public class DefaultPrincipalProvider extends AbstractPrincipalProvider implements SynchronousEventListener
Each Authorizable
accessible via UserManager
is respected and the provider serves Principal
s retrieved from those Authorizable
objects.
In addition this provider exposes the everyone principal, which has no content (user/group) representation.
Unless explicitly configured (see negative entry
option
this implementation of the PrincipalProvider
interface
caches both positive and negative (null) results of the providePrincipal(java.lang.String)
method. The cache is kept up to date by observation listening to creation
and removal of users and groups.
Membership cache:
In addition to the caching provided by AbstractPrincipalProvider
this implementation keeps an extra membership cache, which is notified in
case of changes made to the members of any group.
MAXSIZE_KEY, NEGATIVE_ENTRY_KEY
Constructor and Description |
---|
DefaultPrincipalProvider(Session systemSession,
UserManagerImpl systemUserManager)
Creates a new DefaultPrincipalProvider reading the principals from the
storage below the given security root node.
|
Modifier and Type | Method and Description |
---|---|
boolean |
canReadPrincipal(Session session,
Principal principal)
Tests if the provided session is allowed to read the given principal.
|
void |
close()
Clears the cache and calls the implementation to close their resources
|
org.apache.jackrabbit.api.security.principal.PrincipalIterator |
findPrincipals(String simpleFilter)
Searches for
Principal s that match the given String. |
org.apache.jackrabbit.api.security.principal.PrincipalIterator |
findPrincipals(String simpleFilter,
int searchType)
Searches for
Principal s that match the given String. |
org.apache.jackrabbit.api.security.principal.PrincipalIterator |
getGroupMembership(Principal userPrincipal)
Returns an iterator over all group principals for which the given
principal is either direct or indirect member of.
|
org.apache.jackrabbit.api.security.principal.PrincipalIterator |
getPrincipals(int searchType)
Returns an iterator over all principals that match the given search type.
|
void |
init(Properties options)
Sets the
AbstractPrincipalProvider.NEGATIVE_ENTRY_KEY option value to true if
it isn't included yet in the passed options, before calling the init
method of the base class. |
void |
onEvent(EventIterator eventIterator) |
protected Principal |
providePrincipal(String principalName)
Called if the cache does not contain the principal requested.
Implementations should return a Principal from their source,
if it contains one for the given name or null . |
addToCache, checkInitialized, clearCache, getPrincipal
public DefaultPrincipalProvider(Session systemSession, UserManagerImpl systemUserManager) throws RepositoryException
systemSession
- for repository access.systemUserManager
- Used to retrieve the principals.RepositoryException
- if an error accessing the repository occurs.protected Principal providePrincipal(String principalName)
Principal
from their source,
if it contains one for the given name or null
.
This implementation uses the user and node resolver to find the appropriate nodes.
providePrincipal
in class AbstractPrincipalProvider
principalName
- Name of the principal to be returned.AbstractPrincipalProvider.getPrincipal(String)
public void init(Properties options)
AbstractPrincipalProvider.NEGATIVE_ENTRY_KEY
option value to true
if
it isn't included yet in the passed options, before calling the init
method of the base class.init
in interface PrincipalProvider
init
in class AbstractPrincipalProvider
options
- PrincipalProvider.init(java.util.Properties)
public org.apache.jackrabbit.api.security.principal.PrincipalIterator findPrincipals(String simpleFilter)
PrincipalProvider
Principal
s that match the given String.
NOTE: Group
s are included in the search result.findPrincipals
in interface PrincipalProvider
PrincipalProvider.findPrincipals(String)
public org.apache.jackrabbit.api.security.principal.PrincipalIterator findPrincipals(String simpleFilter, int searchType)
PrincipalProvider
Principal
s that match the given String.findPrincipals
in interface PrincipalProvider
searchType
- searchType Any of the following constants:
PrincipalManager.SEARCH_TYPE_ALL
PrincipalManager.SEARCH_TYPE_GROUP
PrincipalManager.SEARCH_TYPE_NOT_GROUP
PrincipalProvider.findPrincipals(String, int)
public org.apache.jackrabbit.api.security.principal.PrincipalIterator getPrincipals(int searchType)
PrincipalProvider
getPrincipals
in interface PrincipalProvider
searchType
- Any of the following search types:
PrincipalManager.SEARCH_TYPE_GROUP
PrincipalManager.SEARCH_TYPE_NOT_GROUP
PrincipalManager.SEARCH_TYPE_ALL
PrincipalProvider.getPrincipals(int)
,
PrincipalProvider.getPrincipals(int)
public org.apache.jackrabbit.api.security.principal.PrincipalIterator getGroupMembership(Principal userPrincipal)
PrincipalProvider
GroupPrincipal.isMember(Principal)
evaluates to true
. A principal is an indirect member of a
group if any of its groups (to any degree of separation) is direct member
of the group.
Example:
If Principal is member of Group A, and Group A is member of
Group B, this method will return Group A and Group B.
getGroupMembership
in interface PrincipalProvider
userPrincipal
- the principal to return it's membership from.PrincipalProvider.getGroupMembership(Principal)
public void close()
AbstractPrincipalProvider
close
in interface PrincipalProvider
close
in class AbstractPrincipalProvider
PrincipalProvider.close()
public boolean canReadPrincipal(Session session, Principal principal)
PrincipalProvider
canReadPrincipal
in interface PrincipalProvider
principal
- The principal to be accessed by the specified subject.true
if the session is allowed to read the principal;
false
otherwise.PrincipalProvider.canReadPrincipal(javax.jcr.Session,java.security.Principal)
public void onEvent(EventIterator eventIterator)
onEvent
in interface EventListener
EventListener.onEvent(EventIterator)
Copyright © 2004–2024 The Apache Software Foundation. All rights reserved.