Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2012-06-10 06:18:48 +0000
committerEike Stepper2012-06-10 06:18:48 +0000
commit040a414725998ae83eb6d689ff066ac72ae3d24f (patch)
treeae09311dc2b26638d65fdb7bb565ff0e6c7300dc /plugins
parent7c04f6905700d5ee65f01b70ee07f0ac291d9451 (diff)
downloadcdo-040a414725998ae83eb6d689ff066ac72ae3d24f.tar.gz
cdo-040a414725998ae83eb6d689ff066ac72ae3d24f.tar.xz
cdo-040a414725998ae83eb6d689ff066ac72ae3d24f.zip
[380629] Design a default Security model
https://bugs.eclipse.org/bugs/show_bug.cgi?id=380629
Diffstat (limited to 'plugins')
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourceCheckImpl.java51
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/build.properties3
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/plugin.xml24
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java43
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/ResourceRoleProvider.java76
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java226
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java8
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java6
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java49
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/InternalSecurityManager.java44
10 files changed, 193 insertions, 337 deletions
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourceCheckImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourceCheckImpl.java
index 820caf6f25..1d5c5189ad 100644
--- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourceCheckImpl.java
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourceCheckImpl.java
@@ -5,10 +5,16 @@ package org.eclipse.emf.cdo.security.impl;
import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
+import org.eclipse.emf.cdo.common.revision.CDORevisionUtil;
import org.eclipse.emf.cdo.security.ResourceCheck;
import org.eclipse.emf.cdo.security.SecurityPackage;
import org.eclipse.emf.ecore.EClass;
+import org.eclipse.emf.ecore.EStructuralFeature;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
/**
* <!-- begin-user-doc -->
@@ -25,6 +31,8 @@ import org.eclipse.emf.ecore.EClass;
*/
public class ResourceCheckImpl extends CheckImpl implements ResourceCheck
{
+ private Pattern pattern;
+
/**
* <!-- begin-user-doc -->
* <!-- end-user-doc -->
@@ -66,9 +74,50 @@ public class ResourceCheckImpl extends CheckImpl implements ResourceCheck
eSet(SecurityPackage.Literals.RESOURCE_CHECK__PATTERN, newPattern);
}
+ @Override
+ public void eSet(EStructuralFeature eFeature, Object newValue)
+ {
+ super.eSet(eFeature, newValue);
+ if (eFeature == SecurityPackage.Literals.RESOURCE_CHECK__PATTERN)
+ {
+ String value = (String)newValue;
+ pattern = compilePattern(value);
+ }
+ }
+
+ private Pattern compilePattern(String value)
+ {
+ if (value == null)
+ {
+ return null;
+ }
+
+ try
+ {
+ return Pattern.compile(value);
+ }
+ catch (PatternSyntaxException ex)
+ {
+ return null;
+ }
+ }
+
public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext)
{
- return false;
+ if (pattern == null)
+ {
+ return false;
+ }
+
+ if (revisionProvider == null)
+ {
+ return false;
+ }
+
+ String path = CDORevisionUtil.getResourceNodePath(revision, revisionProvider);
+
+ Matcher matcher = pattern.matcher(path);
+ return matcher.matches();
}
} // ResourceCheckImpl
diff --git a/plugins/org.eclipse.emf.cdo.server.security/build.properties b/plugins/org.eclipse.emf.cdo.server.security/build.properties
index 42137849e6..1e496926db 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/build.properties
+++ b/plugins/org.eclipse.emf.cdo.server.security/build.properties
@@ -15,8 +15,7 @@ bin.includes = META-INF/,\
.,\
about.html,\
copyright.txt,\
- plugin.properties,\
- plugin.xml
+ plugin.properties
src.includes = about.html,\
copyright.txt
diff --git a/plugins/org.eclipse.emf.cdo.server.security/plugin.xml b/plugins/org.eclipse.emf.cdo.server.security/plugin.xml
deleted file mode 100644
index f853749a04..0000000000
--- a/plugins/org.eclipse.emf.cdo.server.security/plugin.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?eclipse version="3.4"?>
