Class DefaultPrincipalProvider
- java.lang.Object
-
- org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider
-
- org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider
-
- All Implemented Interfaces:
EventListener,SynchronousEventListener,PrincipalProvider
public class DefaultPrincipalProvider extends AbstractPrincipalProvider implements SynchronousEventListener
Provides principals for the users contained within the Repository.Each
Authorizableaccessible viaUserManageris respected and the provider servesPrincipals retrieved from thoseAuthorizableobjects.In addition this provider exposes the everyone principal, which has no content (user/group) representation.
Unless explicitly configured (see
negative entry optionthis implementation of thePrincipalProviderinterface caches both positive and negative (null) results of theprovidePrincipal(java.lang.String)method. The cache is kept up to date by observation listening to creation and removal of users and groups.Membership cache:
In addition to the caching provided byAbstractPrincipalProviderthis implementation keeps an extra membership cache, which is notified in case of changes made to the members of any group.
-
-
Field Summary
-
Fields inherited from class org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider
MAXSIZE_KEY, NEGATIVE_ENTRY_KEY
-
-
Constructor Summary
Constructors Constructor Description DefaultPrincipalProvider(Session systemSession, UserManagerImpl systemUserManager)Creates a new DefaultPrincipalProvider reading the principals from the storage below the given security root node.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleancanReadPrincipal(Session session, Principal principal)Tests if the provided session is allowed to read the given principal.voidclose()Clears the cache and calls the implementation to close their resourcesPrincipalIteratorfindPrincipals(String simpleFilter)Searches forPrincipals that match the given String.PrincipalIteratorfindPrincipals(String simpleFilter, int searchType)Searches forPrincipals that match the given String.PrincipalIteratorgetGroupMembership(Principal userPrincipal)Returns an iterator over all group principals for which the given principal is either direct or indirect member of.PrincipalIteratorgetPrincipals(int searchType)Returns an iterator over all principals that match the given search type.voidinit(Properties options)Sets theAbstractPrincipalProvider.NEGATIVE_ENTRY_KEYoption value totrueif it isn't included yet in the passed options, before calling the init method of the base class.voidonEvent(EventIterator eventIterator)protected PrincipalprovidePrincipal(String principalName)Called if the cache does not contain the principal requested.
Implementations should return aPrincipalfrom their source, if it contains one for the given name ornull.-
Methods inherited from class org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider
addToCache, checkInitialized, clearCache, getPrincipal
-
-
-
-
Constructor Detail
-
DefaultPrincipalProvider
public DefaultPrincipalProvider(Session systemSession, UserManagerImpl systemUserManager) throws RepositoryException
Creates a new DefaultPrincipalProvider reading the principals from the storage below the given security root node.- Parameters:
systemSession- for repository access.systemUserManager- Used to retrieve the principals.- Throws:
RepositoryException- if an error accessing the repository occurs.
-
-
Method Detail
-
providePrincipal
protected Principal providePrincipal(String principalName)
Called if the cache does not contain the principal requested.
Implementations should return aPrincipalfrom their source, if it contains one for the given name ornull.This implementation uses the user and node resolver to find the appropriate nodes.
- Specified by:
providePrincipalin classAbstractPrincipalProvider- Parameters:
principalName- Name of the principal to be returned.- Returns:
- Principal or null, if non provided for the given name
- See Also:
AbstractPrincipalProvider.getPrincipal(String)
-
init
public void init(Properties options)
Sets theAbstractPrincipalProvider.NEGATIVE_ENTRY_KEYoption value totrueif it isn't included yet in the passed options, before calling the init method of the base class.- Specified by:
initin interfacePrincipalProvider- Overrides:
initin classAbstractPrincipalProvider- Parameters:
options-- See Also:
PrincipalProvider.init(java.util.Properties)
-
findPrincipals
public PrincipalIterator findPrincipals(String simpleFilter)
Description copied from interface:PrincipalProviderSearches forPrincipals that match the given String. NOTE:Groups are included in the search result.- Specified by:
findPrincipalsin interfacePrincipalProvider- Returns:
- See Also:
PrincipalProvider.findPrincipals(String)
-
findPrincipals
public PrincipalIterator findPrincipals(String simpleFilter, int searchType)
Description copied from interface:PrincipalProviderSearches forPrincipals that match the given String.- Specified by:
findPrincipalsin interfacePrincipalProvidersearchType- searchType Any of the following constants:- Returns:
- See Also:
PrincipalProvider.findPrincipals(String, int)
-
getPrincipals
public PrincipalIterator getPrincipals(int searchType)
Description copied from interface:PrincipalProviderReturns an iterator over all principals that match the given search type.- Specified by:
getPrincipalsin interfacePrincipalProvider- Parameters:
searchType- Any of the following search types:- Returns:
- an iterator over all principals that match the given search type.
- See Also:
PrincipalProvider.getPrincipals(int),PrincipalProvider.getPrincipals(int)
-
getGroupMembership
public PrincipalIterator getGroupMembership(Principal userPrincipal)
Description copied from interface:PrincipalProviderReturns an iterator over all group principals for which the given principal is either direct or indirect member of. If a principal is a direct member of a group, thenGroupPrincipal.isMember(Principal)true. A principal is an indirect member of a group if any of its groups (to any degree of separation) is direct member of the group.Example:
If Principal is member of Group A, and Group A is member of Group B, this method will return Group A and Group B.- Specified by:
getGroupMembershipin interfacePrincipalProvider- Parameters:
userPrincipal- the principal to return it's membership from.- Returns:
- an iterator returning all groups the given principal is member of.
- See Also:
PrincipalProvider.getGroupMembership(Principal)
-
close
public void close()
Description copied from class:AbstractPrincipalProviderClears the cache and calls the implementation to close their resources- Specified by:
closein interfacePrincipalProvider- Overrides:
closein classAbstractPrincipalProvider- See Also:
PrincipalProvider.close()
-
canReadPrincipal
public boolean canReadPrincipal(Session session, Principal principal)
Description copied from interface:PrincipalProviderTests if the provided session is allowed to read the given principal. Since the principal providers do not restrict the access on the principals they provide, this method is used by the PrincipalManger to ensure proper access rights for the client requesting the principals.- Specified by:
canReadPrincipalin interfacePrincipalProviderprincipal- The principal to be accessed by the specified subject.- Returns:
trueif the session is allowed to read the principal;falseotherwise.- See Also:
PrincipalProvider.canReadPrincipal(javax.jcr.Session,java.security.Principal)
-
onEvent
public void onEvent(EventIterator eventIterator)
- Specified by:
onEventin interfaceEventListener- See Also:
EventListener.onEvent(EventIterator)
-
-