@ProviderType public interface JackrabbitAccessControlManager extends AccessControlManager
JackrabbitAccessControlManager provides extensions to the
AccessControlManager interface.| Modifier and Type | Method and Description |
|---|---|
JackrabbitAccessControlPolicy[] |
getApplicablePolicies(Principal principal)
Returns the applicable policies for the specified
principal
or an empty array if no additional policies can be applied. |
AccessControlPolicy[] |
getEffectivePolicies(Set<Principal> principals)
Returns the
AccessControlPolicy objects that are in effect
for the given Principals. |
JackrabbitAccessControlPolicy[] |
getPolicies(Principal principal)
Returns the
AccessControlPolicy objects that have been set
for the given principal or an empty array if no policy has
been set. |
Privilege[] |
getPrivileges(String absPath,
Set<Principal> principals)
Returns the privileges the given set of
Principals has for
absolute path absPath, which must be an existing node. |
boolean |
hasPrivileges(String absPath,
Set<Principal> principals,
Privilege[] privileges)
Returns whether the given set of
Principals has the specified
privileges for absolute path absPath, which must be an
existing node. |
getApplicablePolicies, getEffectivePolicies, getPolicies, getPrivileges, getSupportedPrivileges, hasPrivileges, privilegeFromName, removePolicy, setPolicyJackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
principal
or an empty array if no additional policies can be applied.principal - A principal known to the editing session.principal. Note
that the policy object returned must reveal the path of the node where
they can be applied later on using AccessControlManager.setPolicy(String, javax.jcr.security.AccessControlPolicy).AccessDeniedException - if the session lacks
MODIFY_ACCESS_CONTROL privilege.AccessControlException - if the specified principal does not exist
or if another access control related exception occurs.UnsupportedRepositoryOperationException - if editing access control
policies by principal is not supported.RepositoryException - if another error occurs.JackrabbitAccessControlPolicy.getPath()JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
AccessControlPolicy objects that have been set
for the given principal or an empty array if no policy has
been set. This method reflects the binding state, including transient
policy modifications.principal - A valid principal.AccessDeniedException - if the session lacks
READ_ACCESS_CONTROL privilege.AccessControlException - if the specified principal does not exist
or if another access control related exception occurs.UnsupportedRepositoryOperationException - if editing access control
policies by principal is not supported.RepositoryException - If another error occurs.AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
AccessControlPolicy objects that are in effect
for the given Principals. This may be policies set through
this API or some implementation specific (default) policies.principals - A set of valid principals.AccessDeniedException - if the session lacks
READ_ACCESS_CONTROL privilege.AccessControlException - if the specified principal does not exist
or if another access control related exception occurs.UnsupportedRepositoryOperationException - if editing access control
policies by principal is not supported.RepositoryException - If another error occurs.boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges) throws PathNotFoundException, AccessDeniedException, RepositoryException
Principals has the specified
privileges for absolute path absPath, which must be an
existing node.
Testing an aggregate privilege is equivalent to testing each non
aggregate privilege among the set returned by calling
Privilege.getAggregatePrivileges() for that privilege.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save() and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException if the session lacks
READ_ACCESS_CONTROL privilege for the absPath
node.
absPath - an absolute path.principals - a set of Principals for which is the
given privileges are tested.privileges - an array of Privileges.true if the session has the specified privileges;
false otherwise.PathNotFoundException - if no node at absPath exists
or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException - if the session lacks
READ_ACCESS_CONTROL privilege for the absPath node.RepositoryException - if another error occurs.Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, AccessDeniedException, RepositoryException
Principals has for
absolute path absPath, which must be an existing node.
The returned privileges are those for which hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[]) would
return true.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save() and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException if the session lacks
READ_ACCESS_CONTROL privilege for the absPath
node.
Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.
absPath - an absolute path.principals - a set of Principals for which is the
privileges are retrieved.Privileges.PathNotFoundException - if no node at absPath exists
or the session does not have sufficient access to retrieve a node at that
location.AccessDeniedException - if the session lacks READ_ACCESS_CONTROL
privilege for the absPath node.RepositoryException - if another error occurs.Copyright © 2004–2020 The Apache Software Foundation. All rights reserved.