Package org.apache.jackrabbit.core.security

Interface AccessManager

  • All Known Implementing Classes:
    DefaultAccessManager, SimpleAccessManager
    public interface AccessManager
    The AccessManager can be queried to determines whether privileges are granted on a specific item.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int READ
      Deprecated. 
      static int REMOVE
      Deprecated. 
      static int WRITE
      Deprecated. 

    • Method Summary

      All Methods Instance Methods Abstract Methods Deprecated Methods 
      Modifier and Type Method Description
      boolean canAccess​(String workspaceName)
      Determines whether the subject of the current context is granted access to the given workspace.
      boolean canRead​(Path itemPath, ItemId itemId)
      Determines whether the item with the specified itemPath or itemId can be read.
      void checkPermission​(ItemId id, int permissions)
      Deprecated. 
      void checkPermission​(Path absPath, int permissions)
      Determines whether the specified permissions are granted on the item with the specified id (i.e.
      void checkRepositoryPermission​(int permissions)
      Determines whether the specified permissions are granted on the repository level.
      void close()
      Close this access manager.
      void init​(AMContext context)
      Initialize this access manager.
      void init​(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessMgr)
      Initialize this access manager.
      boolean isGranted​(ItemId id, int permissions)
      Deprecated. 
      boolean isGranted​(Path absPath, int permissions)
      Determines whether the specified permissions are granted on the item with the specified absPath (i.e.
      boolean isGranted​(Path parentPath, Name childName, int permissions)
      Determines whether the specified permissions are granted on an item represented by the combination of the given parentPath and childName (i.e.

    • Method Detail

      • init

        void init​(AMContext context)
   throws AccessDeniedException,
          Exception
        Initialize this access manager. An AccessDeniedException will be thrown if the subject of the given context is not granted access to the specified workspace.
        Parameters:
        context - access manager context
        Throws:
        AccessDeniedException - if the subject is not granted access to the specified workspace.
        Exception - if another error occurs

      • init

        void init​(AMContext context,
          AccessControlProvider acProvider,
          WorkspaceAccessManager wspAccessMgr)
   throws AccessDeniedException,
          Exception
        Initialize this access manager. An AccessDeniedException will be thrown if the subject of the given context is not granted access to the specified workspace.
        Parameters:
        context - access manager context.
        acProvider - The access control provider.
        wspAccessMgr - The workspace access manager.
        Throws:
        AccessDeniedException - if the subject is not granted access to the specified workspace.
        Exception - if another error occurs

      • close

        void close()
    throws Exception
        Close this access manager. After having closed an access manager, further operations on this object are treated as illegal and throw
        Throws:
        Exception - if an error occurs

      • checkPermission

        void checkPermission​(Path absPath,
                     int permissions)
              throws AccessDeniedException,
                     RepositoryException
        Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).
        Parameters:
        absPath - Path to an item.
        permissions - A combination of one or more of the Permission constants encoded as a bitmask value.
        Throws:
        AccessDeniedException - if permission is denied
        RepositoryException - it another error occurs

      • isGranted

        @Deprecated
boolean isGranted​(ItemId id,
                  int permissions)
           throws ItemNotFoundException,
                  RepositoryException
        Deprecated.
        Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).
        Parameters:
        id - the id of the target item
        permissions - A combination of one or more of the following constants encoded as a bitmask value:
        • READ
        • WRITE
        • REMOVE
        Returns:
        true if permission is granted; otherwise false
        Throws:
        ItemNotFoundException - if the target item does not exist
        RepositoryException - if another error occurs

      • isGranted

        boolean isGranted​(Path absPath,
                  int permissions)
           throws RepositoryException
        Determines whether the specified permissions are granted on the item with the specified absPath (i.e. the target item, that may or may not yet exist).
        Parameters:
        absPath - the absolute path to test
        permissions - A combination of one or more of the Permission constants encoded as a bitmask value.
        Returns:
        true if the specified permissions are granted; otherwise false.
        Throws:
        RepositoryException - if an error occurs.

      • isGranted

        boolean isGranted​(Path parentPath,
                  Name childName,
                  int permissions)
           throws RepositoryException
        Determines whether the specified permissions are granted on an item represented by the combination of the given parentPath and childName (i.e. the target item, that may or may not yet exist).
        Parameters:
        parentPath - Path to an existing parent node.
        childName - Name of the child item that may or may not exist yet.
        permissions - A combination of one or more of the Permission constants encoded as a bitmask value.
        Returns:
        true if the specified permissions are granted; otherwise false.
        Throws:
        RepositoryException - if an error occurs.

      • canRead

        boolean canRead​(Path itemPath,
                ItemId itemId)
         throws RepositoryException
        Determines whether the item with the specified itemPath or itemId can be read. Either of the two parameters may be null.
        Note, that this method should only be called for persisted items as NEW items may not be visible to the permission evaluation. For new items isGranted(Path, int) should be used instead.

        If this method is called with both Path and ItemId it is left to the evaluation, which parameter is used.

        Parameters:
        itemPath - The path to the item or null if itemId should be used to determine the READ permission.
        itemId - Id of the item to be tested or null if the itemPath should be used to determine the permission.
        Returns:
        true if the item can be read; otherwise false.
        Throws:
        RepositoryException - if the item is NEW and only an itemId is specified or if another error occurs.

      • canAccess

        boolean canAccess​(String workspaceName)
           throws RepositoryException
        Determines whether the subject of the current context is granted access to the given workspace. Note that an implementation is free to test for the existence of a workspace with the specified name. In this case the expected return value is false, if no such workspace exists.
        Parameters:
        workspaceName - name of workspace
        Returns:
        true if the subject of the current context is granted access to the given workspace; otherwise false.
        Throws:
        RepositoryException - if an error occurs.