Interface PrincipalAccessControlList
- All Superinterfaces:
AccessControlList
,AccessControlPolicy
,JackrabbitAccessControlList
,JackrabbitAccessControlPolicy
JackrabbitAccessControlList
that is bound to a Principal
.
Consequently, all entries returned by AccessControlList.getAccessControlEntries()
will return the same value
as getPrincipal()
and only entries associated with this very principal can be added/removed from this list.
In addition this implies that each entry contained within the PrincipalAccessControlList
defines the target
object where it will take effect, which can either be an absolute path to a node or null
if the entry takes
effect at the repository level.
Typically applicable, existing and effective policies of this type of access control list are expected to be obtained
through calls of
JackrabbitAccessControlManager.getApplicablePolicies(Principal)
,
JackrabbitAccessControlManager.getPolicies(Principal)
and
JackrabbitAccessControlManager.getEffectivePolicies(Set)
, respectively.
Whether or not accessing PrincipalAccessControlList
policies by path is supported is an implementation detail.
If it is supported the absPath
parameter specified with AccessControlManager.getApplicablePolicies(String)
and AccessControlManager.getPolicies(String)
will correspond to the path of the policy.
As far as the best-effort method AccessControlManager.getEffectivePolicies(String)
is
concerned, the effective path
defined with the individual entries will be consulted
in order to compute the policies that take effect at a given path.
Irrespective on whether access by path is supported or not the path
of the policy points to the access controlled node it is bound to and will be used to
set
and
remove
the policy.
This access controlled node may or may not be associated with an (optional) representation of the associated
Principal
inside the repository.
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic interface
Extension of theJackrabbitAccessControlEntry
that additionally defines the target object where this entry will take effect. -
Method Summary
Modifier and TypeMethodDescriptionboolean
Adds an access control entry to this policy consisting of the specifiedeffectivePath
and the specifiedprivileges
and indicates upon return if the policy was modified.boolean
addEntry
(@Nullable String effectivePath, @NotNull Privilege[] privileges, @NotNull Map<String, Value> restrictions, @NotNull Map<String, Value[]> mvRestrictions) Adds an access control entry to this policy consisting of the specifiedeffectivePath
, the specifiedprivileges
as well as the specified single and multivalued restrictions and indicates upon return if the policy was modified.@NotNull Principal
Returns thePrincipal
this policy is bound to.Methods inherited from interface javax.jcr.security.AccessControlList
addAccessControlEntry, getAccessControlEntries, removeAccessControlEntry
Methods inherited from interface org.apache.jackrabbit.api.security.JackrabbitAccessControlList
addEntry, addEntry, addEntry, getRestrictionNames, getRestrictionType, isEmpty, isMultiValueRestriction, orderBefore, size
Methods inherited from interface org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy
getPath
-
Method Details
-
getPrincipal
Returns thePrincipal
this policy is bound to. It will be the same all entries contained in this list. An attempt toadd an entry
associated with a different principal than the one returned by this method will fail.- Returns:
- the target principal of this access control list.
- See Also:
-
addEntry
boolean addEntry(@Nullable @Nullable String effectivePath, @NotNull @NotNull Privilege[] privileges) throws RepositoryException Adds an access control entry to this policy consisting of the specifiedeffectivePath
and the specifiedprivileges
and indicates upon return if the policy was modified.The
effectivePath
defines the object where the privileges will take effect. IfeffectivePath
is an absolute path then the specified object is aNode
. If it isnull
the object is the repository as a whole and the privileges in question are those that are not associated with any particular node (e.g. privilege to register a namespace). Whether or not an absolute path must point to an accessible node is an implementation detail.How the entries are grouped within the list is an implementation detail. An implementation may e.g. combine the specified privileges with those added by a previous call for the same
effectivePath
but it will not removePrivilege
s added by a previous call.Modifications to this policy will not take effect until this policy has been written back by calling
AccessControlManager.setPolicy(String, javax.jcr.security.AccessControlPolicy)
followed bySession.save()
to persist the transient modifications.This method is equivalent to calling
addEntry(String, Privilege[], Map, Map)
with empty restriction maps.- Parameters:
effectivePath
- An absolute path ornull
to indicate where this entry will take effect.privileges
- an array ofPrivilege
.- Returns:
true
if this policy was modify;false
otherwise.- Throws:
AccessControlException
- if the specified path or any of the privileges is not valid or if some other access control related exception occurs.RepositoryException
- If another error occurs
-
addEntry
boolean addEntry(@Nullable @Nullable String effectivePath, @NotNull @NotNull Privilege[] privileges, @NotNull @NotNull Map<String, Value> restrictions, @NotNull @NotNull Map<String, throws RepositoryExceptionValue[]> mvRestrictions) Adds an access control entry to this policy consisting of the specifiedeffectivePath
, the specifiedprivileges
as well as the specified single and multivalued restrictions and indicates upon return if the policy was modified.The
effectivePath
defines the object where the privileges will take effect. IfeffectivePath
is an absolute path then the specified object is aNode
. If it isnull
the object is the repository as a whole and the privileges in question are those that are not associated with any particular node (e.g. privilege to register a namespace). Whether or not an absolute path must point to an accessible node is an implementation detail.The names of the supported restrictions can be obtained by calling
JackrabbitAccessControlList.getRestrictionNames()
, whileJackrabbitAccessControlList.getRestrictionType(String)
andJackrabbitAccessControlList.isMultiValueRestriction(String)
will reveal the expected value type and cardinality.How the entries are grouped within the list is an implementation detail. An implementation may e.g. combine the specified privileges with those added by a previous call for the same
effectivePath
but it will not remove aPrivilege
or restrictions added by a previous call.Modifications to this policy will not take effect until this policy has been written back by calling
AccessControlManager.setPolicy(String, javax.jcr.security.AccessControlPolicy)
followed bySession.save()
to persist the transient modifications.- Parameters:
effectivePath
- An absolute path ornull
to indicate where this entry will take effect.privileges
- an array ofPrivilege
.restrictions
- The single valued restrictions associated with the entry to be created or an empty map.mvRestrictions
- the multi-valued restrictions associated with the entry to be created or an empty map.- Returns:
true
if this policy was modify;false
otherwise.- Throws:
AccessControlException
- if the specified path, any of the privileges or the restrictions are not valid or if some other access control related exception occurs.RepositoryException
- If another error occurs
-