@ProviderType public interface JackrabbitAccessControlManager extends AccessControlManager
JackrabbitAccessControlManager
provides extensions to the
AccessControlManager
interface.Modifier and Type | Method and Description |
---|---|
@NotNull JackrabbitAccessControlPolicy[] |
getApplicablePolicies(@NotNull java.security.Principal principal)
Returns the applicable policies for the specified
principal
or an empty array if no additional policies can be applied. |
@NotNull AccessControlPolicy[] |
getEffectivePolicies(@NotNull java.util.Set<java.security.Principal> principals)
Returns the
AccessControlPolicy objects that are in effect
for the given Principal s. |
@NotNull JackrabbitAccessControlPolicy[] |
getPolicies(@NotNull java.security.Principal principal)
Returns the
AccessControlPolicy objects that have been set
for the given principal or an empty array if no policy has
been set. |
default @NotNull PrivilegeCollection |
getPrivilegeCollection(@Nullable java.lang.String absPath)
Returns the
PrivilegeCollection for editing session at the given absolute path, which
must be an existing node. |
default @NotNull PrivilegeCollection |
getPrivilegeCollection(@Nullable java.lang.String absPath,
@NotNull java.util.Set<java.security.Principal> principals)
Returns the
PrivilegeCollection for the given set of principals at the given absolute path, which
must be an existing node. |
@NotNull Privilege[] |
getPrivileges(@Nullable java.lang.String absPath,
@NotNull java.util.Set<java.security.Principal> principals)
Returns the privileges the given set of
Principal s has for
absolute path absPath , which must be an existing node. |
boolean |
hasPrivileges(@Nullable java.lang.String absPath,
@NotNull java.util.Set<java.security.Principal> principals,
@NotNull Privilege[] privileges)
Returns whether the given set of
Principal s has the specified
privileges for absolute path absPath , which must be an
existing node. |
default @NotNull PrivilegeCollection |
privilegeCollectionFromNames(java.lang.String... privilegeNames)
Returns the
PrivilegeCollection for the specified privilegeNames . |
getApplicablePolicies, getEffectivePolicies, getPolicies, getPrivileges, getSupportedPrivileges, hasPrivileges, privilegeFromName, removePolicy, setPolicy
@NotNull @NotNull JackrabbitAccessControlPolicy[] getApplicablePolicies(@NotNull @NotNull java.security.Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
principal
or an empty array if no additional policies can be applied.principal
- A principal known to the editing session.principal
. Note
that the policy object returned must reveal the path of the node where
they can be applied later on using AccessControlManager.setPolicy(String, javax.jcr.security.AccessControlPolicy)
.AccessDeniedException
- if the session lacks
MODIFY_ACCESS_CONTROL
privilege.AccessControlException
- if the specified principal does not exist
or if another access control related exception occurs.UnsupportedRepositoryOperationException
- if editing access control
policies by principal is not supported.RepositoryException
- if another error occurs.JackrabbitAccessControlPolicy.getPath()
@NotNull @NotNull JackrabbitAccessControlPolicy[] getPolicies(@NotNull @NotNull java.security.Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
AccessControlPolicy
objects that have been set
for the given principal
or an empty array if no policy has
been set. This method reflects the binding state, including transient
policy modifications.principal
- A valid principal.AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege.AccessControlException
- if the specified principal does not exist
or if another access control related exception occurs.UnsupportedRepositoryOperationException
- if editing access control
policies by principal is not supported.RepositoryException
- If another error occurs.@NotNull @NotNull AccessControlPolicy[] getEffectivePolicies(@NotNull @NotNull java.util.Set<java.security.Principal> principals) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
AccessControlPolicy
objects that are in effect
for the given Principal
s. This may be policies set through
this API or some implementation specific (default) policies.principals
- A set of valid principals.AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege.AccessControlException
- if the specified principal does not exist
or if another access control related exception occurs.UnsupportedRepositoryOperationException
- if editing access control
policies by principal is not supported.RepositoryException
- If another error occurs.boolean hasPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals, @NotNull @NotNull Privilege[] privileges) throws PathNotFoundException, AccessDeniedException, RepositoryException
Principal
s has the specified
privileges for absolute path absPath
, which must be an
existing node.
