|
15 | 15 | import java.util.List; |
16 | 16 | import java.util.Set; |
17 | 17 | import java.util.TreeSet; |
| 18 | + |
| 19 | +import javax.jcr.AccessDeniedException; |
| 20 | +import javax.jcr.ItemNotFoundException; |
18 | 21 | import javax.jcr.Node; |
19 | 22 | import javax.jcr.NodeIterator; |
| 23 | +import javax.jcr.PathNotFoundException; |
20 | 24 | import javax.jcr.RepositoryException; |
21 | 25 | import javax.jcr.Session; |
| 26 | +import javax.jcr.UnsupportedRepositoryOperationException; |
22 | 27 | import javax.jcr.query.InvalidQueryException; |
23 | 28 | import javax.jcr.query.Query; |
24 | 29 | import javax.jcr.query.QueryResult; |
|
29 | 34 |
|
30 | 35 | public class QueryHelper { |
31 | 36 |
|
32 | | - /** |
33 | | - * Method that returns a set containing all rep:policy nodes from repository |
34 | | - * excluding those contained in paths which are excluded from search |
35 | | - * |
36 | | - * @param session |
37 | | - * @param excludePaths |
38 | | - * paths which are excluded from search |
39 | | - * @return all rep:policy nodes delivered by query |
40 | | - */ |
41 | | - public static Set<Node> getRepPolicyNodes(final Session session, |
42 | | - final List<String> excludePaths) { |
43 | | - NodeIterator nodeIt = null; |
44 | | - try { |
45 | | - nodeIt = session.getRootNode().getNodes(); |
46 | | - } catch (RepositoryException e) { |
47 | | - AcHelper.LOG.error("Exception: {}", e); |
48 | | - } |
49 | | - |
50 | | - Set<String> paths = new TreeSet<String>(); |
51 | | - while (nodeIt.hasNext()) { |
52 | | - String currentPath = null; |
53 | | - Node currentNode = nodeIt.nextNode(); |
54 | | - try { |
55 | | - currentPath = currentNode.getPath(); |
56 | | - } catch (RepositoryException e) { |
57 | | - AcHelper.LOG.error("Exception: {}", e); |
58 | | - } |
59 | | - |
60 | | - try { |
61 | | - if (!currentNode.hasProperty("rep:AuthorizableFolder")) { |
62 | | - if (!excludePaths.contains(currentPath)) { |
63 | | - paths.add(currentPath); |
64 | | - } |
65 | | - } |
66 | | - } catch (RepositoryException e) { |
67 | | - AcHelper.LOG.error("Exception: {}", e); |
68 | | - } |
69 | | - } |
70 | | - Set<Node> nodes = new LinkedHashSet<Node>(); |
71 | | - try { |
72 | | - // get the rep:policy node of "/", if existing |
73 | | - if (session.nodeExists("/rep:policy")) { |
74 | | - nodes.add(session.getNode("/rep:policy")); |
75 | | - } |
76 | | - // get the rep:policy node of "/home", if existing |
77 | | - if (session.nodeExists("/home/rep:policy")) { |
78 | | - nodes.add(session.getNode("/home/rep:policy")); |
79 | | - } |
80 | | - for (String path : paths) { |
81 | | - String query = "/jcr:root" + path |
82 | | - + "//*[(@jcr:primaryType = 'rep:ACL') ]"; |
83 | | - nodes.addAll(QueryHelper.getNodes(session, query)); |
84 | | - } |
85 | | - } catch (InvalidQueryException e) { |
86 | | - AcHelper.LOG.error("InvalidQueryException: {}", e); |
87 | | - } catch (RepositoryException e) { |
88 | | - AcHelper.LOG.error("RepositoryException: {}", e); |
89 | | - } |
90 | | - return nodes; |
91 | | - } |
92 | | - |
93 | | - public static Set<Node> getNodes(final Session session, |
94 | | - final String xpathQuery) throws InvalidQueryException, |
95 | | - RepositoryException { |
96 | | - Set<Node> nodes = new HashSet<Node>(); |
