public abstract class AbstractAccessControlProvider extends Object implements AccessControlProvider, AccessControlUtils, AccessControlConstants
AbstractAccessControlProvider
...Modifier and Type | Field and Description |
---|---|
protected ObservationManager |
observationMgr |
static String |
PARAM_OMIT_DEFAULT_PERMISSIONS
Constant for the name of the configuration option "omit-default-permission".
|
protected PrivilegeManagerImpl |
privilegeManager |
protected SessionImpl |
session
the system session this provider has been created for.
|
N_ACCESSCONTROL, N_POLICY, N_REPO_POLICY, NT_REP_ACCESS_CONTROL, NT_REP_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_PRINCIPAL_ACCESS_CONTROL, NT_REP_REPO_ACCESS_CONTROLLABLE, P_GLOB, P_PRINCIPAL_NAME, P_PRIVILEGES
Modifier | Constructor and Description |
---|---|
protected |
AbstractAccessControlProvider() |
Modifier and Type | Method and Description |
---|---|
protected void |
checkInitialized()
Throws
IllegalStateException if the provider has not
been initialized or has been closed. |
void |
close()
Closes this provider when it is no longer used by the respective
workspace and release resources bound by this provider.
|
protected CompiledPermissions |
getAdminPermissions()
Returns compiled permissions for the administrator i.e.
|
protected PrivilegeManagerImpl |
getPrivilegeManagerImpl() |
protected CompiledPermissions |
getReadOnlyPermissions()
Returns compiled permissions for a read-only user i.e.
|
void |
init(Session systemSession,
Map configuration)
Tests if the given
systemSession is a SessionImpl and
retrieves the observation manager. |
boolean |
isAcItem(ItemImpl item)
Test if the given node is itself a rep:ACL or a rep:ACE node.
|
boolean |
isAcItem(Path absPath)
Test if the specified path points to an item that defines AC
information.
|
boolean |
isAdminOrSystem(Set<Principal> principals)
Test if the specified set of principals contains an admin or system
principal.
|
boolean |
isLive()
Returns
true , if this provider is still alive and able to
evaluate permissions; false otherwise. |
boolean |
isReadOnly(Set<Principal> principals)
Test if if the specified set of principals will have read-only permissions
only.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
canAccessRoot, compilePermissions, getEditor, getEffectivePolicies, getEffectivePolicies
public static final String PARAM_OMIT_DEFAULT_PERMISSIONS
If this option is present in the configuration no initial ACL content
is created.
If this configuration option is omitted the default permissions are
installed. Note however, that the initialization should not overwrite
previously installed AC content.
protected SessionImpl session
protected ObservationManager observationMgr
protected PrivilegeManagerImpl privilegeManager
protected void checkInitialized()
IllegalStateException
if the provider has not
been initialized or has been closed.protected PrivilegeManagerImpl getPrivilegeManagerImpl() throws RepositoryException
RepositoryException
protected CompiledPermissions getAdminPermissions()
Privilege.JCR_ALL
upon CompiledPermissions.getPrivileges(Path)
for all
paths.CompiledPermissions
that
grants everything and always returns the int representation of
Privilege.JCR_ALL
upon CompiledPermissions.getPrivileges(Path)
.protected CompiledPermissions getReadOnlyPermissions()
CompiledPermissions
that
grants READ permission for all non-AC items.public boolean isAcItem(Path absPath) throws RepositoryException
AccessControlUtils
isAcItem
in interface AccessControlUtils
absPath
- Path to an item.absPath
contains
access control information.RepositoryException
- If an error occurs.AccessControlUtils.isAcItem(Path)
public boolean isAcItem(ItemImpl item) throws RepositoryException
isAcItem
in interface AccessControlUtils
item
- An item.item
defines
access control related information is should therefore be considered
protected.RepositoryException
- If an error occurs.AccessControlUtils.isAcItem(org.apache.jackrabbit.core.ItemImpl)
public boolean isAdminOrSystem(Set<Principal> principals)
AccessControlUtils
isAdminOrSystem
in interface AccessControlUtils
principals
- A set of principals.AdminPrincipal
or a SystemPrincipal
.AccessControlUtils.isAdminOrSystem(Set)
public boolean isReadOnly(Set<Principal> principals)
AccessControlUtils
isReadOnly
in interface AccessControlUtils
principals
- A set of principals.AccessControlUtils.isReadOnly(Set)
public void init(Session systemSession, Map configuration) throws RepositoryException
systemSession
is a SessionImpl and
retrieves the observation manager. The it sets the internal 'initialized'
field to true.init
in interface AccessControlProvider
systemSession
- System session.configuration
- Configuration used to initialize this provider.RepositoryException
- If the specified session is not a
SessionImpl
or if retrieving the observation manager fails.AccessControlProvider.init(Session, Map)
public void close()
AccessControlProvider
close
in interface AccessControlProvider
AccessControlProvider.close()
public boolean isLive()
AccessControlProvider
true
, if this provider is still alive and able to
evaluate permissions; false
otherwise.isLive
in interface AccessControlProvider
true
, if this provider is still alive and able to
evaluate permissions; false
otherwise.AccessControlProvider.isLive()
Copyright © 2004–2022 The Apache Software Foundation. All rights reserved.