org.apache.jackrabbit.core.security.authorization

Class AbstractACLTemplate

java.lang.Object

org.apache.jackrabbit.core.security.authorization.AbstractACLTemplate

All Implemented Interfaces:

AccessControlList, AccessControlPolicy, JackrabbitAccessControlList, JackrabbitAccessControlPolicy, AccessControlConstants

public abstract class AbstractACLTemplate
extends Object
implements JackrabbitAccessControlList, AccessControlConstants

AbstractACLTemplate...

Field Summary

Fields

Modifier and Type	Field and Description
protected String	path Path of the node this ACL template has been created for.
protected ValueFactory	valueFactory The value factory

Fields inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlConstants

N_ACCESSCONTROL, N_POLICY, N_REPO_POLICY, NT_REP_ACCESS_CONTROL, NT_REP_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_PRINCIPAL_ACCESS_CONTROL, NT_REP_REPO_ACCESS_CONTROLLABLE, P_GLOB, P_PRINCIPAL_NAME, P_PRIVILEGES

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AbstractACLTemplate(String path, ValueFactory valueFactory)

Method Summary

Modifier and Type	Method and Description
boolean	addAccessControlEntry(Principal principal, Privilege[] privileges)
boolean	addEntry(Principal principal, Privilege[] privileges, boolean isAllow) Same as JackrabbitAccessControlList.addEntry(Principal, Privilege[], boolean, Map) using some implementation specific restrictions.
boolean	addEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String,Value> restrictions, Map<String,Value[]> mvRestrictions) Adds an access control entry to this policy consisting of the specified principal, the specified privileges, the isAllow flag and an optional map containing additional restrictions.
protected abstract void	checkValidEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String,Value> restrictions) Validates the given parameters to create a new ACE and throws an AccessControlException if any of them is invalid.
AccessControlEntry[]	getAccessControlEntries()
protected abstract List<AccessControlEntry>	getEntries() Return the list of entries, if they are held in an orderable list.
String	getPath() Returns the path of the node this policy has been created for.
boolean	isEmpty() Returns true if this policy does not yet define any entries.
void	orderBefore(AccessControlEntry srcEntry, AccessControlEntry destEntry) If the AccessControlList implementation supports reordering of entries the specified srcEntry is inserted at the position of the specified destEntry.
int	size() Returns the number of entries or 0 if the policy is empty.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.jackrabbit.api.security.JackrabbitAccessControlList

addEntry, getRestrictionNames, getRestrictionType

Methods inherited from interface javax.jcr.security.AccessControlList

removeAccessControlEntry

Field Detail

path

protected final String path

Path of the node this ACL template has been created for.

valueFactory

protected final ValueFactory valueFactory

The value factory

Constructor Detail

AbstractACLTemplate

protected AbstractACLTemplate(String path,
                              ValueFactory valueFactory)

Method Detail

checkValidEntry

protected abstract void checkValidEntry(Principal principal,
                                        Privilege[] privileges,
                                        boolean isAllow,
                                        Map<String,Value> restrictions)
                                 throws AccessControlException

Validates the given parameters to create a new ACE and throws an AccessControlException if any of them is invalid. Otherwise this method returns silently.

Parameters:

principal - The principal to create the ACE for.

privileges - The privileges to be granted/denied by the ACE.

isAllow - Defines if the privileges are allowed or denied.

restrictions - The additional restrictions.

Throws:

AccessControlException - If any of the given parameters is invalid.

getEntries

protected abstract List<AccessControlEntry> getEntries()

Return the list of entries, if they are held in an orderable list.

Returns:

the list of entries.

See Also:

orderBefore(AccessControlEntry, AccessControlEntry)

getPath

public String getPath()

Description copied from interface: JackrabbitAccessControlPolicy

Returns the path of the node this policy has been created for.

Specified by:

getPath in interface JackrabbitAccessControlPolicy

Returns:

the path of the node this policy has been created for.

See Also:

JackrabbitAccessControlPolicy.getPath()

addEntry

public boolean addEntry(Principal principal,
                        Privilege[] privileges,
                        boolean isAllow)
                 throws AccessControlException,
                        RepositoryException

Description copied from interface: JackrabbitAccessControlList

Same as JackrabbitAccessControlList.addEntry(Principal, Privilege[], boolean, Map) using some implementation specific restrictions.

