public class SimpleAccessManager extends AbstractAccessControlManager implements AccessManager
SimpleAccessManager
...READ, REMOVE, WRITE
Constructor and Description |
---|
SimpleAccessManager()
Empty constructor
|
Modifier and Type | Method and Description |
---|---|
boolean |
canAccess(String workspaceName)
Determines whether the subject of the current context is granted access
to the given workspace.
|
boolean |
canRead(Path itemPath,
ItemId itemId)
Determines whether the item with the specified
itemPath
or itemId can be read. |
protected void |
checkInitialized()
Check if this manager has been properly initialized.
|
void |
checkPermission(ItemId id,
int permissions)
Determines whether the specified
permissions are granted
on the item with the specified id (i.e. |
void |
checkPermission(Path absPath,
int permissions)
Determines whether the specified
permissions are granted
on the item with the specified id (i.e. |
protected void |
checkPermission(String absPath,
int permission)
Check if the specified privileges are granted at
absPath . |
void |
checkRepositoryPermission(int permissions)
Determines whether the specified
permissions are granted
on the repository level. |
protected void |
checkValidNodePath(String absPath)
Tests if the given
absPath is absolute and points to an existing node. |
void |
close()
Close this access manager.
|
javax.jcr.security.AccessControlPolicy[] |
getEffectivePolicies(Set<Principal> principals)
Returns the
AccessControlPolicy objects that are in effect
for the given Principal s. |
javax.jcr.security.AccessControlPolicy[] |
getEffectivePolicies(String absPath) |
protected PrivilegeManager |
getPrivilegeManager() |
javax.jcr.security.Privilege[] |
getPrivileges(String absPath) |
javax.jcr.security.Privilege[] |
getPrivileges(String absPath,
Set<Principal> principals)
Returns the privileges the given set of
Principal s has for
absolute path absPath , which must be an existing node. |
boolean |
hasPrivileges(String absPath,
javax.jcr.security.Privilege[] privileges) |
boolean |
hasPrivileges(String absPath,
Set<Principal> principals,
javax.jcr.security.Privilege[] privileges)
Returns whether the given set of
Principal s has the specified
privileges for absolute path absPath , which must be an
existing node. |
void |
init(AMContext context)
Initialize this access manager.
|
void |
init(AMContext context,
AccessControlProvider acProvider,
WorkspaceAccessManager wspAccessManager)
Initialize this access manager.
|
boolean |
isGranted(ItemId id,
int permissions)
Determines whether the specified
permissions are granted
on the item with the specified id (i.e. |
boolean |
isGranted(Path absPath,
int permissions)
Determines whether the specified
permissions are granted
on the item with the specified absPath (i.e. |
boolean |
isGranted(Path parentPath,
Name childName,
int permissions)
Determines whether the specified
permissions are granted
on an item represented by the combination of the given
parentPath and childName (i.e. |
getApplicablePolicies, getApplicablePolicies, getPolicies, getPolicies, getSupportedPrivileges, privilegeFromName, removePolicy, setPolicy
public void init(AMContext context) throws javax.jcr.AccessDeniedException, Exception
AccessDeniedException
will
be thrown if the subject of the given context
is not
granted access to the specified workspace.init
in interface AccessManager
context
- access manager contextjavax.jcr.AccessDeniedException
- if the subject is not granted access
to the specified workspace.Exception
- if another error occurspublic void init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager) throws javax.jcr.AccessDeniedException, Exception
AccessDeniedException
will
be thrown if the subject of the given context
is not
granted access to the specified workspace.init
in interface AccessManager
context
- access manager context.acProvider
- The access control provider.wspAccessManager
- The workspace access manager.javax.jcr.AccessDeniedException
- if the subject is not granted access
to the specified workspace.Exception
- if another error occurspublic void close() throws Exception
close
in interface AccessManager
Exception
- if an error occurspublic void checkPermission(ItemId id, int permissions) throws javax.jcr.AccessDeniedException, javax.jcr.RepositoryException
permissions
are granted
on the item with the specified id
(i.e. the target item).checkPermission
in interface AccessManager
id
- the id of the target itempermissions
- A combination of one or more of the following constants
encoded as a bitmask value:
READ
WRITE
REMOVE
javax.jcr.AccessDeniedException
- if permission is deniedjavax.jcr.ItemNotFoundException
- if the target item does not existjavax.jcr.RepositoryException
