Class PrincipalRestrictionProvider
java.lang.Object
org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider
- All Implemented Interfaces:
AccessControlConstants
,RestrictionProvider
public class PrincipalRestrictionProvider
extends Object
implements RestrictionProvider, AccessControlConstants
Restriction provider implementation used for editing access control by
principal. It wraps the configured base provider and adds a mandatory
restriction definition with name
AccessControlConstants.REP_NODE_PATH
and type PATH
which stores the path of the access controlled node to which a given
access control entry will be applied.-
Field Summary
Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants
AC_NODETYPE_NAMES, ACE_PROPERTY_NAMES, MIX_REP_ACCESS_CONTROLLABLE, MIX_REP_REPO_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_POLICY, NT_REP_RESTRICTIONS, PARAM_RESTRICTION_PROVIDER, POLICY_NODE_NAMES, REP_CURRENT, REP_GLOB, REP_GLOBS, REP_ITEM_NAMES, REP_NODE_PATH, REP_NT_NAMES, REP_POLICY, REP_PREFIXES, REP_PRINCIPAL_NAME, REP_PRIVILEGES, REP_REPO_POLICY, REP_RESTRICTIONS, REP_SUBTREES
Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider
EMPTY
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription@NotNull Restriction
createRestriction
(@Nullable String oakPath, @NotNull String oakName, @NotNull Value value) Creates a new single valued restriction for the specified parameters.@NotNull Restriction
createRestriction
(@Nullable String oakPath, @NotNull String oakName, @NotNull Value... values) Creates a new multi valued restriction for the specified parameters.@NotNull RestrictionPattern
getPattern
(@Nullable String oakPath, @NotNull Set<Restriction> restrictions) Creates theRestrictionPattern
for the specified restrictions.@NotNull RestrictionPattern
getPattern
(@Nullable String oakPath, @NotNull Tree tree) Creates theRestrictionPattern
for the restriction information stored with specified tree.@NotNull Set<RestrictionDefinition>
getSupportedRestrictions
(@Nullable String oakPath) Returns the restriction definitions supported by this provider implementation at the specified path.@NotNull Set<Restriction>
readRestrictions
(@Nullable String oakPath, @NotNull Tree aceTree) Read the valid restrictions stored in the specified ACE tree.void
validateRestrictions
(@Nullable String oakPath, @NotNull Tree aceTree) Validate the restrictions present with the specified ACE tree.void
writeRestrictions
(@Nullable String oakPath, @NotNull Tree aceTree, @NotNull Set<Restriction> restrictions) Writes the given restrictions to the specified ACE tree.
-
Constructor Details
-
PrincipalRestrictionProvider
-
-
Method Details
-
getSupportedRestrictions
@NotNull public @NotNull Set<RestrictionDefinition> getSupportedRestrictions(@Nullable @Nullable String oakPath) Description copied from interface:RestrictionProvider
Returns the restriction definitions supported by this provider implementation at the specified path.- Specified by:
getSupportedRestrictions
in interfaceRestrictionProvider
- Parameters:
oakPath
- The path of the access controlled tree. Anull
path indicates that the supported restrictions for repository level policies should be returned.- Returns:
- The set of supported restrictions at the given path.
-
createRestriction
@NotNull public @NotNull Restriction createRestriction(@Nullable @Nullable String oakPath, @NotNull @NotNull String oakName, @NotNull @NotNull Value value) throws RepositoryException Description copied from interface:RestrictionProvider
Creates a new single valued restriction for the specified parameters.- Specified by:
createRestriction
in interfaceRestrictionProvider
- Parameters:
oakPath
- The path of the access controlled tree ornull
if the target policies applies to the repository level.oakName
- The name of the restriction.value
- The value of the restriction.- Returns:
- A new restriction instance.
- Throws:
AccessControlException
- If no matching restriction definition exists for the specified parameters.RepositoryException
- If another error occurs.
-
createRestriction
@NotNull public @NotNull Restriction createRestriction(@Nullable @Nullable String oakPath, @NotNull @NotNull String oakName, @NotNull @NotNull Value... values) throws RepositoryException Description copied from interface:RestrictionProvider
Creates a new multi valued restriction for the specified parameters.- Specified by:
createRestriction
in interfaceRestrictionProvider
- Parameters:
oakPath
- The path of the access controlled tree ornull
if the target policies applies to the repository level.oakName
- The name of the restriction.values
- The values of the restriction.- Returns:
- A new restriction instance.
- Throws:
AccessControlException
- If no matching restriction definition exists for the specified parameters.RepositoryException
- If another error occurs.
-
readRestrictions
@NotNull public @NotNull Set<Restriction> readRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree aceTree) Description copied from interface:RestrictionProvider
Read the valid restrictions stored in the specified ACE tree.- Specified by:
readRestrictions
in interfaceRestrictionProvider
- Parameters:
oakPath
- The path of the access controlled tree ornull
if the target policies applies to the repository level.aceTree
- The tree corresponding to an ACE that may contain restrictions.- Returns:
- The valid restrictions stored with the specified tree or an empty set.
-
writeRestrictions
public void writeRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree aceTree, @NotNull @NotNull Set<Restriction> restrictions) throws RepositoryException Description copied from interface:RestrictionProvider
Writes the given restrictions to the specified ACE tree. Note, that this method does not need to validate the specified restrictions (see alsoRestrictionProvider.validateRestrictions(String, org.apache.jackrabbit.oak.api.Tree)
).- Specified by:
writeRestrictions
in interfaceRestrictionProvider
- Parameters:
oakPath
- The path of the access controlled tree ornull
if the target policies applies to the repository level.aceTree
- The tree corresponding to an ACE that will have the specified restrictions added.restrictions
- The set of restrictions to be written to the specified tree.- Throws:
RepositoryException
- If an error occurs while writing the restrictions.
-
validateRestrictions
public void validateRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree aceTree) throws RepositoryException Description copied from interface:RestrictionProvider
Validate the restrictions present with the specified ACE tree.- Specified by:
validateRestrictions
in interfaceRestrictionProvider
- Parameters:
oakPath
- The path of the access controlled tree ornull
if the target policies applies to the repository level.aceTree
- The tree corresponding to an ACE.- Throws:
AccessControlException
- If any invalid restrictions are detected.RepositoryException
- If another error occurs.
-
getPattern
@NotNull public @NotNull RestrictionPattern getPattern(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree tree) Description copied from interface:RestrictionProvider
Creates theRestrictionPattern
for the restriction information stored with specified tree.- Specified by:
getPattern
in interfaceRestrictionProvider
- Parameters:
oakPath
- The path of the access controlled tree ornull
if the target policies applies to the repository level.tree
- The tree holding the restriction information.- Returns:
- A new
RestrictionPattern
representing the restriction information present with the given tree.
-
getPattern
@NotNull public @NotNull RestrictionPattern getPattern(@Nullable @Nullable String oakPath, @NotNull @NotNull Set<Restriction> restrictions) Description copied from interface:RestrictionProvider
Creates theRestrictionPattern
for the specified restrictions. The implementation should ignore all restrictions present in the specified set that it doesn't support.- Specified by:
getPattern
in interfaceRestrictionProvider
- Parameters:
oakPath
- The path of the access controlled tree ornull
if the target policies applies to the repository level.restrictions
- the restrictions.- Returns:
- A new
RestrictionPattern
representing those restrictions of the specified set that are supported by this implementation.
-