org.apache.jackrabbit.core.security.user

Class UserManagerImpl

java.lang.Object

org.apache.jackrabbit.core.ProtectedItemModifier

org.apache.jackrabbit.core.security.user.UserManagerImpl

All Implemented Interfaces:

UserManager, SessionListener

Direct Known Subclasses:

UserPerWorkspaceUserManager

public class UserManagerImpl
extends ProtectedItemModifier
implements UserManager, SessionListener

Implementation Characteristics

Default implementation of the UserManager interface with the following characteristics:

• Users and Groups are stored in the repository as JCR nodes.
• Users are created below UserConstants.USERS_PATH,
  Groups are created below UserConstants.GROUPS_PATH (unless otherwise configured).
• The Id of an authorizable is stored in the jcr:uuid property (md5 hash).
• In order to structure the users and groups tree and avoid creating a flat hierarchy, additional hierarchy nodes of type "rep:AuthorizableFolder" are introduced using
  • the specified intermediate path passed to the create methods
  • or some built-in logic if the intermediate path is missing.

Authorizable Creation

The built-in logic applies the following rules:

• The names of the hierarchy folders is determined from ID of the authorizable to be created, consisting of the leading N chars where N is the relative depth starting from the node at getUsersPath() or getGroupsPath().
• By default 2 levels (depth == 2) are created.
• Parent nodes are expected to consist of folder structure only.
• If the ID contains invalid JCR chars that would prevent the creation of a Node with that name, the names of authorizable node and the intermediate hierarchy nodes are escaped.

Examples: Creating an non-existing user with ID 'aSmith' without specifying an intermediate path would result in the following structure:

 + rep:security            [nt:unstructured]
   + rep:authorizables     [rep:AuthorizableFolder]
     + rep:users           [rep:AuthorizableFolder]
       + a                 [rep:AuthorizableFolder]
         + aS              [rep:AuthorizableFolder]
           + aSmith        [rep:User]
 

Creating a non-existing user with ID 'aSmith' specifying an intermediate path 'some/tree' would result in the following structure:

 + rep:security            [nt:unstructured]
   + rep:authorizables     [rep:AuthorizableFolder]
     + rep:users           [rep:AuthorizableFolder]
       + some              [rep:AuthorizableFolder]
         + tree            [rep:AuthorizableFolder]
           + aSmith        [rep:User]
 

Configuration

This UserManager is able to handle the following configuration options:

Configuration Parameters

• PARAM_USERS_PATH: Defines where user nodes are created. If missing set to USERS_PATH.
• PARAM_GROUPS_PATH. Defines where group nodes are created. If missing set to GROUPS_PATH.
• PARAM_COMPATIBLE_JR16: If the param is present and its value is true looking up authorizables by ID will use the NodeResolver if not found otherwise.
  If the parameter is missing (or false) users and groups created with a Jackrabbit repository < v2.0 will not be found any more.
  By default this option is disabled.
• PARAM_DEFAULT_DEPTH: Parameter used to change the number of levels that are used by default to store authorizable nodes.
  The value is expected to be a positive integer greater than zero. The default number of levels is 2.
• PARAM_AUTO_EXPAND_TREE: If this parameter is present and its value is true, the trees containing user and group nodes will automatically created additional hierarchy levels if the number of nodes on a given level exceeds the maximal allowed size.
  By default this option is disabled.
• PARAM_AUTO_EXPAND_SIZE: This parameter only takes effect if PARAM_AUTO_EXPAND_TREE is enabled.
  The value is expected to be a positive long greater than zero. The default value is 1000.
• PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE: If this parameter is present group memberships are collected in a node structure below UserConstants.N_MEMBERS instead of the default multi valued property UserConstants.P_MEMBERS. Its value determines the maximum number of member properties until additional intermediate nodes are inserted. Valid parameter values are integers > 4.
• PARAM_PASSWORD_HASH_ALGORITHM: Optional parameter to configure the algorithm used for password hash generation. The default value is PasswordUtility.DEFAULT_ALGORITHM.
• PARAM_PASSWORD_HASH_ITERATIONS: Optional parameter to configure the number of iterations used for password hash generations. The default value is PasswordUtility.DEFAULT_ITERATIONS.

