Package org.apache.jackrabbit.oak.spi.security.user.action

Class AccessControlAction

  • All Implemented Interfaces:
    AuthorizableAction
    public class AccessControlAction
extends AbstractAuthorizableAction
    The AccessControlAction allows to setup permissions upon creation of a new authorizable; namely the privileges the new authorizable should be granted on it's own 'home directory' being represented by the new node associated with that new authorizable.

    The following to configuration parameters are available with this implementation:

    • groupPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new group on the group node
    • userPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new user on the user node.

    Example configuration: 

        groupPrivilegeNames : ["jcr:read"]
    userPrivilegeNames  : ["jcr:read,rep:write"]

    This configuration could for example lead to the following content structure upon user or group creation. Note however that the resulting structure depends on the actual access control management being in place:

         UserManager umgr = ((JackrabbitSession) session).getUserManager();
     User user = umgr.createUser("testUser", "t");

     + t                           rep:AuthorizableFolder
       + te                        rep:AuthorizableFolder
         + testUser                rep:User, mix:AccessControllable
           + rep:policy            rep:ACL
             + allow               rep:GrantACE
               - rep:principalName = "testUser"
               - rep:privileges    = ["jcr:read","rep:write"]
           - rep:password
           - rep:principalName     = "testUser"
 
         UserManager umgr = ((JackrabbitSession) session).getUserManager();
     Group group = umgr.createGroup("testGroup");

     + t                           rep:AuthorizableFolder
       + te                        rep:AuthorizableFolder
         + testGroup               rep:Group, mix:AccessControllable
           + rep:policy            rep:ACL
             + allow               rep:GrantACE
               - rep:principalName = "testGroup"
               - rep:privileges    = ["jcr:read"]
           - rep:principalName     = "testGroup"

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void init​(@NotNull SecurityProvider securityProvider, @NotNull ConfigurationParameters config)
      Doesn't perform any action.
      void onCreate​(@NotNull org.apache.jackrabbit.api.security.user.Group group, @NotNull org.apache.jackrabbit.oak.api.Root root, @NotNull org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)
      Doesn't perform any action.
      void onCreate​(@NotNull org.apache.jackrabbit.api.security.user.User user, @Nullable java.lang.String password, @NotNull org.apache.jackrabbit.oak.api.Root root, @NotNull org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)
      Doesn't perform any action.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • USER_PRIVILEGE_NAMES

        public static final java.lang.String USER_PRIVILEGE_NAMES
        See Also:
        Constant Field Values

      • GROUP_PRIVILEGE_NAMES

        public static final java.lang.String GROUP_PRIVILEGE_NAMES
        See Also:
        Constant Field Values

    • Constructor Detail

      • AccessControlAction

        public AccessControlAction()

    • Method Detail

      • onCreate

        public void onCreate​(@NotNull
                     @NotNull org.apache.jackrabbit.api.security.user.Group group,
                     @NotNull
                     @NotNull org.apache.jackrabbit.oak.api.Root root,
                     @NotNull
                     @NotNull org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)
              throws RepositoryException
        Description copied from class: AbstractAuthorizableAction
        Doesn't perform any action.
        Specified by:
        onCreate in interface AuthorizableAction
        Overrides:
        onCreate in class AbstractAuthorizableAction
        Parameters:
        group - The new group that has not yet been persisted; e.g. the associated tree is still 'NEW'.
        root - The root associated with the user manager.
        Throws:
        RepositoryException - If an error occurs.

      • onCreate

        public void onCreate​(@NotNull
                     @NotNull org.apache.jackrabbit.api.security.user.User user,
                     @Nullable
                     @Nullable java.lang.String password,
                     @NotNull
                     @NotNull org.apache.jackrabbit.oak.api.Root root,
                     @NotNull
                     @NotNull org.apache.jackrabbit.oak.namepath.NamePathMapper namePathMapper)
              throws RepositoryException
        Description copied from class: AbstractAuthorizableAction
        Doesn't perform any action.
        Specified by:
        onCreate in interface AuthorizableAction
        Overrides:
        onCreate in class AbstractAuthorizableAction
        Parameters:
        user - The new user that has not yet been persisted; e.g. the associated tree is still 'NEW'.
        password - The password that was specified upon user creation.
        root - The root associated with the user manager.
        Throws:
        RepositoryException - If an error occurs.