97 | | - |
98 | | - Query query = session.getWorkspace().getQueryManager() |
99 | | - .createQuery(xpathQuery, Query.XPATH); |
100 | | - QueryResult queryResult = query.execute(); |
101 | | - NodeIterator nit = queryResult.getNodes(); |
102 | | - List<String> paths = new ArrayList<String>(); |
103 | | - |
104 | | - while (nit.hasNext()) { |
105 | | - // get the next rep:policy node |
106 | | - Node node = nit.nextNode(); |
107 | | - // AcHelper.LOG.debug("adding node: {} to node set", node.getPath()); |
108 | | - paths.add(node.getPath()); |
109 | | - nodes.add(node); |
110 | | - } |
111 | | - return nodes; |
112 | | - } |
113 | | - |
114 | | - public static Set<String> getUsersFromHome(final Session session) |
115 | | - throws RepositoryException { |
116 | | - |
117 | | - Set<String> users = new TreeSet<String>(); |
118 | | - String queryStringUsers = "//*[(@jcr:primaryType = 'rep:User')]"; |
119 | | - Query queryUsers = session.getWorkspace().getQueryManager() |
120 | | - .createQuery(queryStringUsers, Query.XPATH); |
121 | | - QueryResult queryResultUsers = queryUsers.execute(); |
122 | | - NodeIterator nitUsers = queryResultUsers.getNodes(); |
123 | | - |
124 | | - while (nitUsers.hasNext()) { |
125 | | - Node node = nitUsers.nextNode(); |
126 | | - String tmp = node.getProperty("rep:principalName").getString(); |
127 | | - users.add(tmp); |
128 | | - } |
129 | | - return users; |
130 | | - } |
131 | | - |
132 | | - public static Set<String> getGroupsFromHome(final Session session) |
133 | | - throws InvalidQueryException, RepositoryException { |
134 | | - Set<String> groups = new TreeSet<String>(); |
135 | | - String queryStringGroups = "//*[(@jcr:primaryType = 'rep:Group')]"; |
136 | | - Query queryGroups = session.getWorkspace().getQueryManager() |
137 | | - .createQuery(queryStringGroups, Query.XPATH); |
138 | | - QueryResult queryResultGroups = queryGroups.execute(); |
139 | | - NodeIterator nitGroups = queryResultGroups.getNodes(); |
140 | | - |
141 | | - while (nitGroups.hasNext()) { |
142 | | - Node node = nitGroups.nextNode(); |
143 | | - String tmp = node.getProperty("rep:principalName").getString(); |
144 | | - groups.add(tmp); |
145 | | - } |
146 | | - return groups; |
147 | | - } |
148 | | - |
149 | | - public static Set<AclBean> getAuthorizablesAcls(final Session session, |
150 | | - final Set<String> authorizableIds) throws InvalidQueryException, |
151 | | - RepositoryException { |
152 | | - Set<Node> nodeSet = new LinkedHashSet<Node>(); |
153 | | - |
154 | | - StringBuilder query = new StringBuilder(); |
155 | | - query.append("/jcr:root//*[(@jcr:primaryType = 'rep:GrantACE' or @jcr:primaryType = 'rep:DenyACE' ) and ("); |
156 | | - |
157 | | - for (Iterator<String> iterator = authorizableIds.iterator(); iterator |
158 | | - .hasNext();) { |
159 | | - |
160 | | - query.append("@rep:principalName = '" + iterator.next() + "'"); |
161 | | - if (iterator.hasNext()) { |
162 | | - query.append(" or "); |
163 | | - } |
164 | | - } |
165 | | - query.append(")]"); |
166 | | - |
167 | | - nodeSet.addAll(getNodes(session, query.toString())); |
168 | | - |
169 | | - AccessControlManager aMgr = session.getAccessControlManager(); |
170 | | - AccessControlList acl; |
171 | | - Set<AclBean> aclSet = new LinkedHashSet<AclBean>(); |