Authorizable Actions

In addition to the specified configuration parameters this user manager implementation allows to define zero to many AuthorizableActions. Authorizable actions provide the ability to execute additional validation or tasks upon authorizable creation, removal and upon changing a users password.
See also UserManagerConfig.getAuthorizableActions()

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTHORIZABLES_PATH
static String	GROUP_ADMIN_GROUP_NAME Configuration key and default value for the the name of the 'GroupAdmin' group-principal
static String	GROUPS_PATH
static Name	MIX_REP_IMPERSONATABLE
static Name	N_MEMBERS
static NameFactory	NF
static Name	NT_REP_AUTHORIZABLE
static Name	NT_REP_AUTHORIZABLE_FOLDER
static Name	NT_REP_GROUP
static Name	NT_REP_MEMBERS
static Name	NT_REP_USER
static Name	P_DISABLED
static Name	P_GROUPS Deprecated. As of 2.0 group membership is stored with the group node.
static Name	P_IMPERSONATORS Name of the user property containing the principal names of those allowed to impersonate.
static Name	P_MEMBERS
static Name	P_PASSWORD
static Name	P_PRINCIPAL_NAME
static Name	P_USERID Deprecated. As of 2.0 the id-hash is stored with the jcr:uuid making the rep:userId property redundant. It has been removed from the node type definition.
static String	PARAM_AUTO_EXPAND_SIZE This parameter only takes effect if PARAM_AUTO_EXPAND_TREE is enabled. The default value is 1000.
static String	PARAM_AUTO_EXPAND_TREE If this parameter is present and its value is true, the trees containing user and group nodes will automatically created additional hierarchy levels if the number of nodes on a given level exceeds the maximal allowed size.
static String	PARAM_COMPATIBILE_JR16 Deprecated. Use PARAM_COMPATIBLE_JR16 instead.
static String	PARAM_COMPATIBLE_JR16 Flag to enable a minimal backwards compatibility with Jackrabbit < v2.0 If the param is present and its value is true looking up authorizables by ID will use the NodeResolver if not found otherwise. If the parameter is missing (or false) users and groups created with a Jackrabbit repository < v2.0 will not be found any more. By default this option is disabled.
static String	PARAM_DEFAULT_DEPTH Parameter used to change the number of levels that are used by default store authorizable nodes. The default number of levels is 2.
static String	PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE If this parameter is present group members are collected in a node structure below UserConstants.N_MEMBERS instead of the default multi valued property UserConstants.P_MEMBERS.
static String	PARAM_GROUPS_PATH Configuration option to change the default path for creating groups.
static String	PARAM_PASSWORD_HASH_ALGORITHM Configuration parameter to change the default algorithm used to generate password hashes.
static String	PARAM_PASSWORD_HASH_ITERATIONS Configuration parameter to change the number of iterations used for password hash generation.
static String	PARAM_USERS_PATH Configuration option to change the default path for creating users.
static String	SECURITY_ROOT_PATH root-path to security related content e.g.
static String	USER_ADMIN_GROUP_NAME Configuration key and default value for the the name of the 'UserAdmin' group-principal.
static String	USERS_PATH

Fields inherited from interface org.apache.jackrabbit.api.security.user.UserManager

SEARCH_TYPE_AUTHORIZABLE, SEARCH_TYPE_GROUP, SEARCH_TYPE_USER

Constructor Summary

Constructors

Constructor and Description
UserManagerImpl(SessionImpl session, String adminId) Create a new UserManager with the default configuration.
UserManagerImpl(SessionImpl session, String adminId, Properties config) Create a new UserManager
UserManagerImpl(SessionImpl session, String adminId, Properties config, MembershipCache mCache) Create a new UserManager for the given session.

