Package org.apache.jackrabbit.oak.spi.security.user.action

Class AccessControlAction

java.lang.Object

org.apache.jackrabbit.oak.spi.security.user.action.AbstractAuthorizableAction

org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction

All Implemented Interfaces:

AuthorizableAction

public class AccessControlAction
extends AbstractAuthorizableAction

The AccessControlAction allows to setup permissions upon creation of a new authorizable; namely the privileges the new authorizable should be granted on it's own 'home directory' being represented by the new node associated with that new authorizable.

The following to configuration parameters are available with this implementation:

• groupPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new group on the group node
• userPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new user on the user node.

Example configuration:

    groupPrivilegeNames : ["jcr:read"]
    userPrivilegeNames  : ["jcr:read,rep:write"]
 

This configuration could for example lead to the following content structure upon user or group creation. Note however that the resulting structure depends on the actual access control management being in place:

     UserManager umgr = ((JackrabbitSession) session).getUserManager();
     User user = umgr.createUser("testUser", "t");

     + t                           rep:AuthorizableFolder
       + te                        rep:AuthorizableFolder
         + testUser                rep:User, mix:AccessControllable
           + rep:policy            rep:ACL
             + allow               rep:GrantACE
               - rep:principalName = "testUser"
               - rep:privileges    = ["jcr:read","rep:write"]
           - rep:password
           - rep:principalName     = "testUser"
 

     UserManager umgr = ((JackrabbitSession) session).getUserManager();
     Group group = umgr.createGroup("testGroup");

     + t                           rep:AuthorizableFolder
       + te                        rep:AuthorizableFolder
         + testGroup               rep:Group, mix:AccessControllable
           + rep:policy            rep:ACL
             + allow               rep:GrantACE
               - rep:principalName = "testGroup"
               - rep:privileges    = ["jcr:read"]
           - rep:principalName     = "testGroup"
 

Field Summary

Fields

Modifier and Type	Field	Description
static final String	GROUP_PRIVILEGE_NAMES
static final String	USER_PRIVILEGE_NAMES

Constructor Summary

Constructors

Constructor	Description
AccessControlAction()

Method Summary

Modifier and Type	Method	Description
void	init(@NotNull SecurityProvider securityProvider, @NotNull ConfigurationParameters config)	Doesn't perform any action.
void	onCreate(@NotNull Group group, @NotNull Root root, @NotNull NamePathMapper namePathMapper)	Doesn't perform any action.
void	onCreate(@NotNull User user, @Nullable String password, @NotNull Root root, @NotNull NamePathMapper namePathMapper)	Doesn't perform any action.

Methods inherited from class org.apache.jackrabbit.oak.spi.security.user.action.AbstractAuthorizableAction

onPasswordChange, onRemove

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction

onCreate

Field Details

USER_PRIVILEGE_NAMES

public static final String USER_PRIVILEGE_NAMES

See Also:

• Constant Field Values

GROUP_PRIVILEGE_NAMES

public static final String GROUP_PRIVILEGE_NAMES

See Also:

• Constant Field Values

Constructor Details

AccessControlAction

public AccessControlAction()

Method Details

init

public void init(@NotNull
 @NotNull SecurityProvider securityProvider,
 @NotNull
 @NotNull ConfigurationParameters config)

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

init in interface AuthorizableAction

Overrides:

init in class AbstractAuthorizableAction

Parameters:

securityProvider - The security provider present with the repository

config - The configuration parameters for this action.

onCreate

public void onCreate(@NotNull
 @NotNull Group group,
 @NotNull
 @NotNull Root root,
 @NotNull
 @NotNull NamePathMapper namePathMapper)
              throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onCreate in interface AuthorizableAction

Overrides:

onCreate in class AbstractAuthorizableAction

Parameters:

group - The new group that has not yet been persisted; e.g. the associated tree is still 'NEW'.

root - The root associated with the user manager.

namePathMapper -

Throws:

RepositoryException - If an error occurs.

onCreate

public void onCreate(@NotNull
 @NotNull User user,
 @Nullable
 @Nullable String password,
 @NotNull
 @NotNull Root root,
 @NotNull
 @NotNull NamePathMapper namePathMapper)
              throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onCreate in interface AuthorizableAction

Overrides:

onCreate in class AbstractAuthorizableAction

Parameters:

user - The new user that has not yet been persisted; e.g. the associated tree is still 'NEW'.

password - The password that was specified upon user creation.

root - The root associated with the user manager.

namePathMapper -

Throws:

RepositoryException - If an error occurs.