org.apache.jackrabbit.commons.jackrabbit.authorization

Class AccessControlUtils

java.lang.Object

org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils

public class AccessControlUtils
extends Object

This class provides common access control related utilities.

Constructor Summary

Constructors

Constructor and Description
AccessControlUtils()

Method Summary

Methods

Modifier and Type	Method and Description
static boolean	addAccessControlEntry(javax.jcr.Session session, String absPath, Principal principal, javax.jcr.security.Privilege[] privileges, boolean isAllow) A utility method to add a new access control entry.
static boolean	addAccessControlEntry(javax.jcr.Session session, String absPath, Principal principal, String[] privilegeNames, boolean isAllow) A utility method to add a new access control entry. Please note, that calling Session.save() is required in order to persist the changes.
static boolean	allow(javax.jcr.Node node, String principalName, String... privileges) Allow certain privileges on a given node for a given principal.
static boolean	clear(javax.jcr.Node node) Removes the access control list at a given node.
static boolean	clear(javax.jcr.Node node, String principalName) Removes all ACL entries for a principal on a given node.
static boolean	clear(javax.jcr.Session session, String absPath) Removes the access control list at the specified absolute path.
static boolean	clear(javax.jcr.Session session, String absPath, String principalName) Removes all ACL entries for a principal at a given absolute path.
static boolean	deny(javax.jcr.Node node, String principalName, String... privileges) Deny certain privileges on a node for a given principal.
static boolean	denyAllToEveryone(javax.jcr.Session session, String absPath) Utility to deny jcr:all privilege to the everyone group principal.
static JackrabbitAccessControlList	getAccessControlList(javax.jcr.security.AccessControlManager accessControlManager, String absPath) Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path. Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.
static JackrabbitAccessControlList	getAccessControlList(javax.jcr.Session session, String absPath) Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path. Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.
static Principal	getEveryonePrincipal(javax.jcr.Session session) Shortcut for calling PrincipalManager.getEveryone().
static Principal	getPrincipal(javax.jcr.Session session, String principalName) Retrieves the principal with the specified principalName.
static boolean	grantAllToEveryone(javax.jcr.Session session, String absPath) Utility to grant jcr:all privilege to the everyone group principal.
static String[]	namesFromPrivileges(javax.jcr.security.Privilege... privileges) Retrieves the names of the specified privileges.
static javax.jcr.security.Privilege[]	privilegesFromNames(javax.jcr.security.AccessControlManager accessControlManager, String... privilegeNames) Retrieves the Privileges from the specified privilege names.
static javax.jcr.security.Privilege[]	privilegesFromNames(javax.jcr.Session session, String... privilegeNames) Retrieves the Privileges from the specified privilege names.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AccessControlUtils

public AccessControlUtils()

Method Detail

privilegesFromNames

public static javax.jcr.security.Privilege[] privilegesFromNames(javax.jcr.Session session,
                                                 String... privilegeNames)
                                                          throws javax.jcr.RepositoryException

Retrieves the Privileges from the specified privilege names.

Parameters:

session - The editing session.

privilegeNames - The privilege names.

Returns:

An array of privileges.

Throws:

javax.jcr.RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.

privilegesFromNames

public static javax.jcr.security.Privilege[] privilegesFromNames(javax.jcr.security.AccessControlManager accessControlManager,
                                                 String... privilegeNames)
                                                          throws javax.jcr.RepositoryException

Retrieves the Privileges from the specified privilege names.

Parameters:

accessControlManager - The access control manager.

privilegeNames - The privilege names.

Returns:

An array of privileges.

Throws:

javax.jcr.RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.

namesFromPrivileges

public static String[] namesFromPrivileges(javax.jcr.security.Privilege... privileges)

Retrieves the names of the specified privileges.

Parameters:

privileges - One or more privileges.

Returns:

The names of the specified privileges.

getAccessControlList

public static JackrabbitAccessControlList getAccessControlList(javax.jcr.Session session,
                                               String absPath)
                                                        throws javax.jcr.RepositoryException

Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path.
Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.

Parameters:

session - The editing session.

absPath - The absolute path of the target node.

Returns:

A modifiable access control list or null if there is none.

Throws:

javax.jcr.RepositoryException - If an error occurs.

getAccessControlList

public static JackrabbitAccessControlList getAccessControlList(javax.jcr.security.AccessControlManager accessControlManager,
                                               String absPath)
                                                        throws javax.jcr.RepositoryException

Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path.
Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.

Parameters:

accessControlManager - The AccessControlManager .

absPath - The absolute path of the target node.

Returns:

A modifiable access control list or null if there is none.

Throws:

javax.jcr.RepositoryException - If an error occurs.

addAccessControlEntry

public static boolean addAccessControlEntry(javax.jcr.Session session,
                            String absPath,
                            Principal principal,
                            String[] privilegeNames,
                            boolean isAllow)
                                     throws javax.jcr.RepositoryException

A utility method to add a new access control entry.
Please note, that calling Session.save() is required in order to persist the changes.

Parameters:

session - The editing session.

absPath - The absolute path of the target node.

principal - The principal to grant/deny privileges to.

privilegeNames - The names of the privileges to grant or deny.

isAllow - true to grant; false otherwise.

Returns:

true if the node's ACL was modified and the session has pending changes.

Throws:

javax.jcr.RepositoryException - If an error occurs.

addAccessControlEntry

public static boolean addAccessControlEntry(javax.jcr.Session session,
                            String absPath,
                            Principal principal,
                            javax.jcr.security.Privilege[] privileges,
                            boolean isAllow)
                                     throws javax.jcr.RepositoryException

A utility method to add a new access control entry. Please note, that a call to Session.save() is required in order to persist the changes.