- it an error occurspublic void checkPermission(Path absPath, int permissions) throws javax.jcr.AccessDeniedException, javax.jcr.RepositoryException
permissions
are granted
on the item with the specified id
(i.e. the target item).checkPermission
in interface AccessManager
absPath
- Path to an item.permissions
- A combination of one or more of the
Permission
constants encoded as a bitmask value.javax.jcr.AccessDeniedException
- if permission is deniedjavax.jcr.RepositoryException
- it another error occurspublic void checkRepositoryPermission(int permissions) throws javax.jcr.AccessDeniedException, javax.jcr.RepositoryException
permissions
are granted
on the repository level.checkRepositoryPermission
in interface AccessManager
permissions
- The permissions to check.javax.jcr.AccessDeniedException
- if permissions are denied.javax.jcr.RepositoryException
- if another error occurs.public boolean isGranted(ItemId id, int permissions) throws javax.jcr.RepositoryException
permissions
are granted
on the item with the specified id
(i.e. the target item).isGranted
in interface AccessManager
id
- the id of the target itempermissions
- A combination of one or more of the following constants
encoded as a bitmask value:
READ
WRITE
REMOVE
true
if permission is granted; otherwise false
javax.jcr.ItemNotFoundException
- if the target item does not existjavax.jcr.RepositoryException
- if another error occurspublic boolean isGranted(Path absPath, int permissions) throws javax.jcr.RepositoryException
AccessManager
permissions
are granted
on the item with the specified absPath
(i.e. the target
item, that may or may not yet exist).isGranted
in interface AccessManager
absPath
- the absolute path to testpermissions
- A combination of one or more of the
Permission
constants encoded as a bitmask value.true
if the specified permissions are granted;
otherwise false
.javax.jcr.RepositoryException
- if an error occurs.public boolean isGranted(Path parentPath, Name childName, int permissions) throws javax.jcr.RepositoryException
AccessManager
permissions
are granted
on an item represented by the combination of the given
parentPath
and childName
(i.e. the target
item, that may or may not yet exist).isGranted
in interface AccessManager
parentPath
- Path to an existing parent node.childName
- Name of the child item that may or may not exist yet.permissions
- A combination of one or more of the
Permission
constants encoded as a bitmask value.true
if the specified permissions are granted;
otherwise false
.javax.jcr.RepositoryException
- if an error occurs.public boolean canRead(Path itemPath, ItemId itemId) throws javax.jcr.RepositoryException
AccessManager
itemPath
or itemId
can be read. Either of the two parameters
may be null
.AccessManager.isGranted(Path, int)
should be used instead.
If this method is called with both Path and ItemId it is left to the evaluation, which parameter is used.
canRead
in interface AccessManager
itemPath
- The path to the item or null
if itemId
should be used to determine the READ permission.itemId
- Id of the item to be tested or null
if the
itemPath should be used to determine the permission.true
if the item can be read; otherwise false
.javax.jcr.RepositoryException
- if the item is NEW and only an itemId is
specified or if another error occurs.public boolean canAccess(String workspaceName) throws javax.jcr.RepositoryException
false
, if no such workspace
exists.canAccess
in interface AccessManager
workspaceName
- name of workspacetrue
if the subject of the current context is
granted access to the given workspace; otherwise false
.javax.jcr.RepositoryException
- if an error occurs.public boolean hasPrivileges(String absPath, javax.jcr.security.Privilege[] privileges) throws javax.jcr.PathNotFoundException, javax.jcr.RepositoryException
hasPrivileges
in interface javax.jcr.security.AccessControlManager
javax.jcr.PathNotFoundException
javax.jcr.RepositoryException
public javax.jcr.security.Privilege[] getPrivileges(String absPath) throws javax.jcr.PathNotFoundException, javax.jcr.RepositoryException
getPrivileges
in interface javax.jcr.security.AccessControlManager
javax.jcr.PathNotFoundException
javax.jcr.RepositoryException
public javax.jcr.security.AccessControlPolicy[] getEffectivePolicies(String absPath) throws javax.jcr.PathNotFoundException, javax.jcr.AccessDeniedException, javax.jcr.RepositoryException
getEffectivePolicies
in interface javax.jcr.security.AccessControlManager
javax.jcr.PathNotFoundException
javax.jcr.AccessDeniedException
javax.jcr.RepositoryException
protected void checkInitialized() throws IllegalStateException
AbstractAccessControlManager
checkInitialized
in class AbstractAccessControlManager
IllegalStateException