-<!--
- Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
- All rights reserved. This program and the accompanying materials
- are made available under the terms of the Eclipse Public License v1.0
- which accompanies this distribution, and is available at
- http://www.eclipse.org/legal/epl-v10.html
-
- Contributors:
- Eike Stepper - initial API and implementation
--->
-
-<plugin>
-
- <extension
- point="org.eclipse.net4j.util.factories">
- <factory
- productGroup="org.eclipse.emf.cdo.server.security.roleProviders"
- type="annotation"
- class="org.eclipse.emf.cdo.server.internal.security.AnnotationRoleProvider$Factory"/>
- </extension>
-
-</plugin>
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
index ffb7d8c04e..5170c0134e 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
@@ -22,11 +22,9 @@ import org.eclipse.emf.cdo.security.RealmUtil;
import org.eclipse.emf.cdo.security.Role;
import org.eclipse.emf.cdo.security.SecurityFactory;
import org.eclipse.emf.cdo.security.SecurityItem;
+import org.eclipse.emf.cdo.security.User;
import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
-import org.eclipse.emf.cdo.server.security.ISecurityManager;
-import org.eclipse.emf.cdo.server.spi.security.IRoleProvider;
-
-import org.eclipse.net4j.util.factory.ProductCreationException;
+import org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager;
import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.ecore.EClass;
@@ -44,7 +42,7 @@ import java.util.WeakHashMap;
/**
* @author Eike Stepper
*/
-public class AnnotationRoleProvider implements IRoleProvider
+public class AnnotationRoleProvider implements InternalSecurityManager.CommitHandler
{
public static final String SOURCE_URI = "http://www.eclipse.org/CDO/Security";
@@ -54,7 +52,7 @@ public class AnnotationRoleProvider implements IRoleProvider
public static final String DELIMITERS = " ,;|";
- private final Set<ISecurityManager> initialized = new HashSet<ISecurityManager>();
+ private final Set<InternalSecurityManager> initialized = new HashSet<InternalSecurityManager>();
private final Map<EClass, EClassRoles> cache = new WeakHashMap<EClass, EClassRoles>();
@@ -62,7 +60,7 @@ public class AnnotationRoleProvider implements IRoleProvider
{
}
- private void initialize(ISecurityManager securityManager)
+ private void initialize(InternalSecurityManager securityManager)
{
if (initialized.add(securityManager))
{
@@ -71,7 +69,7 @@ public class AnnotationRoleProvider implements IRoleProvider
}
}
- private void initialize(ISecurityManager securityManager, CDOPackageUnit[] packageUnits)
+ private void initialize(InternalSecurityManager securityManager, CDOPackageUnit[] packageUnits)
{
if (packageUnits != null && packageUnits.length != 0)
{
@@ -94,7 +92,7 @@ public class AnnotationRoleProvider implements IRoleProvider
}
}
- private void initialize(ISecurityManager securityManager, EClass eClass, String key)
+ private void initialize(InternalSecurityManager securityManager, EClass eClass, String key)
{
String annotation = EcoreUtil.getAnnotation(eClass, SOURCE_URI, key);
if (annotation == null || annotation.length() == 0)
@@ -122,13 +120,13 @@ public class AnnotationRoleProvider implements IRoleProvider
}
}
- public void handleCommit(ISecurityManager securityManager, CommitContext commitContext)
+ public void handleCommit(InternalSecurityManager securityManager, CommitContext commitContext, User user)
{
initialize(securityManager);
initialize(securityManager, commitContext.getNewPackageUnits());
}
- public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
+ private Set<Role> getRoles(InternalSecurityManager securityManager, CDOBranchPoint securityContext,
CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission)
{
initialize(securityManager);
@@ -137,7 +135,7 @@ public class AnnotationRoleProvider implements IRoleProvider
return getRoles(securityManager, eClass, permission);
}
- private Set<Role> getRoles(ISecurityManager securityManager, EClass eClass, CDOPermission permission)
