Class AbstractAccessControlProvider
- java.lang.Object
-
- org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider
-
- All Implemented Interfaces:
AccessControlConstants
,AccessControlProvider
,AccessControlUtils
- Direct Known Subclasses:
ACLProvider
,ACLProvider
,CombinedProvider
,UserAccessControlProvider
public abstract class AbstractAccessControlProvider extends Object implements AccessControlProvider, AccessControlUtils, AccessControlConstants
AbstractAccessControlProvider
...
-
-
Field Summary
Fields Modifier and Type Field Description protected ObservationManager
observationMgr
static String
PARAM_OMIT_DEFAULT_PERMISSIONS
Constant for the name of the configuration option "omit-default-permission".protected PrivilegeManagerImpl
privilegeManager
protected SessionImpl
session
the system session this provider has been created for.-
Fields inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlConstants
N_ACCESSCONTROL, N_POLICY, N_REPO_POLICY, NT_REP_ACCESS_CONTROL, NT_REP_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_PRINCIPAL_ACCESS_CONTROL, NT_REP_REPO_ACCESS_CONTROLLABLE, P_GLOB, P_PRINCIPAL_NAME, P_PRIVILEGES
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
AbstractAccessControlProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
checkInitialized()
ThrowsIllegalStateException
if the provider has not been initialized or has been closed.void
close()
Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider.protected CompiledPermissions
getAdminPermissions()
Returns compiled permissions for the administrator i.e.protected PrivilegeManagerImpl
getPrivilegeManagerImpl()
protected CompiledPermissions
getReadOnlyPermissions()
Returns compiled permissions for a read-only user i.e.void
init(Session systemSession, Map configuration)
Tests if the givensystemSession
is a SessionImpl and retrieves the observation manager.boolean
isAcItem(ItemImpl item)
Test if the given node is itself a rep:ACL or a rep:ACE node.boolean
isAcItem(Path absPath)
Test if the specified path points to an item that defines AC information.boolean
isAdminOrSystem(Set<Principal> principals)
Test if the specified set of principals contains an admin or system principal.boolean
isLive()
Returnstrue
, if this provider is still alive and able to evaluate permissions;false
otherwise.boolean
isReadOnly(Set<Principal> principals)
Test if if the specified set of principals will have read-only permissions only.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlProvider
canAccessRoot, compilePermissions, getEditor, getEffectivePolicies, getEffectivePolicies
-
-
-
-
Field Detail
-
PARAM_OMIT_DEFAULT_PERMISSIONS
public static final String PARAM_OMIT_DEFAULT_PERMISSIONS
Constant for the name of the configuration option "omit-default-permission". The option is a flag indicating whether default permissions should be created upon initialization of this provider.If this option is present in the configuration no initial ACL content is created.
If this configuration option is omitted the default permissions are installed. Note however, that the initialization should not overwrite previously installed AC content.- See Also:
- Constant Field Values
-
session
protected SessionImpl session
the system session this provider has been created for.
-
observationMgr
protected ObservationManager observationMgr
-
privilegeManager
protected PrivilegeManagerImpl privilegeManager
-
-
Method Detail
-
checkInitialized
protected void checkInitialized()
ThrowsIllegalStateException
if the provider has not been initialized or has been closed.
-
getPrivilegeManagerImpl
protected PrivilegeManagerImpl getPrivilegeManagerImpl() throws RepositoryException
- Returns:
- the PrivilegeManager
- Throws:
RepositoryException
-
getAdminPermissions
protected CompiledPermissions getAdminPermissions()
Returns compiled permissions for the administrator i.e. permissions that grants everything and returns the int representation ofPrivilege.JCR_ALL
uponCompiledPermissions.getPrivileges(Path)
for all paths.- Returns:
- an implementation of
CompiledPermissions
that grants everything and always returns the int representation ofPrivilege.JCR_ALL
uponCompiledPermissions.getPrivileges(Path)
.
-
getReadOnlyPermissions
protected CompiledPermissions getReadOnlyPermissions()
Returns compiled permissions for a read-only user i.e. permissions that grants READ permission for all non-AC items.- Returns:
- an implementation of
CompiledPermissions
that grants READ permission for all non-AC items.
-
isAcItem
public boolean isAcItem(Path absPath) throws RepositoryException
Description copied from interface:AccessControlUtils
Test if the specified path points to an item that defines AC information.- Specified by:
isAcItem
in interfaceAccessControlUtils
- Parameters:
absPath
- Path to an item.- Returns:
- true if the item at the specified
absPath
contains access control information. - Throws:
RepositoryException
- If an error occurs.- See Also:
AccessControlUtils.isAcItem(Path)
-
isAcItem
public boolean isAcItem(ItemImpl item) throws RepositoryException
Test if the given node is itself a rep:ACL or a rep:ACE node.- Specified by:
isAcItem
in interfaceAccessControlUtils
- Parameters:
item
- An item.- Returns:
- true if the item at the specified
item
defines access control related information is should therefore be considered protected. - Throws:
RepositoryException
- If an error occurs.- See Also:
AccessControlUtils.isAcItem(org.apache.jackrabbit.core.ItemImpl)
-
isAdminOrSystem
public boolean isAdminOrSystem(Set<Principal> principals)
Description copied from interface:AccessControlUtils
Test if the specified set of principals contains an admin or system principal.- Specified by:
isAdminOrSystem
in interfaceAccessControlUtils
- Parameters:
principals
- A set of principals.- Returns:
- true if the specified set of principals contains an
AdminPrincipal
or aSystemPrincipal
. - See Also:
AccessControlUtils.isAdminOrSystem(Set)
-
isReadOnly
public boolean isReadOnly(Set<Principal> principals)
Description copied from interface:AccessControlUtils
Test if if the specified set of principals will have read-only permissions only. False otherwise (or if it cannot be determined from the principal set only).- Specified by:
isReadOnly
in interfaceAccessControlUtils
- Parameters:
principals
- A set of principals.- Returns:
- true if the specified set of principals will only be granted read permission on all items.
- See Also:
AccessControlUtils.isReadOnly(Set)
-
init
public void init(Session systemSession, Map configuration) throws RepositoryException
Tests if the givensystemSession
is a SessionImpl and retrieves the observation manager. The it sets the internal 'initialized' field to true.- Specified by:
init
in interfaceAccessControlProvider
- Parameters:
systemSession
- System session.configuration
- Configuration used to initialize this provider.- Throws:
RepositoryException
- If the specified session is not aSessionImpl
or if retrieving the observation manager fails.- See Also:
AccessControlProvider.init(Session, Map)
-
close
public void close()
Description copied from interface:AccessControlProvider
Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider.- Specified by:
close
in interfaceAccessControlProvider
- See Also:
AccessControlProvider.close()
-
isLive
public boolean isLive()
Description copied from interface:AccessControlProvider
Returnstrue
, if this provider is still alive and able to evaluate permissions;false
otherwise.- Specified by:
isLive
in interfaceAccessControlProvider
- Returns:
true
, if this provider is still alive and able to evaluate permissions;false
otherwise.- See Also:
AccessControlProvider.isLive()
-
-