Class AccessControlUtils
- java.lang.Object
-
- org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
-
public class AccessControlUtils extends Object
This class provides common access control related utilities.
-
-
Constructor Summary
Constructors Constructor Description AccessControlUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static boolean
addAccessControlEntry(Session session, String absPath, Principal principal, String[] privilegeNames, boolean isAllow)
A utility method to add a new access control entry.
Please note, that callingSession.save()
is required in order to persist the changes.static boolean
addAccessControlEntry(Session session, String absPath, Principal principal, Privilege[] privileges, boolean isAllow)
A utility method to add a new access control entry.static boolean
allow(Node node, String principalName, String... privileges)
Allow certain privileges on a given node for a given principal.static boolean
clear(Node node)
Removes the access control list at a given node.static boolean
clear(Node node, String principalName)
Removes all ACL entries for a principal on a given node.static boolean
clear(Session session, String absPath)
Removes the access control list at the specified absolute path.static boolean
clear(Session session, String absPath, String principalName)
Removes all ACL entries for a principal at a given absolute path.static boolean
deny(Node node, String principalName, String... privileges)
Deny certain privileges on a node for a given principal.static boolean
denyAllToEveryone(Session session, String absPath)
Utility to deny jcr:all privilege to the everyone group principal.static JackrabbitAccessControlList
getAccessControlList(AccessControlManager accessControlManager, String absPath)
Utility that combinesAccessControlManager.getApplicablePolicies(String)
andAccessControlManager.getPolicies(String)
to retrieve a modifiableJackrabbitAccessControlList
for the given path.
Note that the policy must bereapplied
and the changes must be saved in order to make the AC modifications take effect.static JackrabbitAccessControlList
getAccessControlList(Session session, String absPath)
Utility that combinesAccessControlManager.getApplicablePolicies(String)
andAccessControlManager.getPolicies(String)
to retrieve a modifiableJackrabbitAccessControlList
for the given path.
Note that the policy must bereapplied
and the changes must be saved in order to make the AC modifications take effect.static Principal
getEveryonePrincipal(Session session)
Shortcut for callingPrincipalManager.getEveryone()
.static Principal
getPrincipal(Session session, String principalName)
Retrieves the principal with the specifiedprincipalName
.static boolean
grantAllToEveryone(Session session, String absPath)
Utility to grant jcr:all privilege to the everyone group principal.static String[]
namesFromPrivileges(Privilege... privileges)
Retrieves the names of the specified privileges.static Privilege[]
privilegesFromNames(AccessControlManager accessControlManager, String... privilegeNames)
Retrieves thePrivilege
s from the specified privilege names.static Privilege[]
privilegesFromNames(Session session, String... privilegeNames)
Retrieves thePrivilege
s from the specified privilege names.
-
-
-
Method Detail
-
privilegesFromNames
public static Privilege[] privilegesFromNames(Session session, String... privilegeNames) throws RepositoryException
Retrieves thePrivilege
s from the specified privilege names.- Parameters:
session
- The editing session.privilegeNames
- The privilege names.- Returns:
- An array of privileges.
- Throws:
RepositoryException
- If an error occurs or ifprivilegeNames
contains an unknown/invalid privilege name.
-
privilegesFromNames
public static Privilege[] privilegesFromNames(AccessControlManager accessControlManager, String... privilegeNames) throws RepositoryException
Retrieves thePrivilege
s from the specified privilege names.- Parameters:
accessControlManager
- The access control manager.privilegeNames
- The privilege names.- Returns:
- An array of privileges.
- Throws:
RepositoryException
- If an error occurs or ifprivilegeNames
contains an unknown/invalid privilege name.
-
namesFromPrivileges
public static String[] namesFromPrivileges(Privilege... privileges)
Retrieves the names of the specified privileges.- Parameters:
privileges
- One or more privileges.- Returns:
- The names of the specified privileges.
-
getAccessControlList
public static JackrabbitAccessControlList getAccessControlList(Session session, String absPath) throws RepositoryException
Utility that combinesAccessControlManager.getApplicablePolicies(String)
andAccessControlManager.getPolicies(String)
to retrieve a modifiableJackrabbitAccessControlList
for the given path.
Note that the policy must bereapplied
and the changes must be saved in order to make the AC modifications take effect.- Parameters:
session
- The editing session.absPath
- The absolute path of the target node.- Returns:
- A modifiable access control list or null if there is none.
- Throws:
RepositoryException
- If an error occurs.
-
getAccessControlList
public static JackrabbitAccessControlList getAccessControlList(AccessControlManager accessControlManager, String absPath) throws RepositoryException
Utility that combinesAccessControlManager.getApplicablePolicies(String)
andAccessControlManager.getPolicies(String)
to retrieve a modifiableJackrabbitAccessControlList
for the given path.
Note that the policy must bereapplied
and the changes must be saved in order to make the AC modifications take effect.- Parameters:
accessControlManager
- TheAccessControlManager
.absPath
- The absolute path of the target node.- Returns:
- A modifiable access control list or null if there is none.
- Throws:
RepositoryException
- If an error occurs.
-
addAccessControlEntry
public static boolean addAccessControlEntry(Session session, String absPath, Principal principal, String[] privilegeNames, boolean isAllow) throws RepositoryException
A utility method to add a new access control entry.