Method Summary

Methods

Modifier and Type	Method and Description
void	autoSave(boolean enable) Always throws unsupportedRepositoryOperationException as modification of the autosave behavior is not supported.
Group	createGroup(Principal principal) Same as createGroup(java.security.Principal, String) where the intermediate path is null.
Group	createGroup(Principal principal, String intermediatePath) Same as createGroup(String, Principal, String) where a groupID is generated from the principal name.
Group	createGroup(String groupID) Creates a Group for the given groupID, which must not be null.
Group	createGroup(String groupID, Principal principal, String intermediatePath) Create a new Group from the given groupID and principal.
User	createSystemUser(String userID, String intermediatePath) Create a new system user for the specified userID.
User	createUser(String userID, String password) Creates an User for the given userID / password pair; neither of the specified parameters can be null. Same as UserManager.createUser(String,String,Principal,String) where the specified userID is equal to the principal name and the intermediate path is null.
User	createUser(String userID, String password, Principal principal, String intermediatePath) Creates an User for the given parameters.
protected Group	doCreateGroup(NodeImpl node) Build the group object from the given group node.
protected User	doCreateUser(NodeImpl node) Build the user object from the given user node.
Iterator<Authorizable>	findAuthorizables(Query query) Return Authorizables that match a specific Query.
Iterator<Authorizable>	findAuthorizables(String relPath, String value) Returns all Authorizables that have a property with the given relative path (or name) that matches the specified value.
Iterator<Authorizable>	findAuthorizables(String relPath, String value, int searchType) Returns all Authorizables that have a property with the given relative path (or name) that matches the specified value.
Authorizable	getAuthorizable(Principal principal) Get the Authorizable by its Principal.
Authorizable	getAuthorizable(String id) Get the Authorizable by its id.
<T extends Authorizable> T	getAuthorizable(String id, Class<T> authorizableClass) Get the Authorizable of a specific type by its id.
Authorizable	getAuthorizableByPath(String path) Always throws UnsupportedRepositoryOperationException since this implementation of the user management API does not allow to retrieve the path of an authorizable.
String	getGroupsPath() Implementation specific methods revealing where groups are created within the content.
MembershipCache	getMembershipCache()
int	getMemberSplitSize() Maximum number of properties on the group membership node structure under UserConstants.N_MEMBERS until additional intermediate nodes are inserted.
String	getUsersPath() Implementation specific methods revealing where users are created within the content.
boolean	hasMemberSplitSize() Returns true if the split-member configuration parameter is greater or equal than 4 indicating that group members should be stored in a tree instead of a single multivalued property.
boolean	isAutoSave() Always returns true as by default the autoSave behavior cannot be altered (see also autoSave(boolean).
void	loggedOut(SessionImpl session) Called when a Session has been 'closed' by calling Session.logout().
void	loggingOut(SessionImpl session) Called when a Session is about to be 'closed' by calling Session.logout().
void	setAuthorizableActions(AuthorizableAction[] authorizableActions) Set the authorizable actions that will be invoked upon authorizable creation and removal.

Methods inherited from class org.apache.jackrabbit.core.ProtectedItemModifier

addNode, addNode, markModified, performProtected, removeItem, setProperty, setProperty, setProperty, setProperty

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PARAM_USERS_PATH

public static final String PARAM_USERS_PATH

Configuration option to change the default path for creating users.

See Also:

Constant Field Values

PARAM_GROUPS_PATH

public static final String PARAM_GROUPS_PATH

Configuration option to change the default path for creating groups.

See Also:

Constant Field Values

PARAM_COMPATIBILE_JR16

public static final String PARAM_COMPATIBILE_JR16

Deprecated. Use PARAM_COMPATIBLE_JR16 instead.

See Also:

Constant Field Values

PARAM_COMPATIBLE_JR16

public static final String PARAM_COMPATIBLE_JR16

Flag to enable a minimal backwards compatibility with Jackrabbit < v2.0
If the param is present and its value is true looking up authorizables by ID will use the NodeResolver if not found otherwise.
If the parameter is missing (or false) users and groups created with a Jackrabbit repository < v2.0 will not be found any more.
By default this option is disabled.

