Class AbstractAccessControlProvider
- java.lang.Object
-
- org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider
-
- All Implemented Interfaces:
AccessControlConstants,AccessControlProvider,AccessControlUtils
- Direct Known Subclasses:
ACLProvider,ACLProvider,CombinedProvider,UserAccessControlProvider
public abstract class AbstractAccessControlProvider extends Object implements AccessControlProvider, AccessControlUtils, AccessControlConstants
AbstractAccessControlProvider...
-
-
Field Summary
Fields Modifier and Type Field Description protected ObservationManagerobservationMgrstatic StringPARAM_OMIT_DEFAULT_PERMISSIONSConstant for the name of the configuration option "omit-default-permission".protected PrivilegeManagerImplprivilegeManagerprotected SessionImplsessionthe system session this provider has been created for.-
Fields inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlConstants
N_ACCESSCONTROL, N_POLICY, N_REPO_POLICY, NT_REP_ACCESS_CONTROL, NT_REP_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_PRINCIPAL_ACCESS_CONTROL, NT_REP_REPO_ACCESS_CONTROLLABLE, P_GLOB, P_PRINCIPAL_NAME, P_PRIVILEGES
-
-
Constructor Summary
Constructors Modifier Constructor Description protectedAbstractAccessControlProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidcheckInitialized()ThrowsIllegalStateExceptionif the provider has not been initialized or has been closed.voidclose()Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider.protected CompiledPermissionsgetAdminPermissions()Returns compiled permissions for the administrator i.e.protected PrivilegeManagerImplgetPrivilegeManagerImpl()protected CompiledPermissionsgetReadOnlyPermissions()Returns compiled permissions for a read-only user i.e.voidinit(Session systemSession, Map configuration)Tests if the givensystemSessionis a SessionImpl and retrieves the observation manager.booleanisAcItem(ItemImpl item)Test if the given node is itself a rep:ACL or a rep:ACE node.booleanisAcItem(Path absPath)Test if the specified path points to an item that defines AC information.booleanisAdminOrSystem(Set<Principal> principals)Test if the specified set of principals contains an admin or system principal.booleanisLive()Returnstrue, if this provider is still alive and able to evaluate permissions;falseotherwise.booleanisReadOnly(Set<Principal> principals)Test if if the specified set of principals will have read-only permissions only.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlProvider
canAccessRoot, compilePermissions, getEditor, getEffectivePolicies, getEffectivePolicies
-
-
-
-
Field Detail
-
PARAM_OMIT_DEFAULT_PERMISSIONS
public static final String PARAM_OMIT_DEFAULT_PERMISSIONS
Constant for the name of the configuration option "omit-default-permission". The option is a flag indicating whether default permissions should be created upon initialization of this provider.If this option is present in the configuration no initial ACL content is created.
If this configuration option is omitted the default permissions are installed. Note however, that the initialization should not overwrite previously installed AC content.- See Also:
- Constant Field Values
-
session
protected SessionImpl session
the system session this provider has been created for.
-
observationMgr
protected ObservationManager observationMgr
-
privilegeManager
protected PrivilegeManagerImpl privilegeManager
-
-
Method Detail
-
checkInitialized
protected void checkInitialized()
ThrowsIllegalStateExceptionif the provider has not been initialized or has been closed.
-
getPrivilegeManagerImpl
protected PrivilegeManagerImpl getPrivilegeManagerImpl() throws RepositoryException
- Returns:
- the PrivilegeManager
- Throws:
RepositoryException
-
getAdminPermissions
protected CompiledPermissions getAdminPermissions()
Returns compiled permissions for the administrator i.e. permissions that grants everything and returns the int representation ofPrivilege.JCR_ALLuponCompiledPermissions.getPrivileges(Path)for all paths.- Returns:
- an implementation of
CompiledPermissionsthat grants everything and always returns the int representation ofPrivilege.JCR_ALLuponCompiledPermissions.getPrivileges(Path).
-
getReadOnlyPermissions
protected CompiledPermissions getReadOnlyPermissions()
Returns compiled permissions for a read-only user i.e. permissions that grants READ permission for all non-AC items.- Returns:
- an implementation of
CompiledPermissionsthat grants READ permission for all non-AC items.
-
isAcItem
public boolean isAcItem(Path absPath) throws RepositoryException
Description copied from interface:AccessControlUtilsTest if the specified path points to an item that defines AC information.- Specified by:
isAcItemin interfaceAccessControlUtils- Parameters:
absPath- Path to an item.- Returns:
- true if the item at the specified
absPathcontains access control information. - Throws:
RepositoryException- If an error occurs.- See Also:
AccessControlUtils.isAcItem(Path)
-
isAcItem
public boolean isAcItem(ItemImpl item) throws RepositoryException
Test if the given node is itself a rep:ACL or a rep:ACE node.- Specified by:
isAcItemin interfaceAccessControlUtils- Parameters:
item- An item.- Returns:
- true if the item at the specified
itemdefines access control related information is should therefore be considered protected. - Throws:
RepositoryException- If an error occurs.- See Also:
AccessControlUtils.isAcItem(org.apache.jackrabbit.core.ItemImpl)
-
isAdminOrSystem
public boolean isAdminOrSystem(Set<Principal> principals)
Description copied from interface:AccessControlUtilsTest if the specified set of principals contains an admin or system principal.- Specified by:
isAdminOrSystemin interfaceAccessControlUtils- Parameters:
principals- A set of principals.- Returns:
- true if the specified set of principals contains an
AdminPrincipalor aSystemPrincipal. - See Also:
AccessControlUtils.isAdminOrSystem(Set)
-
isReadOnly
public boolean isReadOnly(Set<Principal> principals)
Description copied from interface:AccessControlUtilsTest if if the specified set of principals will have read-only permissions only. False otherwise (or if it cannot be determined from the principal set only).- Specified by:
isReadOnlyin interfaceAccessControlUtils- Parameters:
principals- A set of principals.- Returns:
- true if the specified set of principals will only be granted read permission on all items.
- See Also:
AccessControlUtils.isReadOnly(Set)
-
init
public void init(Session systemSession, Map configuration) throws RepositoryException
Tests if the givensystemSessionis a SessionImpl and retrieves the observation manager. The it sets the internal 'initialized' field to true.- Specified by:
initin interfaceAccessControlProvider- Parameters:
systemSession- System session.configuration- Configuration used to initialize this provider.- Throws:
RepositoryException- If the specified session is not aSessionImplor if retrieving the observation manager fails.- See Also:
AccessControlProvider.init(Session, Map)
-
close
public void close()
Description copied from interface:AccessControlProviderCloses this provider when it is no longer used by the respective workspace and release resources bound by this provider.- Specified by:
closein interfaceAccessControlProvider- See Also:
AccessControlProvider.close()
-
isLive
public boolean isLive()
Description copied from interface:AccessControlProviderReturnstrue, if this provider is still alive and able to evaluate permissions;falseotherwise.- Specified by:
isLivein interfaceAccessControlProvider- Returns:
true, if this provider is still alive and able to evaluate permissions;falseotherwise.- See Also:
AccessControlProvider.isLive()
-
-