172 | | - for (Node node : nodeSet) { |
173 | | - acl = (AccessControlList) aMgr.getPolicies(node.getParent() |
174 | | - .getParent().getPath())[0]; |
175 | | - AclBean aclBean = new AclBean(); |
176 | | - aclBean.setParentPath(node.getParent().getParent().getPath()); |
177 | | - aclBean.setAcl((JackrabbitAccessControlList) acl); |
178 | | - aclBean.setJcrPath(node.getParent().getPath()); |
179 | | - aclSet.add(aclBean); |
180 | | - } |
181 | | - return aclSet; |
182 | | - } |
183 | | - |
184 | | - public static Set<AclBean> getAuthorizablesAcls(final Session session, |
185 | | - final String authorizableId) throws InvalidQueryException, |
186 | | - RepositoryException { |
187 | | - Set<Node> nodeSet = new LinkedHashSet<Node>(); |
188 | | - String query = "/jcr:root//*[(@jcr:primaryType = 'rep:GrantACE' or @jcr:primaryType = 'rep:DenyACE' ) and (@rep:principalName = '" |
189 | | - + authorizableId + "')]"; |
190 | | - nodeSet.addAll(getNodes(session, query)); |
191 | | - |
192 | | - AccessControlManager aMgr = session.getAccessControlManager(); |
193 | | - AccessControlList acl; |
194 | | - Set<AclBean> aclSet = new LinkedHashSet<AclBean>(); |
195 | | - for (Node node : nodeSet) { |
196 | | - acl = (AccessControlList) aMgr.getPolicies(node.getParent() |
197 | | - .getParent().getPath())[0]; |
198 | | - AclBean aclBean = new AclBean(); |
199 | | - aclBean.setParentPath(node.getParent().getParent().getPath()); |
200 | | - aclBean.setAcl((JackrabbitAccessControlList) acl); |
201 | | - aclBean.setJcrPath(node.getParent().getPath()); |
202 | | - aclSet.add(aclBean); |
203 | | - } |
204 | | - return aclSet; |
205 | | - } |
| 37 | + /** |
| 38 | + * Method that returns a set containing all rep:policy nodes from repository |
| 39 | + * excluding those contained in paths which are excluded from search |
| 40 | + * |
| 41 | + * @param session |
| 42 | + * @param excludePaths |
| 43 | + * paths which are excluded from search |
| 44 | + * @return all rep:policy nodes delivered by query |
| 45 | + */ |
| 46 | + public static Set<Node> getRepPolicyNodes(final Session session, |
| 47 | + final List<String> excludePaths) { |
| 48 | + NodeIterator nodeIt = null; |
| 49 | + try { |
| 50 | + nodeIt = session.getRootNode().getNodes(); |
| 51 | + } catch (RepositoryException e) { |
| 52 | + AcHelper.LOG.error("Exception: {}", e); |
| 53 | + } |
| 54 | + |
| 55 | + Set<String> paths = new TreeSet<String>(); |
| 56 | + while (nodeIt.hasNext()) { |
| 57 | + String currentPath = null; |
| 58 | + Node currentNode = nodeIt.nextNode(); |
| 59 | + try { |
| 60 | + currentPath = currentNode.getPath(); |
| 61 | + } catch (RepositoryException e) { |
| 62 | + AcHelper.LOG.error("Exception: {}", e); |
| 63 | + } |
| 64 | + |
| 65 | + try { |
| 66 | + if (!currentNode.hasProperty("rep:AuthorizableFolder")) { |
| 67 | + if (!excludePaths.contains(currentPath)) { |
| 68 | + paths.add(currentPath); |
| 69 | + } |
| 70 | + } |
| 71 | + } catch (RepositoryException e) { |
| 72 | + AcHelper.LOG.error("Exception: {}", e); |
| 73 | + } |
| 74 | + } |
| 75 | + Set<Node> nodes = new LinkedHashSet<Node>(); |
| 76 | + try { |
| 77 | + // get the rep:policy node of "/", if existing |
| 78 | + if (session.nodeExists("/rep:policy")) { |