See Also:

Constant Field Values

PARAM_DEFAULT_DEPTH

public static final String PARAM_DEFAULT_DEPTH

Parameter used to change the number of levels that are used by default store authorizable nodes.
The default number of levels is 2.

NOTE: Changing the default depth once users and groups have been created in the repository will cause inconsistencies, due to the fact that the resolution of ID to an authorizable relies on the structure defined by the default depth.
It is recommended to remove all authorizable nodes that will not be reachable any more, before this config option is changed.

• If default depth is increased:
  All authorizables on levels < default depth are not reachable any more.
• If default depth is decreased:
  All authorizables on levels > default depth aren't reachable any more unless the PARAM_AUTO_EXPAND_TREE flag is set to true.

See Also:

Constant Field Values

PARAM_AUTO_EXPAND_TREE

public static final String PARAM_AUTO_EXPAND_TREE

If this parameter is present and its value is true, the trees containing user and group nodes will automatically created additional hierarchy levels if the number of nodes on a given level exceeds the maximal allowed size.
By default this option is disabled.

See Also:

Constant Field Values

PARAM_AUTO_EXPAND_SIZE

public static final String PARAM_AUTO_EXPAND_SIZE

This parameter only takes effect if PARAM_AUTO_EXPAND_TREE is enabled.
The default value is 1000.

See Also:

Constant Field Values

PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE

public static final String PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE

If this parameter is present group members are collected in a node structure below UserConstants.N_MEMBERS instead of the default multi valued property UserConstants.P_MEMBERS. Its value determines the maximum number of member properties until additional intermediate nodes are inserted. Valid values are integers > 4. The default value is 0 and indicates that the UserConstants.P_MEMBERS property is used to record group members.

See Also:

Constant Field Values

PARAM_PASSWORD_HASH_ALGORITHM

public static final String PARAM_PASSWORD_HASH_ALGORITHM

Configuration parameter to change the default algorithm used to generate password hashes. The default value is PasswordUtility.DEFAULT_ALGORITHM.

See Also:

Constant Field Values

PARAM_PASSWORD_HASH_ITERATIONS

public static final String PARAM_PASSWORD_HASH_ITERATIONS

Configuration parameter to change the number of iterations used for password hash generation. The default value is PasswordUtility.DEFAULT_ITERATIONS.

See Also:

Constant Field Values

NF

public static final NameFactory NF

SECURITY_ROOT_PATH

public static final String SECURITY_ROOT_PATH

root-path to security related content e.g. principals

See Also:

Constant Field Values

AUTHORIZABLES_PATH

public static final String AUTHORIZABLES_PATH

See Also:

Constant Field Values

USERS_PATH

public static final String USERS_PATH

See Also:

Constant Field Values

GROUPS_PATH

public static final String GROUPS_PATH

See Also:

Constant Field Values

USER_ADMIN_GROUP_NAME

public static final String USER_ADMIN_GROUP_NAME

Configuration key and default value for the the name of the 'UserAdmin' group-principal.

See Also:

Constant Field Values

GROUP_ADMIN_GROUP_NAME

public static final String GROUP_ADMIN_GROUP_NAME

Configuration key and default value for the the name of the 'GroupAdmin' group-principal

See Also:

Constant Field Values

P_PRINCIPAL_NAME

public static final Name P_PRINCIPAL_NAME

P_USERID

public static final Name P_USERID

Deprecated. As of 2.0 the id-hash is stored with the jcr:uuid making the rep:userId property redundant. It has been removed from the node type definition.

P_PASSWORD

public static final Name P_PASSWORD

P_DISABLED

public static final Name P_DISABLED

P_GROUPS

public static final Name P_GROUPS

Deprecated. As of 2.0 group membership is stored with the group node.