- If this manager has not been properly initialized.AbstractAccessControlManager.checkInitialized()
protected void checkPermission(String absPath, int permission) throws javax.jcr.AccessDeniedException, javax.jcr.PathNotFoundException, javax.jcr.RepositoryException
AbstractAccessControlManager
absPath
.checkPermission
in class AbstractAccessControlManager
absPath
- Path to an existing node.permission
- Permissions to be checked.javax.jcr.AccessDeniedException
- if the session does not have the
specified privileges.javax.jcr.PathNotFoundException
- if no node exists at absPath
of if the session does not have the permission to READ it.javax.jcr.RepositoryException
- If another error occurs.AbstractAccessControlManager.checkPermission(String,int)
protected PrivilegeManager getPrivilegeManager() throws javax.jcr.RepositoryException
getPrivilegeManager
in class AbstractAccessControlManager
javax.jcr.RepositoryException
- If another error occurs.AbstractAccessControlManager.getPrivilegeManager()
protected void checkValidNodePath(String absPath) throws javax.jcr.PathNotFoundException, javax.jcr.RepositoryException
AbstractAccessControlManager
absPath
is absolute and points to an existing node.checkValidNodePath
in class AbstractAccessControlManager
absPath
- Path to an existing node.javax.jcr.PathNotFoundException
- if no node at absPath
exists
or the session does not have privilege to retrieve the node.javax.jcr.RepositoryException
- If the given absPath
is not
absolute or if some other error occurs.AbstractAccessControlManager.checkValidNodePath(String)
public javax.jcr.security.AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws javax.jcr.AccessDeniedException, javax.jcr.security.AccessControlException, javax.jcr.UnsupportedRepositoryOperationException, javax.jcr.RepositoryException
JackrabbitAccessControlManager
AccessControlPolicy
objects that are in effect
for the given Principal
s. This may be policies set through
this API or some implementation specific (default) policies.getEffectivePolicies
in interface JackrabbitAccessControlManager
principals
- A set of valid principals.javax.jcr.AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege.javax.jcr.security.AccessControlException
- if the specified principal does not exist
or if another access control related exception occurs.javax.jcr.UnsupportedRepositoryOperationException
- if editing access control
policies by principal is not supported.javax.jcr.RepositoryException
- If another error occurs.JackrabbitAccessControlManager.getEffectivePolicies(Set)
public boolean hasPrivileges(String absPath, Set<Principal> principals, javax.jcr.security.Privilege[] privileges) throws javax.jcr.PathNotFoundException, javax.jcr.RepositoryException
JackrabbitAccessControlManager
Principal
s has the specified
privileges for absolute path absPath
, which must be an
existing node.
Testing an aggregate privilege is equivalent to testing each non
aggregate privilege among the set returned by calling
Privilege.getAggregatePrivileges()
for that privilege.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException
if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
hasPrivileges
in interface JackrabbitAccessControlManager
absPath
- an absolute path.principals
- a set of Principal
s for which is the
given privileges are tested.privileges
- an array of Privilege
s.true
if the session has the specified privileges;
false
otherwise.javax.jcr.PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that location.javax.jcr.AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.javax.jcr.RepositoryException
- if another error occurs.JackrabbitAccessControlManager.hasPrivileges(String, Set, Privilege[])
public javax.jcr.security.Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws javax.jcr.PathNotFoundException, javax.jcr.RepositoryException
JackrabbitAccessControlManager
Principal
s has for
absolute path absPath
, which must be an existing node.
The returned privileges are those for which JackrabbitAccessControlManager.hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[])
would
return true
.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException
if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.
getPrivileges
in interface JackrabbitAccessControlManager
absPath
- an absolute path.principals
- a set of Principal
s for which is the
privileges are retrieved.Privilege
s.javax.jcr.PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.javax.jcr.AccessDeniedException
- if the session lacks READ_ACCESS_CONTROL
privilege for the absPath
node.javax.jcr.RepositoryException
- if another error occurs.JackrabbitAccessControlManager.getPrivileges(String, Set)
Copyright © 2004-2020 The Apache Software Foundation. All Rights Reserved.