Please note, that callingSession.save()
is required in order to persist the changes.- Parameters:
session
- The editing session.absPath
- The absolute path of the target node.principal
- The principal to grant/deny privileges to.privilegeNames
- The names of the privileges to grant or deny.isAllow
-true
to grant;false
otherwise.- Returns:
true
if the node's ACL was modified and the session has pending changes.- Throws:
RepositoryException
- If an error occurs.
-
addAccessControlEntry
public static boolean addAccessControlEntry(Session session, String absPath, Principal principal, Privilege[] privileges, boolean isAllow) throws RepositoryException
A utility method to add a new access control entry. Please note, that a call toSession.save()
is required in order to persist the changes.- Parameters:
session
- The editing sessionabsPath
- The absolute path of the target node.principal
- The principal to grant/deny privileges to.privileges
- The privileges to grant or denyisAllow
-true
to grant;false
otherwise;- Returns:
true
if the node's ACL was modified and the session has pending changes.- Throws:
RepositoryException
- If an error occurs.
-
grantAllToEveryone
public static boolean grantAllToEveryone(Session session, String absPath) throws RepositoryException
Utility to grant jcr:all privilege to the everyone group principal. Please note, thatSession.save()
is required in order to persist the changes.- Parameters:
session
- The editing session.absPath
- The absolute path of the target node- Returns:
true
if the node's access control list was modified;false
otherwise;- Throws:
RepositoryException
- If an error occurs.
-
denyAllToEveryone
public static boolean denyAllToEveryone(Session session, String absPath) throws RepositoryException
Utility to deny jcr:all privilege to the everyone group principal. Please note, thatSession.save()
is required in order to persist the changes.- Parameters:
session
- The editing session.absPath
- The absolute path of the target node- Returns:
true
if the node's access control list was modified;false
otherwise;- Throws:
RepositoryException
- If an error occurs.
-
allow
public static boolean allow(Node node, String principalName, String... privileges) throws RepositoryException
Allow certain privileges on a given node for a given principal.To activate the ACL change, session.save() must be called.
- Parameters:
node
- node to set the resource-based ACL entry on; underlying session is used to write the ACLprincipalName
- Name of the principal for which the ACL entry should applyprivileges
- list of privileges to set by name (seePrivilege
)- Returns:
true
if the node's ACL was modified and the session has pending changes.- Throws:
RepositoryException
- If an unexpected repository error occurs
-
deny
public static boolean deny(Node node, String principalName, String... privileges) throws RepositoryException
Deny certain privileges on a node for a given principal.To activate the ACL change, session.save() must be called.
- Parameters:
node
- node to set the resource-based ACL entry on; underlying session is used to write the ACLprincipalName
- Name of the principal for which the ACL entry should applyprivileges
- list of privileges to set by name (seePrivilege
)- Returns:
true
if the node's ACL was modified and the session has pending changes.- Throws:
RepositoryException
- If an unexpected repository error occurs
-
clear
public static boolean clear(Session session, String absPath, String principalName) throws RepositoryException
Removes all ACL entries for a principal at a given absolute path. If the specifiedprincipalName
isnull
the policy will be removed altogether.Modifications only take effect upon
Session.save()
.- Parameters:
session
- The editing session.absPath
- Absolute path of an existing node from which to remove ACL entries (or the policy)principalName
- Name of the principal whose entries should be removed; usenull
to clear the policy.- Returns:
true
if the policy has been modified;false
otherwise.- Throws:
RepositoryException
- If an unexpected repository error occurs
-
clear
public static boolean clear(Node node, String principalName) throws RepositoryException
Removes all ACL entries for a principal on a given node.Modification to the policy only take effect upon
Session.save()
must be called.- Parameters:
node
- node from which to remove ACL entries; underlying session is used to write the changesprincipalName
- Name of the principal whose entries should be removed; usenull
to clear the policy altogether.- Returns:
true
if the node's ACL was modified,false
otherwise.- Throws:
RepositoryException
- If an unexpected repository error occurs
-
clear
public static boolean clear(Node node) throws RepositoryException
Removes the access control list at a given node.To persist the modifications,
Session.save()
must be called.- Parameters:
node
- node from which to remove the ACL; underlying session is used to write the changes- Returns:
true
if the node's ACL was removed,false
otherwise.- Throws:
RepositoryException
- If an unexpected repository error occurs
-
clear
public static boolean clear(Session session, String absPath) throws RepositoryException
Removes the access control list at the specified absolute path.To persist the modification, session.save() must be called.
- Parameters:
session
- The editing session.absPath
- An absolute path of a valid node accessible to the editing session from which to remove the ACL.- Returns:
true
if the node's ACL got removed,false
otherwise.- Throws:
RepositoryException
- If an unexpected repository error occurs
-
getPrincipal
public static Principal getPrincipal(Session session, String principalName) throws RepositoryException
Retrieves the principal with the specifiedprincipalName
. Shortcut for callingPrincipalManager.getPrincipal(String)
.- Parameters:
session
- The editing session which must be aJackrabbitSession
.principalName
- The name of the principal.- Returns:
- The principal with the specified name or
null
if no such principal exists. - Throws:
RepositoryException
- If an error occurs or if the session is not aJackrabbitSession
.
-
getEveryonePrincipal
public static Principal getEveryonePrincipal(Session session) throws RepositoryException
Shortcut for callingPrincipalManager.getEveryone()
.- Parameters:
session
- The editing session which must be aJackrabbitSession
.- Returns:
- The group principal presenting everyone.
- Throws:
RepositoryException
- If an error occurs or if the session is not aJackrabbitSession
.
-
-