See Also:

P_MEMBERS

P_MEMBERS

public static final Name P_MEMBERS

N_MEMBERS

public static final Name N_MEMBERS

P_IMPERSONATORS

public static final Name P_IMPERSONATORS

Name of the user property containing the principal names of those allowed to impersonate.

NT_REP_AUTHORIZABLE

public static final Name NT_REP_AUTHORIZABLE

NT_REP_AUTHORIZABLE_FOLDER

public static final Name NT_REP_AUTHORIZABLE_FOLDER

NT_REP_USER

public static final Name NT_REP_USER

NT_REP_GROUP

public static final Name NT_REP_GROUP

NT_REP_MEMBERS

public static final Name NT_REP_MEMBERS

MIX_REP_IMPERSONATABLE

public static final Name MIX_REP_IMPERSONATABLE

Constructor Detail

UserManagerImpl

public UserManagerImpl(SessionImpl session,
               String adminId)
                throws javax.jcr.RepositoryException

Create a new UserManager with the default configuration.

Parameters:

session - The editing/reading session.

adminId - The user ID of the administrator.

Throws:

javax.jcr.RepositoryException - If an error occurs.

UserManagerImpl

public UserManagerImpl(SessionImpl session,
               String adminId,
               Properties config)
                throws javax.jcr.RepositoryException

Create a new UserManager

Parameters:

session - The editing/reading session.

adminId - The user ID of the administrator.

config - The configuration parameters.

Throws:

javax.jcr.RepositoryException - If an error occurs.

UserManagerImpl

public UserManagerImpl(SessionImpl session,
               String adminId,
               Properties config,
               MembershipCache mCache)
                throws javax.jcr.RepositoryException

Create a new UserManager for the given session. Currently the following configuration options are respected:

• PARAM_USERS_PATH. If missing set to UserConstants.USERS_PATH.
• PARAM_GROUPS_PATH. If missing set to UserConstants.GROUPS_PATH.
• PARAM_DEFAULT_DEPTH. The default number of levels is 2.
• PARAM_AUTO_EXPAND_TREE. By default this option is disabled.
• PARAM_AUTO_EXPAND_SIZE. The default value is 1000.
• PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE. The default is 0 which means use UserConstants.P_MEMBERS.

See the overall introduction for details.

Parameters:

session - The editing/reading session.

adminId - The user ID of the administrator.

config - The configuration parameters.

mCache - Shared membership cache.

Throws:

javax.jcr.RepositoryException - If an error occurs.

Method Detail

getUsersPath

public String getUsersPath()

Implementation specific methods revealing where users are created within the content.

Returns:

root path for user content.

See Also:

For the corresponding configuration parameter.

getGroupsPath

public String getGroupsPath()

Implementation specific methods revealing where groups are created within the content.

Returns:

root path for group content.

See Also:

For the corresponding configuration parameter.

getMembershipCache

public MembershipCache getMembershipCache()

Returns:

The membership cache present with this user manager instance.

getMemberSplitSize

public int getMemberSplitSize()

Maximum number of properties on the group membership node structure under UserConstants.N_MEMBERS until additional intermediate nodes are inserted. If 0 (default), UserConstants.P_MEMBERS is used to record group memberships.

Returns:

The maximum number of group members before splitting up the structure.

hasMemberSplitSize

public boolean hasMemberSplitSize()

Returns true if the split-member configuration parameter is greater or equal than 4 indicating that group members should be stored in a tree instead of a single multivalued property.

Returns:

true if group members are being stored in a tree instead of a single multivalued property.

setAuthorizableActions

public void setAuthorizableActions(AuthorizableAction[] authorizableActions)

Set the authorizable actions that will be invoked upon authorizable creation and removal.

Parameters:

authorizableActions - An array of authorizable actions.

getAuthorizable

public Authorizable getAuthorizable(String id)
                             throws javax.jcr.RepositoryException

Description copied from interface: UserManager

Get the Authorizable by its id.

