AccessControlProvider (Apache Jackrabbit 2.14.10 API)

All Known Implementing Classes:

AbstractAccessControlProvider, ACLProvider, ACLProvider, CombinedProvider, UserAccessControlProvider
```
public interface AccessControlProvider
```
The AccessControlProvider is used to provide access control policy and entry objects that apply to an item in a single workspace. The provider is bound to a system session in contrast to the AccessControlManager that is bound to a specific session/subject.
Please note following additional special conditions:
- The detection of access control policy/entries is an implementation detail. They may be resource based or retrieved by other means.
- An access control policy/entry may be inherited across the item hierarchy. The details are left to the implementation
- If no policy can be determined for a particular Item the implementation must return some implementation specific default policy.
- Transient (NEW) items created within a regular Session object are unknown to and cannot be handled by the AccessControlProvider.
- If the item id passed to the corresponding calls doesn't point to an existing item, ItemNotFoundException will be thrown. It is therefore recommended to evaluate the id of the closest not-new ancestor node before calling any methods on the provider.
- Changes to access control policy and entries made through the AccessControlEditor are not effective unless they are persisted by calling Session.save() on the session that has been used to obtain the editor.
See Also:

AccessControlProviderFactory

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`boolean`	`canAccessRoot(Set<Principal> principals)` Returns `true` if the given set of principals can access the root node of the workspace this provider has been built for; `false` otherwise.
`void`	`close()` Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider.
`CompiledPermissions`	`compilePermissions(Set<Principal> principals)` Compiles the effective policy for the specified set of `Principal`s.
`AccessControlEditor`	`getEditor(Session session)` Returns an `AccessControlEditor` for the given Session object or `null` if the implementation does not support editing of access control policies.
`AccessControlPolicy[]`	`getEffectivePolicies(Path absPath, CompiledPermissions permissions)` Returns the effective policies for the node at the given absPath.
`AccessControlPolicy[]`	`getEffectivePolicies(Set<Principal> principals, CompiledPermissions permissions)` Returns the effective policies for the given principals.
`void`	`init(Session systemSession, Map configuration)` Allows the `AccessControlProviderFactory` to pass a session and configuration parameters to the `AccessControlProvider`.
`boolean`	`isLive()` Returns `true`, if this provider is still alive and able to evaluate permissions; `false` otherwise.

- Method Detail
  - init
```
void init(Session systemSession,
          Map configuration)
   throws RepositoryException
```
    Allows the AccessControlProviderFactory to pass a session and configuration parameters to the AccessControlProvider.
    
    Parameters:
    
    systemSession - System session.
    
    configuration - Configuration used to initialize this provider.
    
    Throws:
    
    RepositoryException - If an error occurs.
  - close
```
void close()
```
    Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider.
  - isLive
```
boolean isLive()
```
    Returns true, if this provider is still alive and able to evaluate permissions; false otherwise.
    
    Returns:
    
    true, if this provider is still alive and able to evaluate permissions; false otherwise.
  - getEffectivePolicies
```
AccessControlPolicy[] getEffectivePolicies(Path absPath,
                                           CompiledPermissions permissions)
                                    throws ItemNotFoundException,
                                           RepositoryException
```
    Returns the effective policies for the node at the given absPath.
    
    Parameters:
    
    absPath - an absolute path.
    
    permissions - The effective permissions of the editing sessions that attempts to view the effective policies.
    
    Returns:
    
    The effective policies that apply at absPath or an empty array if the implementation cannot determine the effective policy at the given path.
    
    Throws:
    
    ItemNotFoundException - If no Node with the specified absPath exists.
    
    RepositoryException - If another error occurs.
    
    See Also:
    
    AccessControlManager.getEffectivePolicies(String)
  - getEffectivePolicies
```
AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals,
                                           CompiledPermissions permissions)
                                    throws RepositoryException
```
    Returns the effective policies for the given principals.
    
    Parameters:
    
    principals - A set of principal.
    
    permissions - The effective permissions of the editing sessions that attempts to view the effective policies. @return The effective policies that are in effect for the given principal or an empty array.
    
    Throws:
    
    RepositoryException - If error occurs.
    
    See Also:
    
    JackrabbitAccessControlManager.getEffectivePolicies(Set)
  - getEditor
```
AccessControlEditor getEditor(Session session)
                       throws RepositoryException
```
    Returns an AccessControlEditor for the given Session object or null if the implementation does not support editing of access control policies.
    
    Parameters:
    
    session - The editing session.
    
    Returns:
    
    the ACL editor or null.
    
    Throws:
    
    RepositoryException - If an error occurs.
  - compilePermissions
```
CompiledPermissions compilePermissions(Set<Principal> principals)
                                throws RepositoryException
```
    Compiles the effective policy for the specified set of Principals.
    
    Parameters:
    
    principals - Set of principals to compile the permissions for. If the order of evaluating permissions for principals is meaningful, the caller should pass a Set that respects the order of insertion.
    
    Returns:
    
    The effective, compiled CompiledPolicy that applies for the specified set of principals.
    
    Throws:
    
    RepositoryException - If an error occurs.
  - canAccessRoot
```
boolean canAccessRoot(Set<Principal> principals)
               throws RepositoryException
```
    Returns true if the given set of principals can access the root node of the workspace this provider has been built for; false otherwise.
    
    Parameters:
    
    principals - Set of principals to be tested for being allowed to access the root node.
    
    Returns:
    
    true if the given set of principals can access the root node of the workspace this provider has been built for; false otherwise.
    
    Throws:
    
    RepositoryException - If an error occurs.

Interface AccessControlProvider

Method Summary

Method Detail

init

close

isLive

getEffectivePolicies

getEffectivePolicies

getEditor

compilePermissions

canAccessRoot