Package org.apache.jackrabbit.core.security.user.action

Class AccessControlAction

java.lang.Object

org.apache.jackrabbit.core.security.user.action.AbstractAuthorizableAction

org.apache.jackrabbit.core.security.user.action.AccessControlAction

All Implemented Interfaces:

AuthorizableAction

public class AccessControlAction
extends AbstractAuthorizableAction

The AccessControlAction allows to setup permissions upon creation of a new authorizable; namely the privileges the new authorizable should be granted on it's own 'home directory' being represented by the new node associated with that new authorizable.

The following to configuration parameters are available with this implementation:

• groupPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new group on the group node
• userPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new user on the user node.

Example configuration:

    <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
       <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">
          <param name="groupPrivilegeNames" value="jcr:read"/>
          <param name="userPrivilegeNames" value="jcr:read, rep:write"/>
       </AuthorizableAction>
    </UserManager>
 

The example configuration will lead to the following content structure upon user or group creation::

     UserManager umgr = ((JackrabbitSession) session).getUserManager();
     User user = umgr.createUser("testUser", "t");

     + t                           rep:AuthorizableFolder
       + te                        rep:AuthorizableFolder
         + testUser                rep:User, mix:AccessControllable
           + rep:policy            rep:ACL
             + allow               rep:GrantACE
               - rep:principalName = "testUser"
               - rep:privileges    = ["jcr:read","rep:write"]
           - rep:password
           - rep:principalName     = "testUser"
 

     UserManager umgr = ((JackrabbitSession) session).getUserManager();
     Group group = umgr.createGroup("testGroup");

     + t                           rep:AuthorizableFolder
       + te                        rep:AuthorizableFolder
         + testGroup               rep:Group, mix:AccessControllable
           + rep:policy            rep:ACL
             + allow               rep:GrantACE
               - rep:principalName = "testGroup"
               - rep:privileges    = ["jcr:read"]
           - rep:principalName     = "testGroup"
 

Constructor Summary

Constructors

Constructor	Description
AccessControlAction()	Create a new instance.

Method Summary

Modifier and Type	Method	Description
void	onCreate(Group group, Session session)	Doesn't perform any action.
void	onCreate(User user, String password, Session session)	Doesn't perform any action.
void	setGroupPrivilegeNames(String privilegeNames)	Sets the privileges a new group will be granted on the group's home directory.
void	setUserPrivilegeNames(String privilegeNames)	Sets the privileges a new user will be granted on the user's home directory.

Methods inherited from class org.apache.jackrabbit.core.security.user.action.AbstractAuthorizableAction

onPasswordChange, onRemove

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AccessControlAction

public AccessControlAction()

Create a new instance.

Method Detail

onCreate

public void onCreate(Group group,
                     Session session)
              throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onCreate in interface AuthorizableAction

Overrides:

onCreate in class AbstractAuthorizableAction

Parameters:

group - The new group that has not yet been persisted; e.g. the associated node is still 'NEW'.

session - The editing session associated with the user manager.

Throws:

RepositoryException - If an error occurs.

See Also:

AuthorizableAction.onCreate(org.apache.jackrabbit.api.security.user.Group, javax.jcr.Session)

onCreate

public void onCreate(User user,
                     String password,
                     Session session)
              throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onCreate in interface AuthorizableAction

Overrides:

onCreate in class AbstractAuthorizableAction

Parameters:

user - The new user that has not yet been persisted; e.g. the associated node is still 'NEW'.

password - The password that was specified upon user creation.

session - The editing session associated with the user manager.

Throws:

RepositoryException - If an error occurs.

See Also:

AuthorizableAction.onCreate(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)

setGroupPrivilegeNames

public void setGroupPrivilegeNames(String privilegeNames)

Sets the privileges a new group will be granted on the group's home directory.

Parameters:

privilegeNames - A comma separated list of privilege names.

setUserPrivilegeNames

public void setUserPrivilegeNames(String privilegeNames)

Sets the privileges a new user will be granted on the user's home directory.

Parameters:

privilegeNames - A comma separated list of privilege names.