Specified by:

getAuthorizable in interface UserManager

Parameters:

id - The user or group id.

Returns:

Authorizable or null, if not present.

Throws:

javax.jcr.RepositoryException - If an error occurs.

See Also:

UserManager.getAuthorizable(String)

getAuthorizable

public <T extends Authorizable> T getAuthorizable(String id,
                                         Class<T> authorizableClass)
                                       throws AuthorizableTypeException,
                                              javax.jcr.RepositoryException

Description copied from interface: UserManager

Get the Authorizable of a specific type by its id.

Specified by:

getAuthorizable in interface UserManager

Type Parameters:

T - the required Authorizable type.

Parameters:

id - the user or group id.

authorizableClass - the class of the type of Authorizable required; must not be null.

Returns:

Authorizable or null, if not present.

Throws:

AuthorizableTypeException - If an authorizable exists but is not of the requested type.

javax.jcr.RepositoryException - If an error occurs

See Also:

UserManager.getAuthorizable(String, Class)

getAuthorizable

public Authorizable getAuthorizable(Principal principal)
                             throws javax.jcr.RepositoryException

Description copied from interface: UserManager

Get the Authorizable by its Principal.

Specified by:

getAuthorizable in interface UserManager

Parameters:

principal - The principal of the authorizable to retrieve.

Returns:

Authorizable or null, if not present.

Throws:

javax.jcr.RepositoryException - If an error occurs.

See Also:

UserManager.getAuthorizable(Principal)

getAuthorizableByPath

public Authorizable getAuthorizableByPath(String path)
                                   throws javax.jcr.UnsupportedRepositoryOperationException,
                                          javax.jcr.RepositoryException

Always throws UnsupportedRepositoryOperationException since this implementation of the user management API does not allow to retrieve the path of an authorizable.

Specified by:

getAuthorizableByPath in interface UserManager

Parameters:

path - The path to an authorizable.

Returns:

Authorizable or null, if not present.

Throws:

javax.jcr.UnsupportedRepositoryOperationException - If this implementation does support to retrieve authorizables by path.

javax.jcr.RepositoryException - If another error occurs.

See Also:

UserManager.getAuthorizableByPath(String)

findAuthorizables

public Iterator<Authorizable> findAuthorizables(String relPath,
                                       String value)
                                         throws javax.jcr.RepositoryException

Description copied from interface: UserManager

Returns all Authorizables that have a property with the given relative path (or name) that matches the specified value.

If a relative path with more than one segment is specified only properties exactly matching that patch will be returned. If, however, a name is specified all properties that may be retrieved using Authorizable.getProperty(String) will be searched for a match.

Specified by:

findAuthorizables in interface UserManager

Parameters:

relPath - A relative property path or name.

value - A string value to match.

Returns:

All Authorizables that have a property with the given name exactly matching the given value.

Throws:

javax.jcr.RepositoryException - If an error occurs.

See Also:

UserManager.findAuthorizables(String,String)

findAuthorizables

public Iterator<Authorizable> findAuthorizables(String relPath,
                                       String value,
                                       int searchType)
                                         throws javax.jcr.RepositoryException

Description copied from interface: UserManager

Returns all Authorizables that have a property with the given relative path (or name) that matches the specified value. In contrast to UserManager.findAuthorizables(String, String) the type of authorizable is respected while executing the search.

If a relative path with more than one segment is specified only properties exactly matching that path will be returned. If, however, a name is specified all properties that may be retrieved using Authorizable.getProperty(String) will be searched for a match.

Specified by:

findAuthorizables in interface UserManager

Parameters:

relPath - A relative property path or name.

value - A string value to match.

searchType - Any of the following constants:

• UserManager.SEARCH_TYPE_AUTHORIZABLE
• UserManager.SEARCH_TYPE_GROUP
• UserManager.SEARCH_TYPE_USER

Returns:

An iterator of Authorizable.

Throws:

javax.jcr.RepositoryException - If an error occurs.