| 79 | + nodes.add(session.getNode("/rep:policy")); |
| 80 | + } |
| 81 | + // get the rep:policy node of "/home", if existing |
| 82 | + if (session.nodeExists("/home/rep:policy")) { |
| 83 | + nodes.add(session.getNode("/home/rep:policy")); |
| 84 | + } |
| 85 | + for (String path : paths) { |
| 86 | + String query = "/jcr:root" + path |
| 87 | + + "//*[(@jcr:primaryType = 'rep:ACL') ]"; |
| 88 | + nodes.addAll(QueryHelper.getNodes(session, query)); |
| 89 | + } |
| 90 | + } catch (InvalidQueryException e) { |
| 91 | + AcHelper.LOG.error("InvalidQueryException: {}", e); |
| 92 | + } catch (RepositoryException e) { |
| 93 | + AcHelper.LOG.error("RepositoryException: {}", e); |
| 94 | + } |
| 95 | + return nodes; |
| 96 | + } |
| 97 | + |
| 98 | + public static Set<Node> getNodes(final Session session, |
| 99 | + final String xpathQuery) throws InvalidQueryException, |
| 100 | + RepositoryException { |
| 101 | + Set<Node> nodes = new HashSet<Node>(); |
| 102 | + |
| 103 | + Query query = session.getWorkspace().getQueryManager() |
| 104 | + .createQuery(xpathQuery, Query.XPATH); |
| 105 | + QueryResult queryResult = query.execute(); |
| 106 | + NodeIterator nit = queryResult.getNodes(); |
| 107 | + List<String> paths = new ArrayList<String>(); |
| 108 | + |
| 109 | + while (nit.hasNext()) { |
| 110 | + // get the next rep:policy node |
| 111 | + Node node = nit.nextNode(); |
| 112 | + // AcHelper.LOG.debug("adding node: {} to node set", node.getPath()); |
| 113 | + paths.add(node.getPath()); |
| 114 | + nodes.add(node); |
| 115 | + } |
| 116 | + return nodes; |
| 117 | + } |
| 118 | + |
| 119 | + public static Set<String> getUsersFromHome(final Session session) |
| 120 | + throws RepositoryException { |
| 121 | + |
| 122 | + Set<String> users = new TreeSet<String>(); |
| 123 | + String queryStringUsers = "//*[(@jcr:primaryType = 'rep:User')]"; |
| 124 | + Query queryUsers = session.getWorkspace().getQueryManager() |
| 125 | + .createQuery(queryStringUsers, Query.XPATH); |
| 126 | + QueryResult queryResultUsers = queryUsers.execute(); |
| 127 | + NodeIterator nitUsers = queryResultUsers.getNodes(); |
| 128 | + |
| 129 | + while (nitUsers.hasNext()) { |
| 130 | + Node node = nitUsers.nextNode(); |
| 131 | + String tmp = node.getProperty("rep:principalName").getString(); |
| 132 | + users.add(tmp); |
| 133 | + } |
| 134 | + return users; |
| 135 | + } |
| 136 | + |
| 137 | + public static Set<String> getGroupsFromHome(final Session session) |
| 138 | + throws InvalidQueryException, RepositoryException { |
| 139 | + Set<String> groups = new TreeSet<String>(); |
| 140 | + String queryStringGroups = "//*[(@jcr:primaryType = 'rep:Group')]"; |
| 141 | + Query queryGroups = session.getWorkspace().getQueryManager() |
| 142 | + .createQuery(queryStringGroups, Query.XPATH); |
| 143 | + QueryResult queryResultGroups = queryGroups.execute(); |
| 144 | + NodeIterator nitGroups = queryResultGroups.getNodes(); |
| 145 | + |
| 146 | + while (nitGroups.hasNext()) { |
| 147 | + Node node = nitGroups.nextNode(); |
| 148 | + String tmp = node.getProperty("rep:principalName").getString(); |
| 149 | + groups.add(tmp); |
| 150 | + } |
| 151 | + return groups; |
| 152 | + } |
| 153 | + |
| 154 | + public static Set<AclBean> getAuthorizablesAcls(final Session session, |
