public class AccessControlUtils extends Object
Constructor and Description |
---|
AccessControlUtils() |
Modifier and Type | Method and Description |
---|---|
static boolean |
addAccessControlEntry(Session session,
String absPath,
Principal principal,
Privilege[] privileges,
boolean isAllow)
A utility method to add a new access control entry.
|
static boolean |
addAccessControlEntry(Session session,
String absPath,
Principal principal,
String[] privilegeNames,
boolean isAllow)
A utility method to add a new access control entry.
Please note, that calling Session.save() is required
in order to persist the changes. |
static boolean |
allow(Node node,
String principalName,
String... privileges)
Allow certain privileges on a given node for a given principal.
|
static boolean |
clear(Node node)
Removes the access control list at a given node.
|
static boolean |
clear(Node node,
String principalName)
Removes all ACL entries for a principal on a given node.
|
static boolean |
clear(Session session,
String absPath)
Removes the access control list at the specified absolute path.
|
static boolean |
clear(Session session,
String absPath,
String principalName)
Removes all ACL entries for a principal at a given absolute path.
|
static boolean |
deny(Node node,
String principalName,
String... privileges)
Deny certain privileges on a node for a given principal.
|
static boolean |
denyAllToEveryone(Session session,
String absPath)
Utility to deny jcr:all privilege to the everyone group principal.
|
static org.apache.jackrabbit.api.security.JackrabbitAccessControlList |
getAccessControlList(AccessControlManager accessControlManager,
String absPath)
Utility that combines
AccessControlManager.getApplicablePolicies(String)
and AccessControlManager.getPolicies(String) to retrieve
a modifiable JackrabbitAccessControlList for the given path.Note that the policy must be reapplied
and the changes must be saved in order to make the AC modifications take
effect. |
static org.apache.jackrabbit.api.security.JackrabbitAccessControlList |
getAccessControlList(Session session,
String absPath)
Utility that combines
AccessControlManager.getApplicablePolicies(String)
and AccessControlManager.getPolicies(String) to retrieve
a modifiable JackrabbitAccessControlList for the given path.Note that the policy must be reapplied
and the changes must be saved in order to make the AC modifications take
effect. |
static Principal |
getEveryonePrincipal(Session session)
Shortcut for calling
PrincipalManager.getEveryone() . |
static Principal |
getPrincipal(Session session,
String principalName)
Retrieves the principal with the specified
principalName . |
static boolean |
grantAllToEveryone(Session session,
String absPath)
Utility to grant jcr:all privilege to the everyone group principal.
|
static String[] |
namesFromPrivileges(Privilege... privileges)
Retrieves the names of the specified privileges.
|
static Privilege[] |
privilegesFromNames(AccessControlManager accessControlManager,
String... privilegeNames)
Retrieves the
Privilege s from the specified privilege names. |
static Privilege[] |
privilegesFromNames(Session session,
String... privilegeNames)
Retrieves the
Privilege s from the specified privilege names. |
public static Privilege[] privilegesFromNames(Session session, String... privilegeNames) throws RepositoryException
Privilege
s from the specified privilege names.session
- The editing session.privilegeNames
- The privilege names.RepositoryException
- If an error occurs or if privilegeNames
contains an unknown/invalid privilege name.public static Privilege[] privilegesFromNames(AccessControlManager accessControlManager, String... privilegeNames) throws RepositoryException
Privilege
s from the specified privilege names.accessControlManager
- The access control manager.privilegeNames
- The privilege names.RepositoryException
- If an error occurs or if privilegeNames
contains an unknown/invalid privilege name.public static String[] namesFromPrivileges(Privilege... privileges)
privileges
- One or more privileges.public static org.apache.jackrabbit.api.security.JackrabbitAccessControlList getAccessControlList(Session session, String absPath) throws RepositoryException
AccessControlManager.getApplicablePolicies(String)
and AccessControlManager.getPolicies(String)
to retrieve
a modifiable JackrabbitAccessControlList
for the given path.reapplied
and the changes must be saved in order to make the AC modifications take
effect.session
- The editing session.absPath
- The absolute path of the target node.RepositoryException
- If an error occurs.public static org.apache.jackrabbit.api.security.JackrabbitAccessControlList getAccessControlList(AccessControlManager accessControlManager, String absPath) throws RepositoryException
AccessControlManager.getApplicablePolicies(String)
and AccessControlManager.getPolicies(String)
to retrieve
a modifiable JackrabbitAccessControlList
for the given path.reapplied
and the changes must be saved in order to make the AC modifications take
effect.accessControlManager
- The AccessControlManager
.absPath
- The absolute path of the target node.RepositoryException
- If an error occurs.public static boolean addAccessControlEntry(Session session, String absPath, Principal principal, String[] privilegeNames, boolean isAllow) throws RepositoryException