+ private Set<Role> getRoles(InternalSecurityManager securityManager, EClass eClass, CDOPermission permission)
{
EClassRoles eClassRoles = cache.get(eClass);
if (eClassRoles == null)
@@ -173,7 +171,7 @@ public class AnnotationRoleProvider implements IRoleProvider
}
}
- private Set<Role> getRoles(ISecurityManager securityManager, EClass eClass, String key)
+ private Set<Role> getRoles(InternalSecurityManager securityManager, EClass eClass, String key)
{
String annotation = EcoreUtil.getAnnotation(eClass, SOURCE_URI, key);
if (annotation == null || annotation.length() == 0)
@@ -241,23 +239,4 @@ public class AnnotationRoleProvider implements IRoleProvider
this.writeRoles = writeRoles;
}
}
-
- /**
- * @author Eike Stepper
- */
- public static class Factory extends IRoleProvider.Factory
- {
- public static final String TYPE = "annotation";
-
- public Factory()
- {
- super(TYPE);
- }
-
- @Override
- public AnnotationRoleProvider create(String description) throws ProductCreationException
- {
- return new AnnotationRoleProvider();
- }
- }
}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/ResourceRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/ResourceRoleProvider.java
deleted file mode 100644
index d96c2c30de..0000000000
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/ResourceRoleProvider.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- * Eike Stepper - initial API and implementation
- */
-package org.eclipse.emf.cdo.server.internal.security;
-
-import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
-import org.eclipse.emf.cdo.common.revision.CDORevision;
-import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
-import org.eclipse.emf.cdo.common.revision.CDORevisionUtil;
-import org.eclipse.emf.cdo.common.security.CDOPermission;
-import org.eclipse.emf.cdo.security.Role;
-import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
-import org.eclipse.emf.cdo.server.security.ISecurityManager;
-import org.eclipse.emf.cdo.server.spi.security.IRoleProvider;
-
-import org.eclipse.net4j.util.factory.ProductCreationException;
-
-import java.util.Set;
-
-/**
- * @author Eike Stepper
- */
-public class ResourceRoleProvider implements IRoleProvider
-{
- public ResourceRoleProvider()
- {
- }
-
- public void handleCommit(ISecurityManager securityManager, CommitContext commitContext)
- {
- // Do nothing
- }
-
- public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
- CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission)
- {
- if (revisionProvider == null)
- {
- return null;
- }
-
- String path = CDORevisionUtil.getResourceNodePath(revision, revisionProvider);
- return getRoles(securityManager, path, permission);
- }
-
- private Set<Role> getRoles(ISecurityManager securityManager, String path, CDOPermission permission)
- {
- return null;
- }
-
- /**
- * @author Eike Stepper
- */
- public static class Factory extends IRoleProvider.Factory
- {
- public static final String TYPE = "resource";
-
- public Factory()
- {
- super(TYPE);
- }
-
- @Override
- public ResourceRoleProvider create(String description) throws ProductCreationException
- {
- return new ResourceRoleProvider();
- }
- }
-}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 89f3da39a7..11427c9135 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -22,7 +22,6 @@ import org.eclipse.emf.cdo.security.Check;
import org.eclipse.emf.cdo.security.Permission;
import org.eclipse.emf.cdo.security.Realm;
import org.eclipse.emf.cdo.security.RealmUtil;
-import org.eclipse.emf.cdo.security.Role;
import org.eclipse.emf.cdo.security.SecurityFactory;
import org.eclipse.emf.cdo.security.SecurityItem;
import org.eclipse.emf.cdo.security.User;
@@ -31,8 +30,8 @@ import org.eclipse.emf.cdo.server.IPermissionManager;
import org.eclipse.emf.cdo.server.IRepository;
import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
import org.eclipse.emf.cdo.server.ITransaction;
-import org.eclipse.emf.cdo.server.security.ISecurityManager;
-import org.eclipse.emf.cdo.server.spi.security.IRoleProvider;
