org.apache.jackrabbit.core.security.principal

Class DefaultPrincipalProvider

java.lang.Object

org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider

org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider

All Implemented Interfaces:

EventListener, SynchronousEventListener, PrincipalProvider

public class DefaultPrincipalProvider
extends AbstractPrincipalProvider
implements SynchronousEventListener

Provides principals for the users contained within the Repository.

Each Authorizable accessible via UserManager is respected and the provider serves Principals retrieved from those Authorizable objects.

In addition this provider exposes the everyone principal, which has no content (user/group) representation.

Unless explicitly configured (see negative entry option this implementation of the PrincipalProvider interface caches both positive and negative (null) results of the providePrincipal(java.lang.String) method. The cache is kept up to date by observation listening to creation and removal of users and groups.

Membership cache:
In addition to the caching provided by AbstractPrincipalProvider this implementation keeps an extra membership cache, which is notified in case of changes made to the members of any group.

Field Summary

Fields inherited from class org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider

MAXSIZE_KEY, NEGATIVE_ENTRY_KEY

Constructor Summary

Constructors

Constructor and Description
DefaultPrincipalProvider(Session systemSession, UserManagerImpl systemUserManager) Creates a new DefaultPrincipalProvider reading the principals from the storage below the given security root node.

Method Summary

Modifier and Type	Method and Description
boolean	canReadPrincipal(Session session, Principal principal) Tests if the provided session is allowed to read the given principal.
void	close() Clears the cache and calls the implementation to close their resources
PrincipalIterator	findPrincipals(String simpleFilter) Searches for Principals that match the given String.
PrincipalIterator	findPrincipals(String simpleFilter, int searchType) Searches for Principals that match the given String.
PrincipalIterator	getGroupMembership(Principal userPrincipal) Returns an iterator over all group principals for which the given principal is either direct or indirect member of.
PrincipalIterator	getPrincipals(int searchType) Returns an iterator over all principals that match the given search type.
void	init(Properties options) Sets the AbstractPrincipalProvider.NEGATIVE_ENTRY_KEY option value to true if it isn't included yet in the passed options, before calling the init method of the base class.
void	onEvent(EventIterator eventIterator)
protected Principal	providePrincipal(String principalName) Called if the cache does not contain the principal requested. Implementations should return a Principal from their source, if it contains one for the given name or null.

Methods inherited from class org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider

addToCache, checkInitialized, clearCache, getPrincipal

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultPrincipalProvider

public DefaultPrincipalProvider(Session systemSession,
                                UserManagerImpl systemUserManager)
                         throws RepositoryException

Creates a new DefaultPrincipalProvider reading the principals from the storage below the given security root node.

Parameters:

systemSession - for repository access.

systemUserManager - Used to retrieve the principals.

Throws:

RepositoryException - if an error accessing the repository occurs.

Method Detail

providePrincipal

protected Principal providePrincipal(String principalName)

Called if the cache does not contain the principal requested.
Implementations should return a Principal from their source, if it contains one for the given name or null.

This implementation uses the user and node resolver to find the appropriate nodes.

Specified by:

providePrincipal in class AbstractPrincipalProvider

Parameters:

principalName - Name of the principal to be returned.

Returns:

Principal or null, if non provided for the given name

See Also:

AbstractPrincipalProvider.getPrincipal(String)

init

public void init(Properties options)

Sets the AbstractPrincipalProvider.NEGATIVE_ENTRY_KEY option value to true if it isn't included yet in the passed options, before calling the init method of the base class.

Specified by:

init in interface PrincipalProvider

Overrides:

init in class AbstractPrincipalProvider

Parameters:

options -

See Also:

PrincipalProvider.init(java.util.Properties)

findPrincipals

public PrincipalIterator findPrincipals(String simpleFilter)

Description copied from interface: PrincipalProvider

Searches for Principals that match the given String. NOTE: Groups are included in the search result.

Specified by:

findPrincipals in interface PrincipalProvider

Returns:

See Also:

PrincipalProvider.findPrincipals(String)

findPrincipals

public PrincipalIterator findPrincipals(String simpleFilter,
                                        int searchType)

Description copied from interface: PrincipalProvider

Searches for Principals that match the given String.

Specified by:

findPrincipals in interface PrincipalProvider

searchType - searchType Any of the following constants:

• PrincipalManager.SEARCH_TYPE_ALL
• PrincipalManager.SEARCH_TYPE_GROUP
• PrincipalManager.SEARCH_TYPE_NOT_GROUP

Returns:

See Also:

PrincipalProvider.findPrincipals(String, int)

getPrincipals

public PrincipalIterator getPrincipals(int searchType)

Description copied from interface: PrincipalProvider

Returns an iterator over all principals that match the given search type.

Specified by:

getPrincipals in interface PrincipalProvider

Parameters:

searchType - Any of the following search types:

• PrincipalManager.SEARCH_TYPE_GROUP
• PrincipalManager.SEARCH_TYPE_NOT_GROUP
• PrincipalManager.SEARCH_TYPE_ALL

Returns:

an iterator over all principals that match the given search type.

See Also:

PrincipalProvider.getPrincipals(int), PrincipalProvider.getPrincipals(int)

getGroupMembership

public PrincipalIterator getGroupMembership(Principal userPrincipal)

Description copied from interface: PrincipalProvider

Returns an iterator over all group principals for which the given principal is either direct or indirect member of. If a principal is a direct member of a group, then Group.isMember(Principal) evaluates to true. A principal is an indirect member of a group if any of its groups (to any degree of separation) is direct member of the group.

Example:
If Principal is member of Group A, and Group A is member of Group B, this method will return Group A and Group B.

Specified by:

getGroupMembership in interface PrincipalProvider

Parameters:

userPrincipal - the principal to return it's membership from.

Returns:

an iterator returning all groups the given principal is member of.

See Also:

PrincipalProvider.getGroupMembership(Principal)

close

public void close()

Description copied from class: AbstractPrincipalProvider

Clears the cache and calls the implementation to close their resources

Specified by:

close in interface PrincipalProvider

Overrides:

close in class AbstractPrincipalProvider

See Also:

PrincipalProvider.close()

canReadPrincipal

public boolean canReadPrincipal(Session session,
                                Principal principal)

Description copied from interface: PrincipalProvider

Tests if the provided session is allowed to read the given principal. Since the principal providers do not restrict the access on the principals they provide, this method is used by the PrincipalManger to ensure proper access rights for the client requesting the principals.

Specified by:

canReadPrincipal in interface PrincipalProvider

principal - The principal to be accessed by the specified subject.

Returns:

true if the session is allowed to read the principal; false otherwise.

See Also:

PrincipalProvider.canReadPrincipal(javax.jcr.Session,java.security.Principal)

onEvent

public void onEvent(EventIterator eventIterator)

Specified by:

onEvent in interface EventListener

See Also:

EventListener.onEvent(EventIterator)