Package org.apache.jackrabbit.oak.security.authorization.restriction

Class PrincipalRestrictionProvider

java.lang.Object
org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider
All Implemented Interfaces:
AccessControlConstants, RestrictionProvider
public class PrincipalRestrictionProvider extends Object implements RestrictionProvider, AccessControlConstants
Restriction provider implementation used for editing access control by principal. It wraps the configured base provider and adds a mandatory restriction definition with name AccessControlConstants.REP_NODE_PATH and type PATH which stores the path of the access controlled node to which a given access control entry will be applied.

  • Constructor Details

    • PrincipalRestrictionProvider

      public PrincipalRestrictionProvider(@NotNull @NotNull RestrictionProvider base)

  • Method Details

    • getSupportedRestrictions

      @NotNull public @NotNull Set<RestrictionDefinition> getSupportedRestrictions(@Nullable @Nullable String oakPath)
      Description copied from interface: RestrictionProvider
      Returns the restriction definitions supported by this provider implementation at the specified path.
      Specified by:
      getSupportedRestrictions in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree. A null path indicates that the supported restrictions for repository level policies should be returned.
      Returns:
      The set of supported restrictions at the given path.

    • createRestriction

      @NotNull public @NotNull Restriction createRestriction(@Nullable @Nullable String oakPath, @NotNull @NotNull String oakName, @NotNull @NotNull Value value) throws RepositoryException
      Description copied from interface: RestrictionProvider
      Creates a new single valued restriction for the specified parameters.
      Specified by:
      createRestriction in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      oakName - The name of the restriction.
      value - The value of the restriction.
      Returns:
      A new restriction instance.
      Throws:
      AccessControlException - If no matching restriction definition exists for the specified parameters.
      RepositoryException - If another error occurs.

    • createRestriction

      @NotNull public @NotNull Restriction createRestriction(@Nullable @Nullable String oakPath, @NotNull @NotNull String oakName, @NotNull @NotNull Value... values) throws RepositoryException
      Description copied from interface: RestrictionProvider
      Creates a new multi valued restriction for the specified parameters.
      Specified by:
      createRestriction in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      oakName - The name of the restriction.
      values - The values of the restriction.
      Returns:
      A new restriction instance.
      Throws:
      AccessControlException - If no matching restriction definition exists for the specified parameters.
      RepositoryException - If another error occurs.

    • readRestrictions

      @NotNull public @NotNull Set<Restriction> readRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree aceTree)
      Description copied from interface: RestrictionProvider
      Read the valid restrictions stored in the specified ACE tree.
      Specified by:
      readRestrictions in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      aceTree - The tree corresponding to an ACE that may contain restrictions.
      Returns:
      The valid restrictions stored with the specified tree or an empty set.

    • writeRestrictions

      public void writeRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree aceTree, @NotNull @NotNull Set<Restriction> restrictions) throws RepositoryException
      Description copied from interface: RestrictionProvider
      Writes the given restrictions to the specified ACE tree. Note, that this method does not need to validate the specified restrictions (see also RestrictionProvider.validateRestrictions(String, org.apache.jackrabbit.oak.api.Tree)).
      Specified by:
      writeRestrictions in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      aceTree - The tree corresponding to an ACE that will have the specified restrictions added.
      restrictions - The set of restrictions to be written to the specified tree.
      Throws:
      RepositoryException - If an error occurs while writing the restrictions.

    • validateRestrictions

      public void validateRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree aceTree) throws RepositoryException
      Description copied from interface: RestrictionProvider
      Validate the restrictions present with the specified ACE tree.
      Specified by:
      validateRestrictions in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      aceTree - The tree corresponding to an ACE.
      Throws:
      AccessControlException - If any invalid restrictions are detected.
      RepositoryException - If another error occurs.

    • getPattern

      @NotNull public @NotNull RestrictionPattern getPattern(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree tree)
      Description copied from interface: RestrictionProvider
      Creates the RestrictionPattern for the restriction information stored with specified tree.
      Specified by:
      getPattern in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      tree - The tree holding the restriction information.
      Returns:
      A new RestrictionPattern representing the restriction information present with the given tree.

    • getPattern

      @NotNull public @NotNull RestrictionPattern getPattern(@Nullable @Nullable String oakPath, @NotNull @NotNull Set<Restriction> restrictions)
      Description copied from interface: RestrictionProvider
      Creates the RestrictionPattern for the specified restrictions. The implementation should ignore all restrictions present in the specified set that it doesn't support.
      Specified by:
      getPattern in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      restrictions - the restrictions.
      Returns:
      A new RestrictionPattern representing those restrictions of the specified set that are supported by this implementation.