Class AccessControlAction

  • All Implemented Interfaces:
    AuthorizableAction

    public class AccessControlAction
    extends AbstractAuthorizableAction
    The AccessControlAction allows to setup permissions upon creation of a new authorizable; namely the privileges the new authorizable should be granted on it's own 'home directory' being represented by the new node associated with that new authorizable.

    The following to configuration parameters are available with this implementation:

    • groupPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new group on the group node
    • userPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new user on the user node.

    Example configuration:

        <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
           <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">
              <param name="groupPrivilegeNames" value="jcr:read"/>
              <param name="userPrivilegeNames" value="jcr:read, rep:write"/>
           </AuthorizableAction>
        </UserManager>
     

    The example configuration will lead to the following content structure upon user or group creation::

         UserManager umgr = ((JackrabbitSession) session).getUserManager();
         User user = umgr.createUser("testUser", "t");
    
         + t                           rep:AuthorizableFolder
           + te                        rep:AuthorizableFolder
             + testUser                rep:User, mix:AccessControllable
               + rep:policy            rep:ACL
                 + allow               rep:GrantACE
                   - rep:principalName = "testUser"
                   - rep:privileges    = ["jcr:read","rep:write"]
               - rep:password
               - rep:principalName     = "testUser"
     
         UserManager umgr = ((JackrabbitSession) session).getUserManager();
         Group group = umgr.createGroup("testGroup");
    
         + t                           rep:AuthorizableFolder
           + te                        rep:AuthorizableFolder
             + testGroup               rep:Group, mix:AccessControllable
               + rep:policy            rep:ACL
                 + allow               rep:GrantACE
                   - rep:principalName = "testGroup"
                   - rep:privileges    = ["jcr:read"]
               - rep:principalName     = "testGroup"