Class AbstractAccessControlManager
- java.lang.Object
-
- org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager
-
- All Implemented Interfaces:
AccessControlManager
,JackrabbitAccessControlManager
,AccessControlConstants
public abstract class AbstractAccessControlManager extends java.lang.Object implements JackrabbitAccessControlManager, AccessControlConstants
Default implementation of theJackrabbitAccessControlManager
interface. This implementation covers both editing access control content by path and byPrincipal
resulting both in the same content structure.
-
-
Field Summary
-
Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants
AC_NODETYPE_NAMES, ACE_PROPERTY_NAMES, MIX_REP_ACCESS_CONTROLLABLE, MIX_REP_REPO_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_POLICY, NT_REP_RESTRICTIONS, PARAM_RESTRICTION_PROVIDER, POLICY_NODE_NAMES, REP_GLOB, REP_ITEM_NAMES, REP_NODE_PATH, REP_NT_NAMES, REP_POLICY, REP_PREFIXES, REP_PRINCIPAL_NAME, REP_PRIVILEGES, REP_REPO_POLICY, REP_RESTRICTIONS
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description @NotNull Privilege[]
getPrivileges(@Nullable java.lang.String absPath)
@NotNull Privilege[]
getPrivileges(@Nullable java.lang.String absPath, @NotNull java.util.Set<java.security.Principal> principals)
Returns the privileges the given set ofPrincipal
s has for absolute pathabsPath
, which must be an existing node.@NotNull Privilege[]
getSupportedPrivileges(@Nullable java.lang.String absPath)
boolean
hasPrivileges(@Nullable java.lang.String absPath, @NotNull java.util.Set<java.security.Principal> principals, @Nullable Privilege[] privileges)
Returns whether the given set ofPrincipal
s has the specified privileges for absolute pathabsPath
, which must be an existing node.boolean
hasPrivileges(@Nullable java.lang.String absPath, @Nullable Privilege[] privileges)
@NotNull Privilege
privilegeFromName(@NotNull java.lang.String privilegeName)
-
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface javax.jcr.security.AccessControlManager
getApplicablePolicies, getEffectivePolicies, getPolicies, removePolicy, setPolicy
-
Methods inherited from interface org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
getApplicablePolicies, getEffectivePolicies, getPolicies
-
-
-
-
Method Detail
-
getSupportedPrivileges
@NotNull public @NotNull Privilege[] getSupportedPrivileges(@Nullable @Nullable java.lang.String absPath) throws RepositoryException
- Specified by:
getSupportedPrivileges
in interfaceAccessControlManager
- Throws:
RepositoryException
-
privilegeFromName
@NotNull public @NotNull Privilege privilegeFromName(@NotNull @NotNull java.lang.String privilegeName) throws RepositoryException
- Specified by:
privilegeFromName
in interfaceAccessControlManager
- Throws:
RepositoryException
-
hasPrivileges
public boolean hasPrivileges(@Nullable @Nullable java.lang.String absPath, @Nullable @Nullable Privilege[] privileges) throws RepositoryException
- Specified by:
hasPrivileges
in interfaceAccessControlManager
- Throws:
RepositoryException
-
getPrivileges
@NotNull public @NotNull Privilege[] getPrivileges(@Nullable @Nullable java.lang.String absPath) throws RepositoryException
- Specified by:
getPrivileges
in interfaceAccessControlManager
- Throws:
RepositoryException
-
hasPrivileges
public boolean hasPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals, @Nullable @Nullable Privilege[] privileges) throws RepositoryException
Description copied from interface:JackrabbitAccessControlManager
Returns whether the given set ofPrincipal
s has the specified privileges for absolute pathabsPath
, which must be an existing node.Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling
Privilege.getAggregatePrivileges()
for that privilege.The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of the privilege test methods.Since this method allows to view the privileges of principals other than included in the editing session, this method must throw
AccessDeniedException
if the session lacksREAD_ACCESS_CONTROL
privilege for theabsPath
node.- Specified by:
hasPrivileges
in interfaceJackrabbitAccessControlManager
- Parameters:
absPath
- an absolute path.principals
- a set ofPrincipal
s for which is the given privileges are tested.privileges
- an array ofPrivilege
s.- Returns:
true
if the session has the specified privileges;false
otherwise.- Throws:
PathNotFoundException
- if no node atabsPath
exists or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException
- if the session lacksREAD_ACCESS_CONTROL
privilege for theabsPath
node.RepositoryException
- if another error occurs.
-
getPrivileges
@NotNull public @NotNull Privilege[] getPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals) throws RepositoryException
Description copied from interface:JackrabbitAccessControlManager
Returns the privileges the given set ofPrincipal
s has for absolute pathabsPath
, which must be an existing node.The returned privileges are those for which
JackrabbitAccessControlManager.hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[])
would returntrue
.The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of the privilege test methods.Since this method allows to view the privileges of principals other than included in the editing session, this method must throw
AccessDeniedException
if the session lacksREAD_ACCESS_CONTROL
privilege for theabsPath
node.Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.
- Specified by:
getPrivileges
in interfaceJackrabbitAccessControlManager
- Parameters:
absPath
- an absolute path.principals
- a set ofPrincipal
s for which is the privileges are retrieved.- Returns:
- an array of
Privilege
s. - Throws:
PathNotFoundException
- if no node atabsPath
exists or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException
- if the session lacksREAD_ACCESS_CONTROL
privilege for theabsPath
node.RepositoryException
- if another error occurs.
-
-