Class DefaultAccessManager
- java.lang.Object
-
- org.apache.jackrabbit.core.security.AbstractAccessControlManager
-
- org.apache.jackrabbit.core.security.DefaultAccessManager
-
- All Implemented Interfaces:
AccessControlManager,JackrabbitAccessControlManager,AccessManager
public class DefaultAccessManager extends AbstractAccessControlManager implements AccessManager
TheDefaultAccessManagercontrols access by evaluating access control policies for theSubjectattached to theSessionthis manager has been built for.Please note the following exceptional situations:
This manager allows all privileges for a particular item if- the Session's represents a system session or a session associated with the repository's administrator
It allows to access all available workspaces if
- no
WorkspaceAccessManageris defined.
How access control policies are matched to a particular item is defined by the
AccessControlProviderset to this AccessManager.- See Also:
AccessManager,AccessControlManager
-
-
Field Summary
-
Fields inherited from interface org.apache.jackrabbit.core.security.AccessManager
READ, REMOVE, WRITE
-
-
Constructor Summary
Constructors Constructor Description DefaultAccessManager()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleancanAccess(String workspaceName)Determines whether the subject of the current context is granted access to the given workspace.booleancanRead(Path itemPath, ItemId itemId)Determines whether the item with the specifieditemPathoritemIdcan be read.protected voidcheckInitialized()Check if this manager has been properly initialized.protected voidcheckPermission(String absPath, int permission)Check if the specified privileges are granted atabsPath.voidcheckPermission(ItemId id, int permissions)Determines whether the specifiedpermissionsare granted on the item with the specifiedid(i.e.voidcheckPermission(Path absPath, int permissions)Determines whether the specifiedpermissionsare granted on the item with the specifiedid(i.e.voidcheckRepositoryPermission(int permissions)Determines whether the specifiedpermissionsare granted on the repository level.protected voidcheckValidNodePath(String absPath)Tests if the givenabsPathis absolute and points to an existing node.voidclose()Close this access manager.AccessControlPolicyIteratorgetApplicablePolicies(String absPath)Returns an empty iterator.JackrabbitAccessControlPolicy[]getApplicablePolicies(Principal principal)AccessControlPolicy[]getEffectivePolicies(String absPath)AccessControlPolicy[]getEffectivePolicies(Set<Principal> principals)AccessControlPolicy[]getPolicies(String absPath)Returnsnull.JackrabbitAccessControlPolicy[]getPolicies(Principal principal)protected PrivilegeManagergetPrivilegeManager()Privilege[]getPrivileges(String absPath)Privilege[]getPrivileges(String absPath, Set<Principal> principals)booleanhasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges)booleanhasPrivileges(String absPath, Privilege[] privileges)voidinit(AMContext amContext)Initialize this access manager.voidinit(AMContext amContext, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager)Initialize this access manager.booleanisGranted(ItemId id, int actions)Determines whether the specifiedpermissionsare granted on the item with the specifiedid(i.e.booleanisGranted(Path absPath, int permissions)Determines whether the specifiedpermissionsare granted on the item with the specifiedabsPath(i.e.booleanisGranted(Path parentPath, Name childName, int permissions)Determines whether the specifiedpermissionsare granted on an item represented by the combination of the givenparentPathandchildName(i.e.voidremovePolicy(String absPath, AccessControlPolicy policy)Always throwsAccessControlExceptionvoidsetPolicy(String absPath, AccessControlPolicy policy)Always throwsAccessControlException-
Methods inherited from class org.apache.jackrabbit.core.security.AbstractAccessControlManager
getSupportedPrivileges, privilegeFromName
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
getEffectivePolicies, getPrivilegeCollection, getPrivilegeCollection, privilegeCollectionFromNames
-
-
-
-
Method Detail
-
init
public void init(AMContext amContext) throws AccessDeniedException, Exception
Description copied from interface:AccessManagerInitialize this access manager. AnAccessDeniedExceptionwill be thrown if the subject of the givencontextis not granted access to the specified workspace.- Specified by:
initin interfaceAccessManager- Parameters:
amContext- access manager context- Throws:
AccessDeniedException- if the subject is not granted access to the specified workspace.Exception- if another error occurs- See Also:
AccessManager.init(AMContext)
-
init
public void init(AMContext amContext, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager) throws AccessDeniedException, Exception
Description copied from interface:AccessManagerInitialize this access manager. AnAccessDeniedExceptionwill be thrown if the subject of the givencontextis not granted access to the specified workspace.- Specified by:
