public class AccessControlAction extends AbstractAuthorizableAction
AccessControlAction
allows to setup permissions upon creation
of a new authorizable; namely the privileges the new authorizable should be
granted on it's own 'home directory' being represented by the new node
associated with that new authorizable.
The following to configuration parameters are available with this implementation:
Example configuration:
<UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager"> <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction"> <param name="groupPrivilegeNames" value="jcr:read"/> <param name="userPrivilegeNames" value="jcr:read, rep:write"/> </AuthorizableAction> </UserManager>
The example configuration will lead to the following content structure upon user or group creation::
UserManager umgr = ((JackrabbitSession) session).getUserManager(); User user = umgr.createUser("testUser", "t"); + t rep:AuthorizableFolder + te rep:AuthorizableFolder + testUser rep:User, mix:AccessControllable + rep:policy rep:ACL + allow rep:GrantACE - rep:principalName = "testUser" - rep:privileges = ["jcr:read","rep:write"] - rep:password - rep:principalName = "testUser"
UserManager umgr = ((JackrabbitSession) session).getUserManager(); Group group = umgr.createGroup("testGroup"); + t rep:AuthorizableFolder + te rep:AuthorizableFolder + testGroup rep:Group, mix:AccessControllable + rep:policy rep:ACL + allow rep:GrantACE - rep:principalName = "testGroup" - rep:privileges = ["jcr:read"] - rep:principalName = "testGroup"
Constructor and Description |
---|
AccessControlAction()
Create a new instance.
|
Modifier and Type | Method and Description |
---|---|
void |
onCreate(Group group,
javax.jcr.Session session)
Doesn't perform any action.
|
void |
onCreate(User user,
String password,
javax.jcr.Session session)
Doesn't perform any action.
|
void |
setGroupPrivilegeNames(String privilegeNames)
Sets the privileges a new group will be granted on the group's home directory.
|
void |
setUserPrivilegeNames(String privilegeNames)
Sets the privileges a new user will be granted on the user's home directory.
|
onPasswordChange, onRemove
public void onCreate(Group group, javax.jcr.Session session) throws javax.jcr.RepositoryException
AbstractAuthorizableAction
onCreate
in interface AuthorizableAction
onCreate
in class AbstractAuthorizableAction
group
- The new group that has not yet been persisted;
e.g. the associated node is still 'NEW'.session
- The editing session associated with the user manager.javax.jcr.RepositoryException
- If an error occurs.AuthorizableAction.onCreate(org.apache.jackrabbit.api.security.user.Group, javax.jcr.Session)
public void onCreate(User user, String password, javax.jcr.Session session) throws javax.jcr.RepositoryException
AbstractAuthorizableAction
onCreate
in interface AuthorizableAction
onCreate
in class AbstractAuthorizableAction
user
- The new user that has not yet been persisted;
e.g. the associated node is still 'NEW'.password
- The password that was specified upon user creation.session
- The editing session associated with the user manager.javax.jcr.RepositoryException
- If an error occurs.AuthorizableAction.onCreate(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)
public void setGroupPrivilegeNames(String privilegeNames)
privilegeNames
- A comma separated list of privilege names.public void setUserPrivilegeNames(String privilegeNames)
privilegeNames
- A comma separated list of privilege names.Copyright © 2004-2020 The Apache Software Foundation. All Rights Reserved.