Interface JackrabbitAccessControlManager
-
- All Superinterfaces:
AccessControlManager
- All Known Implementing Classes:
AbstractAccessControlManager
@ProviderType public interface JackrabbitAccessControlManager extends AccessControlManager
JackrabbitAccessControlManager
provides extensions to theAccessControlManager
interface.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description @NotNull JackrabbitAccessControlPolicy[]
getApplicablePolicies(@NotNull java.security.Principal principal)
Returns the applicable policies for the specifiedprincipal
or an empty array if no additional policies can be applied.@NotNull AccessControlPolicy[]
getEffectivePolicies(@NotNull java.util.Set<java.security.Principal> principals)
Returns theAccessControlPolicy
objects that are in effect for the givenPrincipal
s.@NotNull JackrabbitAccessControlPolicy[]
getPolicies(@NotNull java.security.Principal principal)
Returns theAccessControlPolicy
objects that have been set for the givenprincipal
or an empty array if no policy has been set.@NotNull Privilege[]
getPrivileges(@Nullable java.lang.String absPath, @NotNull java.util.Set<java.security.Principal> principals)
Returns the privileges the given set ofPrincipal
s has for absolute pathabsPath
, which must be an existing node.boolean
hasPrivileges(@Nullable java.lang.String absPath, @NotNull java.util.Set<java.security.Principal> principals, @NotNull Privilege[] privileges)
Returns whether the given set ofPrincipal
s has the specified privileges for absolute pathabsPath
, which must be an existing node.-
Methods inherited from interface javax.jcr.security.AccessControlManager
getApplicablePolicies, getEffectivePolicies, getPolicies, getPrivileges, getSupportedPrivileges, hasPrivileges, privilegeFromName, removePolicy, setPolicy
-
-
-
-
Method Detail
-
getApplicablePolicies
@NotNull @NotNull JackrabbitAccessControlPolicy[] getApplicablePolicies(@NotNull @NotNull java.security.Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
Returns the applicable policies for the specifiedprincipal
or an empty array if no additional policies can be applied.- Parameters:
principal
- A principal known to the editing session.- Returns:
- array of policies for the specified
principal
. Note that the policy object returned must reveal the path of the node where they can be applied later on usingAccessControlManager.setPolicy(String, javax.jcr.security.AccessControlPolicy)
. - Throws:
AccessDeniedException
- if the session lacksMODIFY_ACCESS_CONTROL
privilege.AccessControlException
- if the specified principal does not exist or if another access control related exception occurs.UnsupportedRepositoryOperationException
- if editing access control policies by principal is not supported.RepositoryException
- if another error occurs.- See Also:
JackrabbitAccessControlPolicy.getPath()
-
getPolicies
@NotNull @NotNull JackrabbitAccessControlPolicy[] getPolicies(@NotNull @NotNull java.security.Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
Returns theAccessControlPolicy
objects that have been set for the givenprincipal
or an empty array if no policy has been set. This method reflects the binding state, including transient policy modifications.- Parameters:
principal
- A valid principal.- Returns:
- The policies defined for the given principal or an empty array.
- Throws:
AccessDeniedException
- if the session lacksREAD_ACCESS_CONTROL
privilege.AccessControlException
- if the specified principal does not exist or if another access control related exception occurs.UnsupportedRepositoryOperationException
- if editing access control policies by principal is not supported.RepositoryException
- If another error occurs.
-
getEffectivePolicies
@NotNull @NotNull AccessControlPolicy[] getEffectivePolicies(@NotNull @NotNull java.util.Set<java.security.Principal> principals) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
Returns theAccessControlPolicy
objects that are in effect for the givenPrincipal
s. This may be policies set through this API or some implementation specific (default) policies.- Parameters:
principals
- A set of valid principals.- Returns:
- The policies defined for the given principal or an empty array.
- Throws:
AccessDeniedException
- if the session lacksREAD_ACCESS_CONTROL
privilege.AccessControlException
- if the specified principal does not exist or if another access control related exception occurs.UnsupportedRepositoryOperationException
- if editing access control policies by principal is not supported.RepositoryException
- If another error occurs.
-
hasPrivileges
boolean hasPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals, @NotNull @NotNull Privilege[] privileges) throws PathNotFoundException, AccessDeniedException, RepositoryException
Returns whether the given set ofPrincipal
s has the specified privileges for absolute pathabsPath
, which must be an existing node.Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling
Privilege.getAggregatePrivileges()
for that privilege.The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of the privilege test methods.Since this method allows to view the privileges of principals other than included in the editing session, this method must throw
AccessDeniedException
if the session lacksREAD_ACCESS_CONTROL
privilege for theabsPath
node.- Parameters:
absPath
- an absolute path.principals
- a set ofPrincipal
s for which is the given privileges are tested.privileges
- an array ofPrivilege
s.- Returns:
true
if the session has the specified privileges;false
otherwise.- Throws:
PathNotFoundException
- if no node atabsPath
exists or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException
- if the session lacksREAD_ACCESS_CONTROL
privilege for theabsPath
node.RepositoryException
- if another error occurs.
-
getPrivileges
@NotNull @NotNull Privilege[] getPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals) throws PathNotFoundException, AccessDeniedException, RepositoryException
Returns the privileges the given set ofPrincipal
s has for absolute pathabsPath
, which must be an existing node.The returned privileges are those for which
hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[])
would returntrue
.The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of the privilege test methods.Since this method allows to view the privileges of principals other than included in the editing session, this method must throw
AccessDeniedException
if the session lacksREAD_ACCESS_CONTROL
privilege for theabsPath
node.Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.
- Parameters:
absPath
- an absolute path.principals
- a set ofPrincipal
s for which is the privileges are retrieved.- Returns:
- an array of
Privilege
s. - Throws:
PathNotFoundException
- if no node atabsPath
exists or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException
- if the session lacksREAD_ACCESS_CONTROL
privilege for theabsPath
node.RepositoryException
- if another error occurs.
-
-