Interface AccessControlProvider
-
- All Known Implementing Classes:
AbstractAccessControlProvider
,ACLProvider
,ACLProvider
,CombinedProvider
,UserAccessControlProvider
public interface AccessControlProvider
The AccessControlProvider is used to provide access control policy and entry objects that apply to an item in a single workspace. The provider is bound to a system session in contrast to theAccessControlManager
that is bound to a specific session/subject.Please note following additional special conditions:
- The detection of access control policy/entries is an implementation detail. They may be resource based or retrieved by other means.
- An access control policy/entry may be inherited across the item hierarchy. The details are left to the implementation
- If no policy can be determined for a particular Item the implementation must return some implementation specific default policy.
- Transient (NEW) items created within a regular Session object are unknown
to and cannot be handled by the
AccessControlProvider
. - If the item id passed to the corresponding calls doesn't point to an
existing item,
ItemNotFoundException
will be thrown. It is therefore recommended to evaluate the id of the closest not-new ancestor node before calling any methods on the provider. - Changes to access control policy and entries made through the
AccessControlEditor
are not effective unless they are persisted by callingSession.save()
on the session that has been used to obtain the editor.
- See Also:
AccessControlProviderFactory
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
canAccessRoot(Set<Principal> principals)
Returnstrue
if the given set of principals can access the root node of the workspace this provider has been built for;false
otherwise.void
close()
Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider.CompiledPermissions
compilePermissions(Set<Principal> principals)
Compiles the effective policy for the specified set ofPrincipal
s.AccessControlEditor
getEditor(Session session)
Returns anAccessControlEditor
for the given Session object ornull
if the implementation does not support editing of access control policies.AccessControlPolicy[]
getEffectivePolicies(Set<Principal> principals, CompiledPermissions permissions)
Returns the effective policies for the given principals.AccessControlPolicy[]
getEffectivePolicies(Path absPath, CompiledPermissions permissions)
Returns the effective policies for the node at the given absPath.void
init(Session systemSession, Map configuration)
Allows theAccessControlProviderFactory
to pass a session and configuration parameters to theAccessControlProvider
.boolean
isLive()
Returnstrue
, if this provider is still alive and able to evaluate permissions;false
otherwise.
-
-
-
Method Detail
-
init
void init(Session systemSession, Map configuration) throws RepositoryException
Allows theAccessControlProviderFactory
to pass a session and configuration parameters to theAccessControlProvider
.- Parameters:
systemSession
- System session.configuration
- Configuration used to initialize this provider.- Throws:
RepositoryException
- If an error occurs.
-
close
void close()
Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider.
-
isLive
boolean isLive()
Returnstrue
, if this provider is still alive and able to evaluate permissions;false
otherwise.- Returns:
true
, if this provider is still alive and able to evaluate permissions;false
otherwise.
-
getEffectivePolicies
AccessControlPolicy[] getEffectivePolicies(Path absPath, CompiledPermissions permissions) throws ItemNotFoundException, RepositoryException
Returns the effective policies for the node at the given absPath.- Parameters:
absPath
- an absolute path.permissions
- The effective permissions of the editing sessions that attempts to view the effective policies.- Returns:
- The effective policies that apply at
absPath
or an empty array if the implementation cannot determine the effective policy at the given path. - Throws:
ItemNotFoundException
- If no Node with the specifiedabsPath
exists.RepositoryException
- If another error occurs.- See Also:
AccessControlManager.getEffectivePolicies(String)
-
getEffectivePolicies
AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals, CompiledPermissions permissions) throws RepositoryException
Returns the effective policies for the given principals.- Parameters:
principals
- A set of principal.permissions
- The effective permissions of the editing sessions that attempts to view the effective policies. @return The effective policies that are in effect for the givenprincipal
or an empty array.- Throws:
RepositoryException
- If error occurs.- See Also:
JackrabbitAccessControlManager.getEffectivePolicies(Set)
-
getEditor
AccessControlEditor getEditor(Session session) throws RepositoryException
Returns anAccessControlEditor
for the given Session object ornull
if the implementation does not support editing of access control policies.- Parameters:
session
- The editing session.- Returns:
- the ACL editor or
null
. - Throws:
RepositoryException
- If an error occurs.
-
compilePermissions
CompiledPermissions compilePermissions(Set<Principal> principals) throws RepositoryException
Compiles the effective policy for the specified set ofPrincipal
s.- Parameters:
principals
- Set of principals to compile the permissions for. If the order of evaluating permissions for principals is meaningful, the caller should pass a Set that respects the order of insertion.- Returns:
- The effective, compiled CompiledPolicy that applies for the specified set of principals.
- Throws:
RepositoryException
- If an error occurs.
-
canAccessRoot
boolean canAccessRoot(Set<Principal> principals) throws RepositoryException
Returnstrue
if the given set of principals can access the root node of the workspace this provider has been built for;false
otherwise.- Parameters:
principals
- Set of principals to be tested for being allowed to access the root node.- Returns:
true
if the given set of principals can access the root node of the workspace this provider has been built for;false
otherwise.- Throws:
RepositoryException
- If an error occurs.
-
-