| 155 | + final Set<String> authorizableIds) throws InvalidQueryException, |
| 156 | + RepositoryException { |
| 157 | + Set<Node> nodeSet = new LinkedHashSet<Node>(); |
| 158 | + |
| 159 | + Iterator<String> authorizablesIdIterator = authorizableIds.iterator(); |
| 160 | + |
| 161 | + while(authorizablesIdIterator.hasNext()){ |
| 162 | + StringBuilder queryStringBuilder = new StringBuilder(); |
| 163 | + queryStringBuilder.append("/jcr:root//*[(@jcr:primaryType = 'rep:GrantACE' or @jcr:primaryType = 'rep:DenyACE' ) and ("); |
| 164 | + |
| 165 | + queryStringBuilder.append(getAuthorizablesQueryStringBuilder(authorizablesIdIterator, 100)); |
| 166 | + queryStringBuilder.append(")]"); |
| 167 | + |
| 168 | + nodeSet.addAll(getNodes(session, queryStringBuilder.toString())); |
| 169 | + } |
| 170 | + |
| 171 | + return buildAclBeansFromNodeSet(session, nodeSet); |
| 172 | + } |
| 173 | + |
| 174 | + private static Set<AclBean> buildAclBeansFromNodeSet(final Session session, |
| 175 | + Set<Node> nodeSet) throws UnsupportedRepositoryOperationException, |
| 176 | + RepositoryException, PathNotFoundException, AccessDeniedException, |
| 177 | + ItemNotFoundException { |
| 178 | + AccessControlManager aMgr = session.getAccessControlManager(); |
| 179 | + AccessControlList acl; |
| 180 | + Set<AclBean> aclSet = new LinkedHashSet<AclBean>(); |
| 181 | + for (Node node : nodeSet) { |
| 182 | + acl = (AccessControlList) aMgr.getPolicies(node.getParent() |
| 183 | + .getParent().getPath())[0]; |
| 184 | + AclBean aclBean = new AclBean(); |
| 185 | + aclBean.setParentPath(node.getParent().getParent().getPath()); |
| 186 | + aclBean.setAcl((JackrabbitAccessControlList) acl); |
| 187 | + aclBean.setJcrPath(node.getParent().getPath()); |
| 188 | + aclSet.add(aclBean); |
| 189 | + } |
| 190 | + return aclSet; |
| 191 | + } |
| 192 | + |
| 193 | + private static StringBuilder getAuthorizablesQueryStringBuilder(final Iterator<String> authorizablesIdIterator, final int authorizbalesLimitPerQuery) { |
| 194 | + int authorizableCounter = 0; |
| 195 | + StringBuilder querySb = new StringBuilder(); |
| 196 | + |
| 197 | + if(!authorizablesIdIterator.hasNext()){ |
| 198 | + return querySb; |
| 199 | + } |
| 200 | + while (true) { |
| 201 | + querySb.append("@rep:principalName = '" + authorizablesIdIterator.next() + "'"); |
| 202 | + authorizableCounter++; |
| 203 | + if (authorizableCounter < authorizbalesLimitPerQuery && authorizablesIdIterator.hasNext()) { |
| 204 | + querySb.append(" or "); |
| 205 | + }else{ |
| 206 | + return querySb; |
| 207 | + } |
| 208 | + } |
| 209 | + } |
| 210 | + |
| 211 | + public static Set<AclBean> getAuthorizablesAcls(final Session session, |
| 212 | + final String authorizableId) throws InvalidQueryException, |
| 213 | + RepositoryException { |
| 214 | + Set<Node> nodeSet = new LinkedHashSet<Node>(); |
| 215 | + String query = "/jcr:root//*[(@jcr:primaryType = 'rep:GrantACE' or @jcr:primaryType = 'rep:DenyACE' ) and (@rep:principalName = '" |
| 216 | + + authorizableId + "')]"; |
| 217 | + nodeSet.addAll(getNodes(session, query)); |
| 218 | + |
| 219 | + Set<AclBean> aclSet = buildAclBeansFromNodeSet(session, nodeSet); |
| 220 | + return aclSet; |
| 221 | + } |
206 | 222 |
|
207 | 223 | } |
0 commit comments