Session.save()
is required
in order to persist the changes.session
- The editing session.absPath
- The absolute path of the target node.principal
- The principal to grant/deny privileges to.privilegeNames
- The names of the privileges to grant or deny.isAllow
- true
to grant; false
otherwise.true
if the node's ACL was modified and the session has
pending changes.RepositoryException
- If an error occurs.public static boolean addAccessControlEntry(Session session, String absPath, Principal principal, Privilege[] privileges, boolean isAllow) throws RepositoryException
Session.save()
is required in order
to persist the changes.session
- The editing sessionabsPath
- The absolute path of the target node.principal
- The principal to grant/deny privileges to.privileges
- The privileges to grant or denyisAllow
- true
to grant; false
otherwise;true
if the node's ACL was modified and the session has
pending changes.RepositoryException
- If an error occurs.public static boolean grantAllToEveryone(Session session, String absPath) throws RepositoryException
Session.save()
is required in order
to persist the changes.session
- The editing session.absPath
- The absolute path of the target nodetrue
if the node's access control list was modified;
false
otherwise;RepositoryException
- If an error occurs.public static boolean denyAllToEveryone(Session session, String absPath) throws RepositoryException
Session.save()
is required in order
to persist the changes.session
- The editing session.absPath
- The absolute path of the target nodetrue
if the node's access control list was modified;
false
otherwise;RepositoryException
- If an error occurs.public static boolean allow(Node node, String principalName, String... privileges) throws RepositoryException
To activate the ACL change, session.save() must be called.
node
- node to set the resource-based ACL entry on; underlying session is used to write the ACLprincipalName
- Name of the principal for which the ACL entry should applyprivileges
- list of privileges to set by name (see Privilege
)true
if the node's ACL was modified and the session has pending changes.RepositoryException
- If an unexpected repository error occurspublic static boolean deny(Node node, String principalName, String... privileges) throws RepositoryException
To activate the ACL change, session.save() must be called.
node
- node to set the resource-based ACL entry on; underlying session is used to write the ACLprincipalName
- Name of the principal for which the ACL entry should applyprivileges
- list of privileges to set by name (see Privilege
)true
if the node's ACL was modified and the session has pending changes.RepositoryException
- If an unexpected repository error occurspublic static boolean clear(Session session, String absPath, String principalName) throws RepositoryException
principalName
is null
the policy will be removed altogether.
Modifications only take effect upon Session.save()
.
session
- The editing session.absPath
- Absolute path of an existing node from which to remove ACL entries (or the policy)principalName
- Name of the principal whose entries should be removed;
use null
to clear the policy.true
if the policy has been modified; false
otherwise.RepositoryException
- If an unexpected repository error occurspublic static boolean clear(Node node, String principalName) throws RepositoryException
Modification to the policy only take effect upon Session.save()
must be called.
node
- node from which to remove ACL entries; underlying session is used to write the changesprincipalName
- Name of the principal whose entries should be removed; use null
to clear the policy altogether.true
if the node's ACL was modified, false
otherwise.RepositoryException
- If an unexpected repository error occurspublic static boolean clear(Node node) throws RepositoryException
To persist the modifications, Session.save()
must be called.
node
- node from which to remove the ACL; underlying session is used to write the changestrue
if the node's ACL was removed, false
otherwise.RepositoryException
- If an unexpected repository error occurspublic static boolean clear(Session session, String absPath) throws RepositoryException
To persist the modification, session.save() must be called.
session
- The editing session.absPath
- An absolute path of a valid node accessible to the editing session from which to remove the ACL.true
if the node's ACL got removed, false
otherwise.RepositoryException
- If an unexpected repository error occurspublic static Principal getPrincipal(Session session, String principalName) throws RepositoryException
principalName
. Shortcut
for calling PrincipalManager.getPrincipal(String)
.session
- The editing session which must be a JackrabbitSession
.principalName
- The name of the principal.null
if no such principal exists.RepositoryException
- If an error occurs or if the session is not a JackrabbitSession
.public static Principal getEveryonePrincipal(Session session) throws RepositoryException
PrincipalManager.getEveryone()
.session
- The editing session which must be a JackrabbitSession
.RepositoryException
- If an error occurs or if the session is not a JackrabbitSession
.Copyright © 2004–2024 The Apache Software Foundation. All rights reserved.