Testing an aggregate privilege is equivalent to testing each non
aggregate privilege among the set returned by calling
Privilege.getAggregatePrivileges()
for that privilege.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException
if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
absPath
- an absolute path.principals
- a set of Principal
s for which is the
given privileges are tested.privileges
- an array of Privilege
s.true
if the session has the specified privileges;
false
otherwise.PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.RepositoryException
- if another error occurs.@NotNull @NotNull Privilege[] getPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals) throws PathNotFoundException, AccessDeniedException, RepositoryException
Principal
s has for
absolute path absPath
, which must be an existing node.
The returned privileges are those for which hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[])
would
return true
.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException
if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.
absPath
- an absolute path.principals
- a set of Principal
s for which is the
privileges are retrieved.Privilege
s.PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.AccessDeniedException
- if the session lacks READ_ACCESS_CONTROL
privilege for the absPath
node.RepositoryException
- if another error occurs.@NotNull default @NotNull PrivilegeCollection getPrivilegeCollection(@Nullable @Nullable java.lang.String absPath) throws RepositoryException
Returns the PrivilegeCollection
for editing session at the given absolute path, which
must be an existing node. This is equivalent to AccessControlManager.getPrivileges(String)
and
AccessControlManager.hasPrivileges(String, Privilege[])
but allows for easy resolution of aggregated privileges
(like e.g. jcr:all) and repeated evaluation if the editing session has privileges granted
at the given target node.
PrivilegeCollection
using regular JCR/Jackrabbit API, which might not be efficient. Implementations of JackrabbitAccessControlManager
are therefore expected to overwrite the default.absPath
- An absolute path to an existing JCR node.PrivilegeCollection
wrapping around the privileges granted for the editing session at absPath.PathNotFoundException
- if no node at absPath
exists or the session does not have sufficient
access to retrieve a node at that location.RepositoryException
- If another error occurs.@NotNull default @NotNull PrivilegeCollection getPrivilegeCollection(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals) throws RepositoryException
Returns the PrivilegeCollection
for the given set of principals at the given absolute path, which
must be an existing node. This is equivalent to getPrivileges(String,Set)
and
hasPrivileges(String, Set, Privilege[])
but allows for easy resolution of aggregated privileges
(like e.g. jcr:all) and repeated evaluation if the editing session has privileges granted
at the given target node.
PrivilegeCollection
using regular JCR/Jackrabbit API, which might not be efficient. Implementations of JackrabbitAccessControlManager
are therefore expected to overwrite the default.absPath
- An absolute path to an existing JCR node.principals
- A set of principals for which the PrivilegeCollection
should be created.PrivilegeCollection
wrapping around the privileges granted for the editing session at absPath.PathNotFoundException
- if no node at absPath
exists or the session does not have sufficient
access to retrieve a node at that location.AccessDeniedException
- if the session lacks READ_ACCESS_CONTROL
privilege for the absPath
node.RepositoryException
- If another error occurs.@NotNull default @NotNull PrivilegeCollection privilegeCollectionFromNames(@NotNull java.lang.String... privilegeNames) throws RepositoryException
Returns the PrivilegeCollection
for the specified privilegeNames
.
Since the privilege names are JCR names, they may be passed in either
qualified or expanded form (see specification for details on JCR names).
PrivilegeCollection
using regular JCR/Jackrabbit API, which might not be efficient. Implementations of JackrabbitAccessControlManager
are therefore expected to overwrite the default.privilegeNames
- the names of existing privilege.PrivilegeCollection
representing the specified privilegeNames
.AccessControlException
- if no privilege with any of the specified names exists.RepositoryException
- If another error occurs.Copyright © 2012–2022 The Apache Software Foundation. All rights reserved.