See Also:

UserManager.findAuthorizables(String,String, int)

findAuthorizables

public Iterator<Authorizable> findAuthorizables(Query query)
                                         throws javax.jcr.RepositoryException

Description copied from interface: UserManager

Return Authorizables that match a specific Query.

Specified by:

findAuthorizables in interface UserManager

Parameters:

query - A query

Returns:

Iterator of authorizables witch match the query.

Throws:

javax.jcr.RepositoryException - If an error occurs.

See Also:

UserManager.findAuthorizables(Query)

createUser

public User createUser(String userID,
              String password)
                throws javax.jcr.RepositoryException

Description copied from interface: UserManager

Creates an User for the given userID / password pair; neither of the specified parameters can be null.
Same as UserManager.createUser(String,String,Principal,String) where the specified userID is equal to the principal name and the intermediate path is null.

Specified by:

createUser in interface UserManager

Parameters:

userID - The ID of the new user.

password - The initial password of this user.

Returns:

The new User.

Throws:

AuthorizableExistsException - in case the given userID is already in use or another Authorizable with the same principal name exists.

javax.jcr.RepositoryException - If another error occurs.

See Also:

UserManager.createUser(String,String)

createUser

public User createUser(String userID,
              String password,
              Principal principal,
              String intermediatePath)
                throws AuthorizableExistsException,
                       javax.jcr.RepositoryException

Description copied from interface: UserManager

Creates an User for the given parameters. If the implementation is not able to deal with the intermediatePath that parameter should be ignored. Except for the intermediatePath, neither of the specified parameters can be null.

Specified by:

createUser in interface UserManager

Parameters:

userID - The ID of the new user.

password - The initial password of the new user.

principal - The principal of the new user.

intermediatePath - An optional intermediate path used to create the new user. If the intermediate path is null an internal, implementation specific structure will be used.

Returns:

The new User.

Throws:

AuthorizableExistsException - in case the given userID is already in use or another Authorizable with the same principal name exists.

javax.jcr.RepositoryException - If the current Session is not allowed to create users or some another error occurs.

See Also:

UserManager.createUser(String, String, java.security.Principal, String)

createSystemUser

public User createSystemUser(String userID,
                    String intermediatePath)
                      throws AuthorizableExistsException,
                             javax.jcr.RepositoryException

Description copied from interface: UserManager

Create a new system user for the specified userID. The new authorizable is required to have the following characteristics:

• User.isSystemUser() returns true.
• The system user doesn't have a password set and doesn't allow change the password.
• The principal name is generated by the system; it may be the same as userID.
• A given implementation may choose to keep system users in a dedicated location and thus may impose restrictions on the intermediatePath.

Specified by:

createSystemUser in interface UserManager

Parameters:

userID - A valid userID.

intermediatePath - An optional intermediate path to create the new system user. The implemenation may decide to reject intermediate paths if they violate an implementation specific requirement with respect to the location where systems users are being held. If the intermediate path is null an internal implementation specific structure will be used.

Returns:

The new system user.

Throws:

AuthorizableExistsException - if an Authorizable with this id already exists.

javax.jcr.RepositoryException - If another error occurs.

createGroup

public Group createGroup(String groupID)
                  throws AuthorizableExistsException,
                         javax.jcr.RepositoryException

Description copied from interface: UserManager

Creates a Group for the given groupID, which must not be null.
Same as UserManager.createGroup(String, Principal,String) where the specified groupID is the name of the Principal the intermediate path is null.

Specified by:

createGroup in interface UserManager

Parameters:

groupID - The ID of the new group; must not be null.

Returns:

The new Group.

Throws:

AuthorizableExistsException - in case the given groupID is already in use or another Authorizable with the same ID or principal name already exists.

javax.jcr.RepositoryException - If another error occurs.

See Also:

UserManager.createGroup(String)

createGroup

public Group createGroup(Principal principal)
                  throws javax.jcr.RepositoryException

Same as createGroup(java.security.Principal, String) where the intermediate path is null.