initin interfaceAccessManager- Parameters:
amContext- access manager context.acProvider- The access control provider.wspAccessManager- The workspace access manager.- Throws:
AccessDeniedException- if the subject is not granted access to the specified workspace.Exception- if another error occurs- See Also:
AccessManager.init(AMContext, AccessControlProvider, WorkspaceAccessManager)
-
close
public void close() throws ExceptionDescription copied from interface:AccessManagerClose this access manager. After having closed an access manager, further operations on this object are treated as illegal and throw- Specified by:
closein interfaceAccessManager- Throws:
Exception- if an error occurs- See Also:
AccessManager.close()
-
checkPermission
public void checkPermission(ItemId id, int permissions) throws AccessDeniedException, ItemNotFoundException, RepositoryException
Description copied from interface:AccessManagerDetermines whether the specifiedpermissionsare granted on the item with the specifiedid(i.e. the target item).- Specified by:
checkPermissionin interfaceAccessManager- Parameters:
id- the id of the target itempermissions- A combination of one or more of the following constants encoded as a bitmask value:READWRITEREMOVE
- Throws:
AccessDeniedException- if permission is deniedItemNotFoundException- if the target item does not existRepositoryException- it an error occurs- See Also:
AccessManager.checkPermission(ItemId, int)
-
checkPermission
public void checkPermission(Path absPath, int permissions) throws AccessDeniedException, RepositoryException
Description copied from interface:AccessManagerDetermines whether the specifiedpermissionsare granted on the item with the specifiedid(i.e. the target item).- Specified by:
checkPermissionin interfaceAccessManager- Parameters:
absPath- Path to an item.permissions- A combination of one or more of thePermissionconstants encoded as a bitmask value.- Throws:
AccessDeniedException- if permission is deniedRepositoryException- it another error occurs- See Also:
AccessManager.checkPermission(Path, int)
-
checkRepositoryPermission
public void checkRepositoryPermission(int permissions) throws AccessDeniedException, RepositoryExceptionDescription copied from interface:AccessManagerDetermines whether the specifiedpermissionsare granted on the repository level.- Specified by:
checkRepositoryPermissionin interfaceAccessManager- Parameters:
permissions- The permissions to check.- Throws:
AccessDeniedException- if permissions are denied.RepositoryException- if another error occurs.- See Also:
AccessManager.checkRepositoryPermission(int)
-
isGranted
public boolean isGranted(ItemId id, int actions) throws ItemNotFoundException, RepositoryException
Description copied from interface:AccessManagerDetermines whether the specifiedpermissionsare granted on the item with the specifiedid(i.e. the target item).- Specified by:
isGrantedin interfaceAccessManager- Parameters:
id- the id of the target itemactions- A combination of one or more of the following constants encoded as a bitmask value:READWRITEREMOVE
- Returns:
trueif permission is granted; otherwisefalse- Throws:
ItemNotFoundException- if the target item does not existRepositoryException- if another error occurs- See Also:
AccessManager.isGranted(ItemId, int)
-
isGranted
public boolean isGranted(Path absPath, int permissions) throws RepositoryException
Description copied from interface:AccessManagerDetermines whether the specifiedpermissionsare granted on the item with the specifiedabsPath(i.e. the target item, that may or may not yet exist).- Specified by:
isGrantedin interfaceAccessManager- Parameters:
absPath- the absolute path to testpermissions- A combination of one or more of thePermissionconstants encoded as a bitmask value.- Returns:
trueif the specified permissions are granted; otherwisefalse.- Throws:
RepositoryException- if an error occurs.- See Also:
AccessManager.isGranted(Path, int)
-
isGranted
public boolean isGranted(Path parentPath, Name childName, int permissions) throws RepositoryException
Description copied from interface:AccessManagerDetermines whether the specifiedpermissionsare granted on an item represented by the combination of the givenparentPathandchildName(i.e. the target item, that may or may not yet exist).- Specified by:
isGrantedin interfaceAccessManager- Parameters:
parentPath- Path to an existing parent node.childName- Name of the child item that may or may not exist yet.permissions- A combination of one or more of thePermissionconstants encoded as a bitmask value.- Returns:
trueif the specified permissions are granted; otherwisefalse.- Throws:
RepositoryException- if an error occurs.- See Also:
AccessManager.isGranted(Path, Name, int)
-
canRead
public boolean canRead(Path itemPath, ItemId itemId) throws RepositoryException
Description copied from interface:AccessManagerDetermines whether the item with the specifieditemPathoritemIdcan be read. Either of the two parameters may benull.