Specified by:

addEntry in interface JackrabbitAccessControlList

Parameters:

principal - the principal to add the entry for

privileges - the privileges to add

isAllow - if true if this is a positive (allow) entry

Returns:

true if this policy has changed by incorporating the given entry; false otherwise.

Throws:

AccessControlException - If any of the given parameter is invalid or cannot be handled by the implementation.

RepositoryException - If another error occurs.

See Also:

JackrabbitAccessControlList.addEntry(Principal, Privilege[], boolean)

addEntry

public boolean addEntry(Principal principal,
                        Privilege[] privileges,
                        boolean isAllow,
                        Map<String,Value> restrictions,
                        Map<String,Value[]> mvRestrictions)
                 throws AccessControlException,
                        RepositoryException

Description copied from interface: JackrabbitAccessControlList

Adds an access control entry to this policy consisting of the specified principal, the specified privileges, the isAllow flag and an optional map containing additional restrictions.

This method returns true if this policy was modified, false otherwise.

An AccessControlException is thrown if any of the specified parameters is invalid or if some other access control related exception occurs.

Specified by:

addEntry in interface JackrabbitAccessControlList

Parameters:

principal - the principal to add the entry for

privileges - the privileges to add

isAllow - if true if this is a positive (allow) entry

restrictions - A map of additional restrictions used to narrow the effect of the entry to be created. The map must map JCR names to a single Value object.

Returns:

true if this policy has changed by incorporating the given entry; false otherwise.

Throws:

AccessControlException - If any of the given parameter is invalid or cannot be handled by the implementation.

RepositoryException - If another error occurs.

See Also:

JackrabbitAccessControlList.addEntry(Principal, Privilege[], boolean, Map, Map)

size

public int size()

Description copied from interface: JackrabbitAccessControlList

Returns the number of entries or 0 if the policy is empty.

Specified by:

size in interface JackrabbitAccessControlList

Returns:

The number of entries present or 0 if the policy is empty.

See Also:

JackrabbitAccessControlList.size()

isEmpty

public boolean isEmpty()

Description copied from interface: JackrabbitAccessControlList

Returns true if this policy does not yet define any entries.

Specified by:

isEmpty in interface JackrabbitAccessControlList

Returns:

If no entries are present.

See Also:

JackrabbitAccessControlList.isEmpty()

orderBefore

public void orderBefore(AccessControlEntry srcEntry,
                        AccessControlEntry destEntry)
                 throws AccessControlException,
                        UnsupportedRepositoryOperationException,
                        RepositoryException

Description copied from interface: JackrabbitAccessControlList

If the AccessControlList implementation supports reordering of entries the specified srcEntry is inserted at the position of the specified destEntry.

If destEntry is null the entry is moved to the end of the list.

If srcEntry and destEntry are the same no changes are made.

Specified by:

orderBefore in interface JackrabbitAccessControlList

Parameters:

srcEntry - The access control entry to be moved within the list.

destEntry - The entry before which the srcEntry will be moved.

Throws:

AccessControlException - If any of the given entries is invalid or cannot be handled by the implementation.

UnsupportedRepositoryOperationException - If ordering is not supported.

RepositoryException - If another error occurs.

See Also:

JackrabbitAccessControlList.orderBefore(javax.jcr.security.AccessControlEntry, javax.jcr.security.AccessControlEntry)

getAccessControlEntries

public AccessControlEntry[] getAccessControlEntries()
                                             throws RepositoryException

Specified by:

getAccessControlEntries in interface AccessControlList

Throws:

RepositoryException

See Also:

AccessControlList.getAccessControlEntries()

addAccessControlEntry

public boolean addAccessControlEntry(Principal principal,
                                     Privilege[] privileges)
                              throws AccessControlException,
                                     RepositoryException

Specified by:

addAccessControlEntry in interface AccessControlList

Throws:

AccessControlException

RepositoryException

See Also:

AccessControlList.addAccessControlEntry(java.security.Principal , javax.jcr.security.Privilege[])