org.apache.jackrabbit.core.security

Class SimpleJBossAccessManager

java.lang.Object

org.apache.jackrabbit.core.security.SimpleJBossAccessManager

All Implemented Interfaces:

AccessManager

public class SimpleJBossAccessManager
extends Object
implements AccessManager

The simple JBoss access manager is a specialized Access Manager to handle Authorization of individuals authenticated through JBoss login modules. It maps roles from the JBoss simplegroup class to Jackrabbit permissions.

Author:

dhartford

See Also:

http://wiki.apache.org/jackrabbit/SimpleJbossAccessManager

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	anonymous
protected boolean	system

Fields inherited from interface org.apache.jackrabbit.core.security.AccessManager

READ, REMOVE, WRITE

Constructor Summary

Constructors

Constructor and Description
SimpleJBossAccessManager()

Method Summary

Modifier and Type	Method and Description
boolean	canAccess(String workspaceName) Determines whether the subject of the current context is granted access to the given workspace.
boolean	canRead(Path itemPath, ItemId itemId) Determines whether the item with the specified itemPath or itemId can be read.
void	checkPermission(ItemId id, int permissions) Determines whether the specified permissions are granted on the item with the specified id (i.e.
void	checkPermission(Path absPath, int permissions) Determines whether the specified permissions are granted on the item with the specified id (i.e.
void	checkRepositoryPermission(int permissions) Determines whether the specified permissions are granted on the repository level.
void	close() Close this access manager.
void	init(AMContext context) Initialize this access manager.
void	init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessMgr) Initialize this access manager.
boolean	isGranted(ItemId id, int permissions) Determines whether the specified permissions are granted on the item with the specified id (i.e.
boolean	isGranted(Path absPath, int permissions) Determines whether the specified permissions are granted on the item with the specified absPath (i.e.
boolean	isGranted(Path parentPath, Name childName, int permissions) Determines whether the specified permissions are granted on an item represented by the combination of the given parentPath and childName (i.e.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

system

protected boolean system

anonymous

protected boolean anonymous

Constructor Detail

SimpleJBossAccessManager

public SimpleJBossAccessManager()

Method Detail

init

public void init(AMContext context)
          throws AccessDeniedException,
                 Exception

Description copied from interface: AccessManager

Initialize this access manager. An AccessDeniedException will be thrown if the subject of the given context is not granted access to the specified workspace.

Specified by:

init in interface AccessManager

Parameters:

context - access manager context

Throws:

AccessDeniedException - if the subject is not granted access to the specified workspace.

Exception - if another error occurs

init

public void init(AMContext context,
                 AccessControlProvider acProvider,
                 WorkspaceAccessManager wspAccessMgr)
          throws AccessDeniedException,
                 Exception

Description copied from interface: AccessManager

Initialize this access manager. An AccessDeniedException will be thrown if the subject of the given context is not granted access to the specified workspace.

Specified by:

init in interface AccessManager

Parameters:

context - access manager context.

acProvider - The access control provider.

wspAccessMgr - The workspace access manager.

Throws:

AccessDeniedException - if the subject is not granted access to the specified workspace.

Exception - if another error occurs

close

public void close()

Description copied from interface: AccessManager

Close this access manager. After having closed an access manager, further operations on this object are treated as illegal and throw

Specified by:

close in interface AccessManager

checkPermission

public void checkPermission(ItemId id,
                            int permissions)
                     throws AccessDeniedException,
                            RepositoryException

Description copied from interface: AccessManager

Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).

Specified by:

checkPermission in interface AccessManager

Parameters:

id - the id of the target item

permissions - A combination of one or more of the following constants encoded as a bitmask value:

• READ
• WRITE
• REMOVE

Throws:

AccessDeniedException - if permission is denied

ItemNotFoundException - if the target item does not exist

RepositoryException - it an error occurs

checkPermission

public void checkPermission(Path absPath,
                            int permissions)
                     throws AccessDeniedException,
                            RepositoryException

Description copied from interface: AccessManager

Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).

Specified by:

checkPermission in interface AccessManager

Parameters:

absPath - Path to an item.

permissions - A combination of one or more of the Permission constants encoded as a bitmask value.

Throws:

AccessDeniedException - if permission is denied

RepositoryException - it another error occurs

checkRepositoryPermission

public void checkRepositoryPermission(int permissions)
                               throws AccessDeniedException,
                                      RepositoryException

Description copied from interface: AccessManager

Determines whether the specified permissions are granted on the repository level.

Specified by:

checkRepositoryPermission in interface AccessManager

Parameters:

permissions - The permissions to check.

Throws:

AccessDeniedException - if permissions are denied.

RepositoryException - if another error occurs.

isGranted

public boolean isGranted(ItemId id,
                         int permissions)
                  throws RepositoryException

Description copied from interface: AccessManager

Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).

Specified by:

isGranted in interface AccessManager

Parameters:

id - the id of the target item

permissions - A combination of one or more of the following constants encoded as a bitmask value:

• READ
• WRITE
• REMOVE

Returns:

true if permission is granted; otherwise false

Throws:

ItemNotFoundException - if the target item does not exist

RepositoryException - if another error occurs

isGranted

public boolean isGranted(Path absPath,
                         int permissions)
                  throws RepositoryException

Description copied from interface: AccessManager

Determines whether the specified permissions are granted on the item with the specified absPath (i.e. the target item, that may or may not yet exist).

Specified by:

isGranted in interface AccessManager

Parameters:

absPath - the absolute path to test

permissions - A combination of one or more of the Permission constants encoded as a bitmask value.

Returns:

true if the specified permissions are granted; otherwise false.

Throws:

RepositoryException - if an error occurs.

isGranted

public boolean isGranted(Path parentPath,
                         Name childName,
                         int permissions)
                  throws RepositoryException

Description copied from interface: AccessManager

Determines whether the specified permissions are granted on an item represented by the combination of the given parentPath and childName (i.e. the target item, that may or may not yet exist).

Specified by:

isGranted in interface AccessManager

Parameters:

parentPath - Path to an existing parent node.

childName - Name of the child item that may or may not exist yet.

permissions - A combination of one or more of the Permission constants encoded as a bitmask value.

Returns:

true if the specified permissions are granted; otherwise false.

Throws:

RepositoryException - if an error occurs.

canRead

public boolean canRead(Path itemPath,
                       ItemId itemId)
                throws RepositoryException

Description copied from interface: AccessManager

Determines whether the item with the specified itemPath or itemId can be read. Either of the two parameters may be null.
Note, that this method should only be called for persisted items as NEW items may not be visible to the permission evaluation. For new items AccessManager.isGranted(Path, int) should be used instead.

If this method is called with both Path and ItemId it is left to the evaluation, which parameter is used.

Specified by:

canRead in interface AccessManager

Parameters:

itemPath - The path to the item or null if itemId should be used to determine the READ permission.

itemId - Id of the item to be tested or null if the itemPath should be used to determine the permission.

Returns:

true if the item can be read; otherwise false.

Throws:

RepositoryException - if the item is NEW and only an itemId is specified or if another error occurs.

canAccess

public boolean canAccess(String workspaceName)
                  throws RepositoryException

Description copied from interface: AccessManager

Determines whether the subject of the current context is granted access to the given workspace. Note that an implementation is free to test for the existence of a workspace with the specified name. In this case the expected return value is false, if no such workspace exists.

Specified by:

canAccess in interface AccessManager

Parameters:

workspaceName - name of workspace

Returns:

true if the subject of the current context is granted access to the given workspace; otherwise false.

Throws:

RepositoryException - if an error occurs.