Specified by:

createGroup in interface UserManager

Parameters:

principal - A non-null Principal

Returns:

The new Group.

Throws:

AuthorizableExistsException - in case the given principal is already in use with another Authorizable.

javax.jcr.RepositoryException - If another error occurs.

See Also:

UserManager.createGroup(Principal)

createGroup

public Group createGroup(Principal principal,
                String intermediatePath)
                  throws AuthorizableExistsException,
                         javax.jcr.RepositoryException

Same as createGroup(String, Principal, String) where a groupID is generated from the principal name. If the name conflicts with an existing authorizable ID (may happen in cases where principal name != ID) the principal name is expanded by a suffix; otherwise the resulting group ID equals the principal name.

Specified by:

createGroup in interface UserManager

Parameters:

principal - A principal that doesn't yet represent an existing user or group.

intermediatePath - Is always ignored.

Returns:

A new group.

Throws:

AuthorizableExistsException

javax.jcr.RepositoryException

See Also:

UserManager.createGroup(java.security.Principal, String)

createGroup

public Group createGroup(String groupID,
                Principal principal,
                String intermediatePath)
                  throws AuthorizableExistsException,
                         javax.jcr.RepositoryException

Create a new Group from the given groupID and principal. It will be created below the defined group path.
Non-existent elements of the Path will be created as nodes of type rep:AuthorizableFolder.

Specified by:

createGroup in interface UserManager

Parameters:

groupID - A groupID that hasn't been used before for another user or group.

principal - A principal that doesn't yet represent an existing user or group.

intermediatePath - Is always ignored.

Returns:

A new group.

Throws:

AuthorizableExistsException

javax.jcr.RepositoryException

See Also:

UserManager.createGroup(String, java.security.Principal, String)

isAutoSave

public boolean isAutoSave()

Always returns true as by default the autoSave behavior cannot be altered (see also autoSave(boolean).

Specified by:

isAutoSave in interface UserManager

Returns:

Always true.

See Also:

UserManager.isAutoSave()

autoSave

public void autoSave(boolean enable)
              throws javax.jcr.UnsupportedRepositoryOperationException,
                     javax.jcr.RepositoryException

Always throws unsupportedRepositoryOperationException as modification of the autosave behavior is not supported.

Specified by:

autoSave in interface UserManager

Parameters:

enable - If true changes made through this API will be automatically saved; otherwise an explicit call to Session.save() is required in order to persist changes.

Throws:

javax.jcr.UnsupportedRepositoryOperationException - If the implementation does not allow to change the auto save behavior.

javax.jcr.RepositoryException - If some other error occurs.

See Also:

UserManager.autoSave(boolean)

doCreateUser

protected User doCreateUser(NodeImpl node)
                     throws javax.jcr.RepositoryException

Build the user object from the given user node. May be overridden to return a custom implementation.

Parameters:

node - user node

Returns:

the user object

Throws:

javax.jcr.RepositoryException - if an error occurs

doCreateGroup

protected Group doCreateGroup(NodeImpl node)
                       throws javax.jcr.RepositoryException

Build the group object from the given group node. May be overridden to return a custom implementation.

Parameters:

node - group node

Returns:

A group

Throws:

javax.jcr.RepositoryException - if an error occurs

loggingOut

public void loggingOut(SessionImpl session)

Description copied from interface: SessionListener

Called when a Session is about to be 'closed' by calling Session.logout(). At this moment the session is still valid.

Specified by:

loggingOut in interface SessionListener

Parameters:

session - the Session that is about to be 'closed'

See Also:

SessionListener.loggingOut(org.apache.jackrabbit.core.SessionImpl)

loggedOut

public void loggedOut(SessionImpl session)

Description copied from interface: SessionListener

Called when a Session has been 'closed' by calling Session.logout().

Specified by:

loggedOut in interface SessionListener

Parameters:

session - the Session that has been 'closed'

See Also:

SessionListener.loggedOut(org.apache.jackrabbit.core.SessionImpl)