1 package org.argeo.jackrabbit.security;
2
3 import java.security.Principal;
4 import java.util.ArrayList;
5 import java.util.List;
6
7 import javax.jcr.RepositoryException;
8 import javax.jcr.Session;
9 import javax.jcr.security.Privilege;
10
11 import org.apache.commons.logging.Log;
12 import org.apache.commons.logging.LogFactory;
13 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
14 import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
15 import org.argeo.jcr.JcrUtils;
16
17
18 public class JackrabbitSecurityUtils {
19 private final static Log log = LogFactory.getLog(JackrabbitSecurityUtils.class);
20
21
22
23
24
25 public synchronized static void denyPrivilege(Session session, String path, String principal, String privilege)
26 throws RepositoryException {
27 List<Privilege> privileges = new ArrayList<Privilege>();
28 privileges.add(session.getAccessControlManager().privilegeFromName(privilege));
29 denyPrivileges(session, path, () -> principal, privileges);
30 }
31
32
33
34
35
36
37 public synchronized static Boolean denyPrivileges(Session session, String path, Principal principal,
38 List<Privilege> privs) throws RepositoryException {
39
40 session.refresh(false);
41 JackrabbitAccessControlManager acm = (JackrabbitAccessControlManager) session.getAccessControlManager();
42 JackrabbitAccessControlList acl = (JackrabbitAccessControlList) JcrUtils.getAccessControlList(acm, path);
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61 Privilege[] privileges = privs.toArray(new Privilege[privs.size()]);
62 acl.addEntry(principal, privileges, false);
63 acm.setPolicy(path, acl);
64 if (log.isDebugEnabled()) {
65 StringBuffer privBuf = new StringBuffer();
66 for (Privilege priv : privs)
67 privBuf.append(priv.getName());
68 log.debug("Denied privileges " + privBuf + " to " + principal.getName() + " on " + path + " in '"
69 + session.getWorkspace().getName() + "'");
70 }
71 session.refresh(true);
72 session.save();
73 return true;
74 }
75
76
77 private JackrabbitSecurityUtils() {
78
79 }
80 }