Interface JackrabbitAccessControlManager
-
- All Superinterfaces:
AccessControlManager
- All Known Implementing Classes:
AbstractAccessControlManager
@ProviderType public interface JackrabbitAccessControlManager extends AccessControlManager
JackrabbitAccessControlManagerprovides extensions to theAccessControlManagerinterface.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description @NotNull JackrabbitAccessControlPolicy[]getApplicablePolicies(@NotNull java.security.Principal principal)Returns the applicable policies for the specifiedprincipalor an empty array if no additional policies can be applied.@NotNull AccessControlPolicy[]getEffectivePolicies(@NotNull java.util.Set<java.security.Principal> principals)Returns theAccessControlPolicyobjects that are in effect for the givenPrincipals.@NotNull JackrabbitAccessControlPolicy[]getPolicies(@NotNull java.security.Principal principal)Returns theAccessControlPolicyobjects that have been set for the givenprincipalor an empty array if no policy has been set.@NotNull Privilege[]getPrivileges(@Nullable java.lang.String absPath, @NotNull java.util.Set<java.security.Principal> principals)Returns the privileges the given set ofPrincipals has for absolute pathabsPath, which must be an existing node.booleanhasPrivileges(@Nullable java.lang.String absPath, @NotNull java.util.Set<java.security.Principal> principals, @NotNull Privilege[] privileges)Returns whether the given set ofPrincipals has the specified privileges for absolute pathabsPath, which must be an existing node.-
Methods inherited from interface javax.jcr.security.AccessControlManager
getApplicablePolicies, getEffectivePolicies, getPolicies, getPrivileges, getSupportedPrivileges, hasPrivileges, privilegeFromName, removePolicy, setPolicy
-
-
-
-
Method Detail
-
getApplicablePolicies
@NotNull @NotNull JackrabbitAccessControlPolicy[] getApplicablePolicies(@NotNull @NotNull java.security.Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
Returns the applicable policies for the specifiedprincipalor an empty array if no additional policies can be applied.- Parameters:
principal- A principal known to the editing session.- Returns:
- array of policies for the specified
principal. Note that the policy object returned must reveal the path of the node where they can be applied later on usingAccessControlManager.setPolicy(String, javax.jcr.security.AccessControlPolicy). - Throws:
AccessDeniedException- if the session lacksMODIFY_ACCESS_CONTROLprivilege.AccessControlException- if the specified principal does not exist or if another access control related exception occurs.UnsupportedRepositoryOperationException- if editing access control policies by principal is not supported.RepositoryException- if another error occurs.- See Also:
JackrabbitAccessControlPolicy.getPath()
-
getPolicies
@NotNull @NotNull JackrabbitAccessControlPolicy[] getPolicies(@NotNull @NotNull java.security.Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
Returns theAccessControlPolicyobjects that have been set for the givenprincipalor an empty array if no policy has been set. This method reflects the binding state, including transient policy modifications.- Parameters:
principal- A valid principal.- Returns:
- The policies defined for the given principal or an empty array.
- Throws:
AccessDeniedException- if the session lacksREAD_ACCESS_CONTROLprivilege.AccessControlException- if the specified principal does not exist or if another access control related exception occurs.UnsupportedRepositoryOperationException- if editing access control policies by principal is not supported.RepositoryException- If another error occurs.
-
getEffectivePolicies
@NotNull @NotNull AccessControlPolicy[] getEffectivePolicies(@NotNull @NotNull java.util.Set<java.security.Principal> principals) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
Returns theAccessControlPolicyobjects that are in effect for the givenPrincipals. This may be policies set through this API or some implementation specific (default) policies.- Parameters:
principals- A set of valid principals.- Returns:
- The policies defined for the given principal or an empty array.
- Throws:
AccessDeniedException- if the session lacksREAD_ACCESS_CONTROLprivilege.AccessControlException- if the specified principal does not exist or if another access control related exception occurs.UnsupportedRepositoryOperationException- if editing access control policies by principal is not supported.RepositoryException- If another error occurs.
-
hasPrivileges
boolean hasPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals, @NotNull @NotNull Privilege[] privileges) throws PathNotFoundException, AccessDeniedException, RepositoryExceptionReturns whether the given set ofPrincipals has the specified privileges for absolute pathabsPath, which must be an existing node.Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling
Privilege.getAggregatePrivileges()for that privilege.The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on
Session.save()and are only then reflected in the results of the privilege test methods.Since this method allows to view the privileges of principals other than included in the editing session, this method must throw
AccessDeniedExceptionif the session lacksREAD_ACCESS_CONTROLprivilege for theabsPathnode.- Parameters:
absPath- an absolute path.principals- a set ofPrincipals for which is the given privileges are tested.privileges- an array ofPrivileges.- Returns:
trueif the session has the specified privileges;falseotherwise.- Throws:
PathNotFoundException- if no node atabsPathexists or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException- if the session lacksREAD_ACCESS_CONTROLprivilege for theabsPathnode.RepositoryException- if another error occurs.
-
getPrivileges
@NotNull @NotNull Privilege[] getPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals) throws PathNotFoundException, AccessDeniedException, RepositoryException
Returns the privileges the given set ofPrincipals has for absolute pathabsPath, which must be an existing node.The returned privileges are those for which
hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[])would returntrue.The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on
Session.save()and are only then reflected in the results of the privilege test methods.Since this method allows to view the privileges of principals other than included in the editing session, this method must throw
AccessDeniedExceptionif the session lacksREAD_ACCESS_CONTROLprivilege for theabsPathnode.Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.
- Parameters:
absPath- an absolute path.principals- a set ofPrincipals for which is the privileges are retrieved.- Returns:
- an array of
Privileges. - Throws:
PathNotFoundException- if no node atabsPathexists or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException- if the session lacksREAD_ACCESS_CONTROLprivilege for theabsPathnode.RepositoryException- if another error occurs.
-
-