.Permission;
-import org.apache.photark.security.authorization.Role;
import org.apache.photark.security.authorization.User;
import org.oasisopen.sca.annotation.Remotable;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/*
-* the interface for the local classes
-*
-* */
+/**
+ * the interface for the local classes
+ *
+ */
@Remotable
public interface AccessManager {
diff --git a/photark-security/src/main/java/org/apache/photark/security/authorization/services/JSONAccessManager.java b/photark-security/src/main/java/org/apache/photark/security/authorization/services/JSONAccessManager.java
index f8498ed..a126f51 100644
--- a/photark-security/src/main/java/org/apache/photark/security/authorization/services/JSONAccessManager.java
+++ b/photark-security/src/main/java/org/apache/photark/security/authorization/services/JSONAccessManager.java
@@ -6,35 +6,33 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
+ * under the License.
*/
package org.apache.photark.security.authorization.services;
-import org.apache.photark.security.authorization.AccessList;
+import java.util.List;
+
import org.apache.photark.security.authorization.Permission;
import org.apache.photark.security.authorization.Role;
import org.apache.photark.security.authorization.User;
import org.oasisopen.sca.annotation.Remotable;
-import java.util.List;
-
- /*
- * the Json RPC interface
- *
- * */
+/**
+ * the Json RPC interface
+ */
@Remotable
public interface JSONAccessManager {
- //role
+ // role
User[] getUsersFromList(String listName, String securityToken);
@@ -52,13 +50,11 @@
public Object[] getAlbumPermissionInfo(String albumName, String securityToken);
-
- //user
+ // user
User[] getAllUsers();
-
- //user Groups
+ // user Groups
public List getGroups(String securityToken);
@@ -66,5 +62,4 @@
public void deleteGroup(String groupName, String securityToken);
-
}