+import org.eclipse.emf.cdo.server.internal.security.bundle.OM;
+import org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager;
import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevision;
import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevisionManager;
import org.eclipse.emf.cdo.spi.common.revision.ManagedRevisionProvider;
@@ -45,10 +44,7 @@ import org.eclipse.net4j.Net4jUtil;
import org.eclipse.net4j.acceptor.IAcceptor;
import org.eclipse.net4j.connector.IConnector;
import org.eclipse.net4j.util.WrappedException;
-import org.eclipse.net4j.util.container.ContainerEventAdapter;
-import org.eclipse.net4j.util.container.IContainerEvent;
import org.eclipse.net4j.util.container.IManagedContainer;
-import org.eclipse.net4j.util.event.IListener;
import org.eclipse.net4j.util.lifecycle.ILifecycle;
import org.eclipse.net4j.util.lifecycle.LifecycleEventAdapter;
import org.eclipse.net4j.util.om.monitor.OMMonitor;
@@ -58,13 +54,15 @@ import org.eclipse.net4j.util.security.SecurityUtil;
import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.ecore.util.EcoreUtil;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
/**
* @author Eike Stepper
*/
-public class SecurityManager implements ISecurityManager
+public class SecurityManager implements InternalSecurityManager
{
private final Map<String, User> users = new HashMap<String, User>();
@@ -80,20 +78,6 @@ public class SecurityManager implements ISecurityManager
private final IManagedContainer container;
- private final IListener containerListener = new ContainerEventAdapter<Object>()
- {
- @Override
- protected void notifyContainerEvent(IContainerEvent<Object> event)
- {
- synchronized (containerListener)
- {
- roleProviders = null;
- }
- }
- };
-
- private IRoleProvider[] roleProviders;
-
private IAcceptor acceptor;
private IConnector connector;
@@ -102,6 +86,8 @@ public class SecurityManager implements ISecurityManager
private Realm realm;
+ private List<CommitHandler> commitHandlers = new ArrayList<CommitHandler>();
+
public SecurityManager(IRepository repository, String realmPath, IManagedContainer container)
{
this.repository = (InternalRepository)repository;
@@ -159,6 +145,11 @@ public class SecurityManager implements ISecurityManager
acceptor = null;
}
+ public final IManagedContainer getContainer()
+ {
+ return container;
+ }
+
public final IRepository getRepository()
{
return repository;
@@ -169,11 +160,6 @@ public class SecurityManager implements ISecurityManager
return realmPath;
}
- public final IManagedContainer getContainer()
- {
- return container;
- }
-
public Realm getRealm()
{
return realm;
@@ -217,122 +203,94 @@ public class SecurityManager implements ISecurityManager
}
}
+ public CommitHandler[] getCommitHandlers()
+ {
+ synchronized (commitHandlers)
+ {
+ return commitHandlers.toArray(new CommitHandler[commitHandlers.size()]);
+ }
+ }
+
+ public void addCommitHandler(CommitHandler handler)
+ {
+ synchronized (commitHandlers)
+ {
+ if (!commitHandlers.contains(handler))
+ {
+ commitHandlers.add(handler);
+ }
+ }
+ }
+
+ public void removeCommitHandler(CommitHandler handler)
+ {
+ synchronized (commitHandlers)
+ {
+ commitHandlers.remove(handler);
+ }
+ }
+
+ protected void handleCommit(CommitContext commitContext, User user)
+ {
+ for (CommitHandler handler : getCommitHandlers())
+ {
+ try
+ {
+ handler.handleCommit(this, commitContext, user);
+ }
+ catch (Exception ex)
+ {
+ OM.LOG.error(ex);
+ }
+ }
+ }
+
+ protected CDOPermission getPermission(Permission permission)
+ {
+ switch (permission)
+ {
+ case READ:
+ return CDOPermission.READ;
+
+ case WRITE:
+ return CDOPermission.WRITE;
+
+ default:
+ return CDOPermission.NONE;
+ }
+ }
+
protected CDOPermission getPermission(CDORevision revision, CDORevisionProvider revisionProvider,
CDOBranchPoint securityContext, User user)
{
- CDOPermission result = CDOPermission.WRITE;
+ CDOPermission result = getPermission(user.getDefaultPermission());
+ if (result == CDOPermission.WRITE)
+ {
+ return result;
+ }
- for (Role role : user.getRoles())
+ for (Check check : user.getAllChecks())
