| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.sling.jcr.jackrabbit.accessmanager.post; |
| |
| import java.util.ArrayList; |
| import java.util.List; |
| |
| import javax.jcr.RepositoryException; |
| import javax.jcr.Session; |
| import javax.jcr.security.AccessControlEntry; |
| import javax.jcr.security.AccessControlList; |
| import javax.jcr.security.AccessControlManager; |
| import javax.jcr.security.AccessControlPolicy; |
| import javax.json.JsonObject; |
| import javax.servlet.Servlet; |
| |
| import org.apache.sling.jcr.base.util.AccessControlUtil; |
| import org.apache.sling.jcr.jackrabbit.accessmanager.GetAcl; |
| import org.osgi.service.component.annotations.Component; |
| |
| /** |
| * <p> |
| * Sling GET servlet implementation for dumping the declared ACL of a resource to JSON. |
| * </p> |
| * <h2>Rest Service Description</h2> |
| * <p> |
| * Mapped to the default resourceType. Gets and Acl for a resource. Get of the form |
| * >resource<.acl.json Provided the user has access to the ACL, they get a chunk of |
| * JSON of the form. |
| * </p> |
| * <h4>Methods</h4> |
| * <ul> |
| * <li>GET</li> |
| * </ul> |
| * <h4>Response</h4> |
| * <dl> |
| * <dt>200</dt> |
| * <dd>Success.</dd> |
| * <dt>404</dt> |
| * <dd>The resource was not found.</dd> |
| * <dt>500</dt> |
| * <dd>Failure. HTML explains the failure.</dd> |
| * </dl> |
| * <h4>Example Response</h4> |
| * <code> |
| * <pre> |
| * { |
| * "principalNameA": |
| * { "granted" : [ |
| * "permission1", |
| * "permission2", |
| * "permission3", |
| * "permission4" ], |
| * "denied" : [ |
| * "permission5", |
| * "permission6", |
| * "permission7", |
| * "permission8"] |
| * }, |
| * "principalNameB": |
| * { "granted" : [ |
| * "permission1", |
| * "permission2", |
| * "permission3", |
| * "permission4" ], |
| * "denied" : [ |
| * "permission5", |
| * "permission6", |
| * "permission7", |
| * "permission8"] }, |
| * "principalNameC": |
| * { "granted" : [ |
| * "permission1", |
| * "permission2", |
| * "permission3", |
| * "permission4" ], |
| * "denied" : [ |
| * "permission5", |
| * "permission6", |
| * "permission7", |
| * "permission8"] } |
| * } |
| * </pre> |
| * </code> |
| */ |
| |
| @Component(service = {Servlet.class, GetAcl.class}, |
| property= { |
| "sling.servlet.resourceTypes=sling/servlet/default", |
| "sling.servlet.methods=GET", |
| "sling.servlet.selectors=acl", |
| "sling.servlet.selectors=tidy.acl", |
| "sling.servlet.extensions=json" |
| }) |
| public class GetAclServlet extends AbstractGetAclServlet implements GetAcl { |
| private static final long serialVersionUID = 3391376559396223185L; |
| |
| /* (non-Javadoc) |
| * @see org.apache.sling.jcr.jackrabbit.accessmanager.GetAcl#getAcl(javax.jcr.Session, java.lang.String) |
| */ |
| public JsonObject getAcl(Session jcrSession, String resourcePath) |
| throws RepositoryException { |
| return internalGetAcl(jcrSession, resourcePath); |
| } |
| |
| @Override |
| protected AccessControlEntry[] getAccessControlEntries(Session session, String absPath) throws RepositoryException { |
| AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session); |
| AccessControlPolicy[] policies = accessControlManager.getPolicies(absPath); |
| List<AccessControlEntry> allEntries = new ArrayList<AccessControlEntry>(); |
| for (AccessControlPolicy accessControlPolicy : policies) { |
| if (accessControlPolicy instanceof AccessControlList) { |
| AccessControlEntry[] accessControlEntries = ((AccessControlList)accessControlPolicy).getAccessControlEntries(); |
| for (AccessControlEntry accessControlEntry : accessControlEntries) { |
| allEntries.add(accessControlEntry); |
| } |
| } |
| } |
| return allEntries.toArray(new AccessControlEntry[allEntries.size()]); |
| } |
| |
| } |