Note, that this method should only be called for persisted items as NEW items may not be visible to the permission evaluation. For new itemsAccessManager.isGranted(Path, int)should be used instead.If this method is called with both Path and ItemId it is left to the evaluation, which parameter is used.
- Specified by:
canReadin interfaceAccessManager- Parameters:
itemPath- The path to the item ornullif itemId should be used to determine the READ permission.itemId- Id of the item to be tested ornullif the itemPath should be used to determine the permission.- Returns:
trueif the item can be read; otherwisefalse.- Throws:
RepositoryException- if the item is NEW and only an itemId is specified or if another error occurs.- See Also:
AccessManager.canRead(org.apache.jackrabbit.spi.Path,org.apache.jackrabbit.core.id.ItemId)
-
canAccess
public boolean canAccess(String workspaceName) throws RepositoryException
Description copied from interface:AccessManagerDetermines whether the subject of the current context is granted access to the given workspace. Note that an implementation is free to test for the existence of a workspace with the specified name. In this case the expected return value isfalse, if no such workspace exists.- Specified by:
canAccessin interfaceAccessManager- Parameters:
workspaceName- name of workspace- Returns:
trueif the subject of the current context is granted access to the given workspace; otherwisefalse.- Throws:
RepositoryException- if an error occurs.- See Also:
AccessManager.canAccess(String)
-
hasPrivileges
public boolean hasPrivileges(String absPath, Privilege[] privileges) throws PathNotFoundException, RepositoryException
- Specified by:
hasPrivilegesin interfaceAccessControlManager- Throws:
PathNotFoundExceptionRepositoryException- See Also:
AccessControlManager.hasPrivileges(String, Privilege[])
-
getPrivileges
public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException
- Specified by:
getPrivilegesin interfaceAccessControlManager- Throws:
PathNotFoundExceptionRepositoryException- See Also:
AccessControlManager.getPrivileges(String)
-
getPolicies
public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException
Description copied from class:AbstractAccessControlManagerReturnsnull.- Specified by:
getPoliciesin interfaceAccessControlManager- Overrides:
getPoliciesin classAbstractAccessControlManager- Parameters:
absPath- Path to an existing node.- Returns:
- always returns
null. - Throws:
PathNotFoundExceptionAccessDeniedExceptionRepositoryException- See Also:
AccessControlManager.getPolicies(String)
-
getEffectivePolicies
public AccessControlPolicy[] getEffectivePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException
- Specified by:
getEffectivePoliciesin interfaceAccessControlManager- Throws:
PathNotFoundExceptionAccessDeniedExceptionRepositoryException- See Also:
AccessControlManager.getEffectivePolicies(String)
-
getApplicablePolicies
public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException
Description copied from class:AbstractAccessControlManagerReturns an empty iterator.- Specified by:
getApplicablePoliciesin interfaceAccessControlManager- Overrides:
getApplicablePoliciesin classAbstractAccessControlManager- Parameters:
absPath- Path to an existing node.- Returns:
- always returns an empty iterator.