{
- for (Check check : role.getChecks())
+ CDOPermission permission = getPermission(check.getPermission());
+ if (permission.ordinal() <= result.ordinal())
{
+ // Avoid expensive calls to Check.isApplicable() if the permission wouldn't increase
+ continue;
+ }
+
+ if (check.isApplicable(revision, revisionProvider, securityContext))
+ {
+ result = permission;
if (result == CDOPermission.WRITE)
{
- if (check.isApplicable(revision, revisionProvider, securityContext))
- {
- if (check.getPermission() == Permission.READ)
- {
- result = CDOPermission.READ;
- }
- }
- }
- else
- {
- // --> result == CDOPermission.READ
- if (check.isApplicable(revision, revisionProvider, securityContext))
- {
- if (check.getPermission() == Permission.READ)
- {
- result = CDOPermission.READ;
- }
- }
+ return result;
}
}
}
- // EList<Role> userRoles = null;
- //
- // Set<Role> readRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.READ);
- // if (readRoles == null || !readRoles.isEmpty())
- // {
- // userRoles = user.getAllRoles();
- //
- // for (Role readRole : readRoles)
- // {
- // if (!userRoles.contains(readRole))
- // {
- // return CDOPermission.NONE;
- // }
- // }
- // }
- //
- // Set<Role> writeRoles = getNeededRoles(revision, revisionProvider, securityContext, CDOPermission.WRITE);
- // if (writeRoles == null || !writeRoles.isEmpty())
- // {
- // if (userRoles == null)
- // {
- // userRoles = user.getAllRoles();
- // }
- //
- // for (Role writeRole : writeRoles)
- // {
- // if (!userRoles.contains(writeRole))
- // {
- // return CDOPermission.READ;
- // }
- // }
- // }
- //
return result;
}
- // protected Set<Role> getNeededRoles(CDORevision revision, CDORevisionProvider revisionProvider,
- // CDOBranchPoint securityContext, CDOPermission permission)
- // {
- // Set<Role> result = null;
- // for (IRoleProvider roleProvider : getRoleProviders())
- // {
- // try
- // {
- // Set<Role> roles = roleProvider.getRoles(this, securityContext, revisionProvider, revision, permission);
- // if (roles != null && !roles.isEmpty())
- // {
- // if (result == null)
- // {
- // result = new HashSet<Role>();
- // }
- //
- // result.addAll(roles);
- // }
- // }
- // catch (Exception ex)
- // {
- // OM.LOG.error(ex);
- // }
- // }
- //
- // return result;
- // }
- //
- // protected IRoleProvider[] getRoleProviders()
- // {
- // synchronized (containerListener)
- // {
- // if (roleProviders == null)
- // {
- // List<IRoleProvider> result = new ArrayList<IRoleProvider>();
- // for (String factoryType : container.getFactoryTypes(IRoleProvider.Factory.PRODUCT_GROUP))
- // {
- // result.add((IRoleProvider)container.getElement(IRoleProvider.Factory.PRODUCT_GROUP, factoryType, null));
- // }
- //
- // roleProviders = result.toArray(new IRoleProvider[result.size()]);
- // }
- // }
- //
- // return roleProviders;
- // }
-
/**
* @author Eike Stepper
*/
@@ -419,22 +377,12 @@ public class SecurityManager implements ISecurityManager
public void handleTransactionBeforeCommitting(ITransaction transaction, CommitContext commitContext,
OMMonitor monitor) throws RuntimeException
{
- // for (IRoleProvider roleProvider : getRoleProviders())
- // {
- // try
- // {
- // roleProvider.handleCommit(SecurityManager.this, commitContext);
- // }
- // catch (Exception ex)
- // {
- // OM.LOG.error(ex);
- // }
- // }
-
CDOBranchPoint securityContext = commitContext.getBranchPoint();
String userID = commitContext.getUserID();
User user = getUser(userID);
+ handleCommit(commitContext, user);
+
checkRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getNewObjects());
checkRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects());
}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java
index 878e11c0b4..250c8b0e69 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java
@@ -14,8 +14,6 @@ import org.eclipse.emf.cdo.security.Realm;
import org.eclipse.emf.cdo.security.User;
import org.eclipse.emf.cdo.server.IRepository;
-import org.eclipse.net4j.util.container.IManagedContainer;
-
/**
* Protects a given {@link IRepository repository}.
