Package org.apache.jackrabbit.api.security.authorization

Interface PrivilegeCollection

All Known Implementing Classes:
PrivilegeCollection.Default
@ProviderType public interface PrivilegeCollection

Wrapper around a set of Privileges that allows to test if a given list of privilege names in included. This avoids repeated calls to AccessControlManager.hasPrivileges(String, Privilege[]) or having to manually resolve the privilege aggregation when using AccessControlManager.getPrivileges(String).

While a default is available for backwards compatibility, it uses regular JCR API. Therefore it is recommended to provide custom implementations of JackrabbitAccessControlManager.getPrivilegeCollection(String) and JackrabbitAccessControlManager.getPrivilegeCollection(String, Set) with efficient implementations of the PrivilegeCollection.
Since:
Oak 1.42.0
See Also:

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Interface
    Description
    static class 
    PrivilegeCollection.Default
    Default implementation of the PrivilegeCollection interface.

  • Method Summary

    Modifier and Type
    Method
    Description
    Privilege[]
    getPrivileges()
    Return the underlying privilege array.
    boolean
    includes(@NotNull String... privilegeNames)
    Tests whether the given JCR privilegeNames are contained in the privileges for which this instance of PrivilegeEvaluation has been created such as e.g.

  • Method Details

    • getPrivileges

      Privilege[] getPrivileges() throws RepositoryException
      Return the underlying privilege array.
      Returns:
      the privilege array for which this instance has been created.
      Throws:
      RepositoryException - If an error occurs.

    • includes

      boolean includes(@NotNull @NotNull String... privilegeNames) throws RepositoryException
      Tests whether the given JCR privilegeNames are contained in the privileges for which this instance of PrivilegeEvaluation has been created such as e.g. through JackrabbitAccessControlManager.getPrivilegeCollection(String) or JackrabbitAccessControlManager.getPrivilegeCollection(String, Set). The inclusion can either be direct or through privilege aggregation.
      Parameters:
      privilegeNames - The JCR names of privileges to be tested. They can be passed in expanded form (like e.g. Privilege.JCR_READ) or in qualified form (i.e. 'jcr:read' if 'jcr' was the prefixed defined for the 'http://www.jcp.org/jcr/1.0' namespace.
      Returns:
      true if the underlying privileges include all specified privilege names either directly or by means of aggregation; false if one or multiple privileges are not included. If jcr:all privilege is part of this collection or if no privilege names are specified this method will return true. If no privileges are granted false is returned.
      Throws:
      AccessControlException - If any of the given privilege names is invalid i.e. no such privilege exists.
      RepositoryException - If another error occurs.
      Since:
      Oak 1.42.0