Class AccessControlUtils


  • public class AccessControlUtils
    extends Object
    This class provides common access control related utilities.
    • Constructor Detail

      • AccessControlUtils

        public AccessControlUtils()
    • Method Detail

      • privilegesFromNames

        public static Privilege[] privilegesFromNames​(Session session,
                                                      String... privilegeNames)
                                               throws RepositoryException
        Retrieves the Privileges from the specified privilege names.
        Parameters:
        session - The editing session.
        privilegeNames - The privilege names.
        Returns:
        An array of privileges.
        Throws:
        RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.
      • privilegesFromNames

        public static Privilege[] privilegesFromNames​(AccessControlManager accessControlManager,
                                                      String... privilegeNames)
                                               throws RepositoryException
        Retrieves the Privileges from the specified privilege names.
        Parameters:
        accessControlManager - The access control manager.
        privilegeNames - The privilege names.
        Returns:
        An array of privileges.
        Throws:
        RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.
      • namesFromPrivileges

        public static String[] namesFromPrivileges​(Privilege... privileges)
        Retrieves the names of the specified privileges.
        Parameters:
        privileges - One or more privileges.
        Returns:
        The names of the specified privileges.
      • addAccessControlEntry

        public static boolean addAccessControlEntry​(Session session,
                                                    String absPath,
                                                    Principal principal,
                                                    String[] privilegeNames,
                                                    boolean isAllow)
                                             throws RepositoryException
        A utility method to add a new access control entry.
        Please note, that calling Session.save() is required in order to persist the changes.
        Parameters:
        session - The editing session.
        absPath - The absolute path of the target node.
        principal - The principal to grant/deny privileges to.
        privilegeNames - The names of the privileges to grant or deny.
        isAllow - true to grant; false otherwise.
        Returns:
        true if the node's ACL was modified and the session has pending changes.
        Throws:
        RepositoryException - If an error occurs.
      • addAccessControlEntry

        public static boolean addAccessControlEntry​(Session session,
                                                    String absPath,
                                                    Principal principal,
                                                    Privilege[] privileges,
                                                    boolean isAllow)
                                             throws RepositoryException
        A utility method to add a new access control entry. Please note, that a call to Session.save() is required in order to persist the changes.
        Parameters:
        session - The editing session
        absPath - The absolute path of the target node.
        principal - The principal to grant/deny privileges to.
        privileges - The privileges to grant or deny
        isAllow - true to grant; false otherwise;
        Returns:
        true if the node's ACL was modified and the session has pending changes.
        Throws:
        RepositoryException - If an error occurs.
      • grantAllToEveryone

        public static boolean grantAllToEveryone​(Session session,
                                                 String absPath)
                                          throws RepositoryException
        Utility to grant jcr:all privilege to the everyone group principal. Please note, that Session.save() is required in order to persist the changes.
        Parameters:
        session - The editing session.
        absPath - The absolute path of the target node
        Returns:
        true if the node's access control list was modified; false otherwise;
        Throws:
        RepositoryException - If an error occurs.
      • denyAllToEveryone

        public static boolean denyAllToEveryone​(Session session,
                                                String absPath)
                                         throws RepositoryException
        Utility to deny jcr:all privilege to the everyone group principal. Please note, that Session.save() is required in order to persist the changes.
        Parameters:
        session - The editing session.
        absPath - The absolute path of the target node
        Returns:
        true if the node's access control list was modified; false otherwise;
        Throws:
        RepositoryException - If an error occurs.
      • allow

        public static boolean allow​(Node node,
                                    String principalName,
                                    String... privileges)
                             throws RepositoryException
        Allow certain privileges on a given node for a given principal.

        To activate the ACL change, session.save() must be called.

        Parameters:
        node - node to set the resource-based ACL entry on; underlying session is used to write the ACL
        principalName - Name of the principal for which the ACL entry should apply
        privileges - list of privileges to set by name (see Privilege)
        Returns:
        true if the node's ACL was modified and the session has pending changes.
        Throws:
        RepositoryException - If an unexpected repository error occurs
      • deny

        public static boolean deny​(Node node,
                                   String principalName,
                                   String... privileges)
                            throws RepositoryException
        Deny certain privileges on a node for a given principal.

        To activate the ACL change, session.save() must be called.

        Parameters:
        node - node to set the resource-based ACL entry on; underlying session is used to write the ACL
        principalName - Name of the principal for which the ACL entry should apply
        privileges - list of privileges to set by name (see Privilege)
        Returns:
        true if the node's ACL was modified and the session has pending changes.
        Throws:
        RepositoryException - If an unexpected repository error occurs
      • clear

        public static boolean clear​(Session session,
                                    String absPath,
                                    String principalName)
                             throws RepositoryException
        Removes all ACL entries for a principal at a given absolute path. If the specified principalName is null the policy will be removed altogether.

        Modifications only take effect upon Session.save().

        Parameters:
        session - The editing session.
        absPath - Absolute path of an existing node from which to remove ACL entries (or the policy)
        principalName - Name of the principal whose entries should be removed; use null to clear the policy.
        Returns:
        true if the policy has been modified; false otherwise.
        Throws:
        RepositoryException - If an unexpected repository error occurs
      • clear

        public static boolean clear​(Node node,
                                    String principalName)
                             throws RepositoryException
        Removes all ACL entries for a principal on a given node.

        Modification to the policy only take effect upon Session.save() must be called.

        Parameters:
        node - node from which to remove ACL entries; underlying session is used to write the changes
        principalName - Name of the principal whose entries should be removed; use null to clear the policy altogether.
        Returns:
        true if the node's ACL was modified, false otherwise.
        Throws:
        RepositoryException - If an unexpected repository error occurs
      • clear

        public static boolean clear​(Node node)
                             throws RepositoryException
        Removes the access control list at a given node.

        To persist the modifications, Session.save() must be called.

        Parameters:
        node - node from which to remove the ACL; underlying session is used to write the changes
        Returns:
        true if the node's ACL was removed, false otherwise.
        Throws:
        RepositoryException - If an unexpected repository error occurs
      • clear

        public static boolean clear​(Session session,
                                    String absPath)
                             throws RepositoryException
        Removes the access control list at the specified absolute path.

        To persist the modification, session.save() must be called.

        Parameters:
        session - The editing session.
        absPath - An absolute path of a valid node accessible to the editing session from which to remove the ACL.
        Returns:
        true if the node's ACL got removed, false otherwise.
        Throws:
        RepositoryException - If an unexpected repository error occurs
      • getPrincipal

        public static Principal getPrincipal​(Session session,
                                             String principalName)
                                      throws RepositoryException
        Retrieves the principal with the specified principalName. Shortcut for calling PrincipalManager.getPrincipal(String).
        Parameters:
        session - The editing session which must be a JackrabbitSession.
        principalName - The name of the principal.
        Returns:
        The principal with the specified name or null if no such principal exists.
        Throws:
        RepositoryException - If an error occurs or if the session is not a JackrabbitSession.