Parameters:

session - The editing session

absPath - The absolute path of the target node.

principal - The principal to grant/deny privileges to.

privileges - The privileges to grant or deny

isAllow - true to grant; false otherwise;

Returns:

true if the node's ACL was modified and the session has pending changes.

Throws:

javax.jcr.RepositoryException - If an error occurs.

grantAllToEveryone

public static boolean grantAllToEveryone(javax.jcr.Session session,
                         String absPath)
                                  throws javax.jcr.RepositoryException

Utility to grant jcr:all privilege to the everyone group principal. Please note, that Session.save() is required in order to persist the changes.

Parameters:

session - The editing session.

absPath - The absolute path of the target node

Returns:

true if the node's access control list was modified; false otherwise;

Throws:

javax.jcr.RepositoryException - If an error occurs.

denyAllToEveryone

public static boolean denyAllToEveryone(javax.jcr.Session session,
                        String absPath)
                                 throws javax.jcr.RepositoryException

Utility to deny jcr:all privilege to the everyone group principal. Please note, that Session.save() is required in order to persist the changes.

Parameters:

session - The editing session.

absPath - The absolute path of the target node

Returns:

true if the node's access control list was modified; false otherwise;

Throws:

javax.jcr.RepositoryException - If an error occurs.

allow

public static boolean allow(javax.jcr.Node node,
            String principalName,
            String... privileges)
                     throws javax.jcr.RepositoryException

Allow certain privileges on a given node for a given principal.

To activate the ACL change, session.save() must be called.

Parameters:

node - node to set the resource-based ACL entry on; underlying session is used to write the ACL

principalName - Name of the principal for which the ACL entry should apply

privileges - list of privileges to set by name (see Privilege)

Returns:

true if the node's ACL was modified and the session has pending changes.

Throws:

javax.jcr.RepositoryException - If an unexpected repository error occurs

deny

public static boolean deny(javax.jcr.Node node,
           String principalName,
           String... privileges)
                    throws javax.jcr.RepositoryException

Deny certain privileges on a node for a given principal.

To activate the ACL change, session.save() must be called.

Parameters:

node - node to set the resource-based ACL entry on; underlying session is used to write the ACL

principalName - Name of the principal for which the ACL entry should apply

privileges - list of privileges to set by name (see Privilege)

Returns:

true if the node's ACL was modified and the session has pending changes.

Throws:

javax.jcr.RepositoryException - If an unexpected repository error occurs

clear

public static boolean clear(javax.jcr.Session session,
            String absPath,
            String principalName)
                     throws javax.jcr.RepositoryException

Removes all ACL entries for a principal at a given absolute path. If the specified principalName is null the policy will be removed altogether.

Modifications only take effect upon Session.save().

Parameters:

session - The editing session.

absPath - Absolute path of an existing node from which to remove ACL entries (or the policy)

principalName - Name of the principal whose entries should be removed; use null to clear the policy.

Returns:

true if the policy has been modified; false otherwise.

Throws:

javax.jcr.RepositoryException - If an unexpected repository error occurs

clear

public static boolean clear(javax.jcr.Node node,
            String principalName)
                     throws javax.jcr.RepositoryException

Removes all ACL entries for a principal on a given node.

Modification to the policy only take effect upon Session.save() must be called.

Parameters:

node - node from which to remove ACL entries; underlying session is used to write the changes

principalName - Name of the principal whose entries should be removed; use null to clear the policy altogether.

Returns:

true if the node's ACL was modified, false otherwise.

Throws:

javax.jcr.RepositoryException - If an unexpected repository error occurs

clear

public static boolean clear(javax.jcr.Node node)
                     throws javax.jcr.RepositoryException

Removes the access control list at a given node.

To persist the modifications, Session.save() must be called.

Parameters:

node - node from which to remove the ACL; underlying session is used to write the changes

Returns:

true if the node's ACL was removed, false otherwise.

Throws:

javax.jcr.RepositoryException - If an unexpected repository error occurs

clear

public static boolean clear(javax.jcr.Session session,
            String absPath)
                     throws javax.jcr.RepositoryException

Removes the access control list at the specified absolute path.

To persist the modification, session.save() must be called.

Parameters:

session - The editing session.

absPath - An absolute path of a valid node accessible to the editing session from which to remove the ACL.

Returns:

true if the node's ACL got removed, false otherwise.

Throws:

javax.jcr.RepositoryException - If an unexpected repository error occurs

getPrincipal

public static Principal getPrincipal(javax.jcr.Session session,
                     String principalName)
                              throws javax.jcr.RepositoryException

Retrieves the principal with the specified principalName. Shortcut for calling PrincipalManager.getPrincipal(String).

Parameters:

session - The editing session which must be a JackrabbitSession.

principalName - The name of the principal.

Returns:

The principal with the specified name or null if no such principal exists.

Throws:

javax.jcr.RepositoryException - If an error occurs or if the session is not a JackrabbitSession.

getEveryonePrincipal

public static Principal getEveryonePrincipal(javax.jcr.Session session)
                                      throws javax.jcr.RepositoryException

Shortcut for calling PrincipalManager.getEveryone().

Parameters:

session - The editing session which must be a JackrabbitSession.

Returns:

The group principal presenting everyone.

Throws:

javax.jcr.RepositoryException - If an error occurs or if the session is not a JackrabbitSession.