*
@@ -24,12 +22,6 @@ import org.eclipse.net4j.util.container.IManagedContainer;
*/
public interface ISecurityManager
{
- public IManagedContainer getContainer();
-
- public IRepository getRepository();
-
- public String getRealmPath();
-
public Realm getRealm();
public User getUser(String userID);
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java
index 978e662b41..595c3b0511 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java
@@ -11,7 +11,6 @@
package org.eclipse.emf.cdo.server.security;
import org.eclipse.emf.cdo.server.IRepository;
-import org.eclipse.emf.cdo.server.internal.security.AnnotationRoleProvider;
import org.eclipse.net4j.util.container.IManagedContainer;
import org.eclipse.net4j.util.container.IPluginContainer;
@@ -37,9 +36,4 @@ public final class SecurityManagerUtil
{
return new org.eclipse.emf.cdo.server.internal.security.SecurityManager(repository, realmPath, container);
}
-
- public static void prepareContainer(IManagedContainer container)
- {
- container.registerFactory(new AnnotationRoleProvider.Factory());
- }
}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
deleted file mode 100644
index 269cb56382..0000000000
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- * Eike Stepper - initial API and implementation
- */
-package org.eclipse.emf.cdo.server.spi.security;
-
-import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
-import org.eclipse.emf.cdo.common.revision.CDORevision;
-import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
-import org.eclipse.emf.cdo.common.security.CDOPermission;
-import org.eclipse.emf.cdo.security.Role;
-import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
-import org.eclipse.emf.cdo.server.security.ISecurityManager;
-
-import org.eclipse.net4j.util.factory.ProductCreationException;
-
-import java.util.Set;
-
-/**
- * @author Eike Stepper
- */
-public interface IRoleProvider
-{
- public void handleCommit(ISecurityManager securityManager, CommitContext commitContext);
-
- public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
- CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission);
-
- /**
- * @author Eike Stepper
- */
- public static abstract class Factory extends org.eclipse.net4j.util.factory.Factory
- {
- public static final String PRODUCT_GROUP = "org.eclipse.emf.cdo.server.security.roleProviders";
-
- public Factory(String type)
- {
- super(PRODUCT_GROUP, type);
- }
-
- public abstract IRoleProvider create(String description) throws ProductCreationException;
- }
-}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/InternalSecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/InternalSecurityManager.java
new file mode 100644
index 0000000000..40dec8a5e5
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/InternalSecurityManager.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.cdo.server.spi.security;
+
+import org.eclipse.emf.cdo.security.User;
+import org.eclipse.emf.cdo.server.IRepository;
+import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
+import org.eclipse.emf.cdo.server.security.ISecurityManager;
+
+import org.eclipse.net4j.util.container.IManagedContainer;
+
+/**
+ * @author Eike Stepper
+ */
+public interface InternalSecurityManager extends ISecurityManager
+{
+ public IManagedContainer getContainer();
+
+ public IRepository getRepository();
+
+ public String getRealmPath();
+
+ public CommitHandler[] getCommitHandlers();
+
+ public void addCommitHandler(CommitHandler handler);
+
+ public void removeCommitHandler(CommitHandler handler);
+
+ /**
+ * @author Eike Stepper
+ */
+ public interface CommitHandler
+ {
+ public void handleCommit(InternalSecurityManager securityManager, CommitContext commitContext, User user);
+ }
+}

Back to the top