- Throws:
PathNotFoundExceptionAccessDeniedExceptionRepositoryException- See Also:
AccessControlManager.getApplicablePolicies(String)
-
setPolicy
public void setPolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException
Description copied from class:AbstractAccessControlManagerAlways throwsAccessControlException- Specified by:
setPolicyin interfaceAccessControlManager- Overrides:
setPolicyin classAbstractAccessControlManager- Throws:
PathNotFoundExceptionAccessControlExceptionAccessDeniedExceptionRepositoryException- See Also:
AccessControlManager.setPolicy(String, AccessControlPolicy)
-
removePolicy
public void removePolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException
Description copied from class:AbstractAccessControlManagerAlways throwsAccessControlException- Specified by:
removePolicyin interfaceAccessControlManager- Overrides:
removePolicyin classAbstractAccessControlManager- Throws:
PathNotFoundExceptionAccessControlExceptionAccessDeniedExceptionRepositoryException- See Also:
AccessControlManager.removePolicy(String, AccessControlPolicy)
-
getApplicablePolicies
public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
- Specified by:
getApplicablePoliciesin interfaceJackrabbitAccessControlManager- Overrides:
getApplicablePoliciesin classAbstractAccessControlManager- Throws:
AccessDeniedExceptionAccessControlExceptionUnsupportedRepositoryOperationExceptionRepositoryException- See Also:
JackrabbitAccessControlManager.getApplicablePolicies(Principal)
-
getPolicies
public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
- Specified by:
getPoliciesin interfaceJackrabbitAccessControlManager- Overrides:
getPoliciesin classAbstractAccessControlManager- Throws:
AccessDeniedExceptionAccessControlExceptionUnsupportedRepositoryOperationExceptionRepositoryException- See Also:
JackrabbitAccessControlManager.getPolicies(Principal)
-
getEffectivePolicies
public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
-
hasPrivileges
public boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges) throws PathNotFoundException, RepositoryException
- Specified by:
hasPrivilegesin interfaceJackrabbitAccessControlManager- Throws:
PathNotFoundExceptionRepositoryException- See Also:
JackrabbitAccessControlManager.hasPrivileges(String, Set, Privilege[])
-
getPrivileges
public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, RepositoryException
- Specified by:
getPrivilegesin interfaceJackrabbitAccessControlManager- Throws:
PathNotFoundExceptionRepositoryException- See Also:
JackrabbitAccessControlManager.getPrivileges(String, Set)
-
checkInitialized
protected void checkInitialized()
Description copied from class:AbstractAccessControlManagerCheck if this manager has been properly initialized.- Specified by:
checkInitializedin classAbstractAccessControlManager- See Also:
AbstractAccessControlManager.checkInitialized()
-
checkValidNodePath
protected void checkValidNodePath(String absPath) throws PathNotFoundException, RepositoryException
Description copied from class:AbstractAccessControlManagerTests if the givenabsPathis absolute and points to an existing node.- Specified by:
checkValidNodePathin classAbstractAccessControlManager- Parameters:
absPath- Path to an existing node.- Throws:
PathNotFoundException- if no node atabsPathexists or the session does not have privilege to retrieve the node.RepositoryException- If the givenabsPathis not absolute or if some other error occurs.- See Also:
AbstractAccessControlManager.checkValidNodePath(String)
-
checkPermission
protected void checkPermission(String absPath, int permission) throws AccessDeniedException, RepositoryException
Description copied from class:AbstractAccessControlManagerCheck if the specified privileges are granted atabsPath.- Specified by:
checkPermissionin classAbstractAccessControlManager- Parameters:
absPath- Path to an existing node.permission- Permissions to be checked.- Throws:
AccessDeniedException- if the session does not have the specified privileges.PathNotFoundException- if no node exists atabsPathof if the session does not have the permission to READ it.RepositoryException- If another error occurs.- See Also:
AbstractAccessControlManager.checkPermission(String,int)
-
getPrivilegeManager
protected PrivilegeManager getPrivilegeManager() throws RepositoryException
- Specified by:
getPrivilegeManagerin classAbstractAccessControlManager- Returns:
- the privilege manager
- Throws:
RepositoryException- If another error occurs.- See Also:
AbstractAccessControlManager.getPrivilegeManager()
-
-