org.apache.jackrabbit.oak.security.authorization.restriction

Class PrincipalRestrictionProvider

java.lang.Object

org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider

All Implemented Interfaces:

AccessControlConstants, RestrictionProvider

public class PrincipalRestrictionProvider
extends Object
implements RestrictionProvider, AccessControlConstants

Restriction provider implementation used for editing access control by principal. It wraps the configured base provider and adds a mandatory restriction definition with name AccessControlConstants.REP_NODE_PATH and type PATH which stores the path of the access controlled node to which a given access control entry will be applied.

Field Summary

Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider

EMPTY

Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants

AC_NODETYPE_NAMES, ACE_PROPERTY_NAMES, MIX_REP_ACCESS_CONTROLLABLE, MIX_REP_REPO_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_POLICY, NT_REP_RESTRICTIONS, PARAM_RESTRICTION_PROVIDER, POLICY_NODE_NAMES, REP_GLOB, REP_ITEM_NAMES, REP_NODE_PATH, REP_NT_NAMES, REP_POLICY, REP_PREFIXES, REP_PRINCIPAL_NAME, REP_PRIVILEGES, REP_REPO_POLICY, REP_RESTRICTIONS

Constructor Summary

Constructors

Constructor and Description
PrincipalRestrictionProvider(RestrictionProvider base)

Method Summary

Modifier and Type	Method and Description
@NotNull Restriction	createRestriction(@Nullable String oakPath, @NotNull String oakName, Value... values) Creates a new multi valued restriction for the specified parameters.
@NotNull Restriction	createRestriction(@Nullable String oakPath, @NotNull String oakName, @NotNull Value value) Creates a new single valued restriction for the specified parameters.
@NotNull RestrictionPattern	getPattern(@Nullable String oakPath, @NotNull Set<Restriction> restrictions) Creates the RestrictionPattern for the specified restrictions.
@NotNull RestrictionPattern	getPattern(@Nullable String oakPath, @NotNull Tree tree) Creates the RestrictionPattern for the restriction information stored with specified tree.
@NotNull Set<RestrictionDefinition>	getSupportedRestrictions(@Nullable String oakPath) Returns the restriction definitions supported by this provider implementation at the specified path.
@NotNull Set<Restriction>	readRestrictions(@Nullable String oakPath, @NotNull Tree aceTree) Read the valid restrictions stored in the specified ACE tree.
void	validateRestrictions(String oakPath, @NotNull Tree aceTree) Validate the restrictions present with the specified ACE tree.
void	writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) Writes the given restrictions to the specified ACE tree.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PrincipalRestrictionProvider

public PrincipalRestrictionProvider(RestrictionProvider base)

Method Detail

getSupportedRestrictions

@NotNull
public @NotNull Set<RestrictionDefinition> getSupportedRestrictions(@Nullable
                                                                             @Nullable String oakPath)

Description copied from interface: RestrictionProvider

Returns the restriction definitions supported by this provider implementation at the specified path.

Specified by:

getSupportedRestrictions in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree. A null path indicates that the supported restrictions for repository level policies should be returned.

Returns:

The set of supported restrictions at the given path.

createRestriction

@NotNull
public @NotNull Restriction createRestriction(@Nullable
                                                       @Nullable String oakPath,
                                                       @NotNull
                                                       @NotNull String oakName,
                                                       @NotNull
                                                       @NotNull Value value)
                                                throws RepositoryException

Description copied from interface: RestrictionProvider

Creates a new single valued restriction for the specified parameters.

Specified by:

createRestriction in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

oakName - The name of the restriction.

value - The value of the restriction.

Returns:

A new restriction instance.

Throws:

AccessControlException - If no matching restriction definition exists for the specified parameters.

RepositoryException - If another error occurs.

createRestriction

@NotNull
public @NotNull Restriction createRestriction(@Nullable
                                                       @Nullable String oakPath,
                                                       @NotNull
                                                       @NotNull String oakName,
                                                       @NotNull
                                                       Value... values)
                                                throws RepositoryException

Description copied from interface: RestrictionProvider

Creates a new multi valued restriction for the specified parameters.

Specified by:

createRestriction in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

oakName - The name of the restriction.

values - The values of the restriction.

Returns:

A new restriction instance.

Throws:

AccessControlException - If no matching restriction definition exists for the specified parameters.

RepositoryException - If another error occurs.

readRestrictions

@NotNull
public @NotNull Set<Restriction> readRestrictions(@Nullable
                                                           @Nullable String oakPath,
                                                           @NotNull
                                                           @NotNull Tree aceTree)

Description copied from interface: RestrictionProvider

Read the valid restrictions stored in the specified ACE tree.

Specified by:

readRestrictions in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE that may contain restrictions.

Returns:

The valid restrictions stored with the specified tree or an empty set.

writeRestrictions

public void writeRestrictions(String oakPath,
                              Tree aceTree,
                              Set<Restriction> restrictions)
                       throws RepositoryException

Description copied from interface: RestrictionProvider

Writes the given restrictions to the specified ACE tree. Note, that this method does not need to validate the specified restrictions (see also RestrictionProvider.validateRestrictions(String, org.apache.jackrabbit.oak.api.Tree)).

Specified by:

writeRestrictions in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE that will have the specified restrictions added.

restrictions - The set of restrictions to be written to the specified tree.

Throws:

RepositoryException - If an error occurs while writing the restrictions.

validateRestrictions

public void validateRestrictions(String oakPath,
                                 @NotNull
                                 @NotNull Tree aceTree)
                          throws RepositoryException

Description copied from interface: RestrictionProvider

Validate the restrictions present with the specified ACE tree.

Specified by:

validateRestrictions in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE.

Throws:

AccessControlException - If any invalid restrictions are detected.

RepositoryException - If another error occurs.

getPattern

@NotNull
public @NotNull RestrictionPattern getPattern(@Nullable
                                                       @Nullable String oakPath,
                                                       @NotNull
                                                       @NotNull Tree tree)

Description copied from interface: RestrictionProvider

Creates the RestrictionPattern for the restriction information stored with specified tree.

Specified by:

getPattern in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

tree - The tree holding the restriction information.

Returns:

A new RestrictionPattern representing the restriction information present with the given tree.

getPattern

@NotNull
public @NotNull RestrictionPattern getPattern(@Nullable
                                                       @Nullable String oakPath,
                                                       @NotNull
                                                       @NotNull Set<Restriction> restrictions)

Description copied from interface: RestrictionProvider

Creates the RestrictionPattern for the specified restrictions. The implementation should ignore all restrictions present in the specified set that it doesn't support.

Specified by:

getPattern in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

restrictions - the restrictions.

Returns:

A new RestrictionPattern representing those restrictions of the specified set that are supported by this implementation.