Interface PrincipalManager
- All Known Implementing Classes:
PrincipalManagerDelegator
,PrincipalManagerImpl
A Principal
is an object used to connect to any kind
of security mechanism. Example for this are the
login modules
that use principals
to process the login procedure.
A principal can be a member of a GroupPrincipal
. A
group is a principal itself and can therefore be a member of a group again.
Please note the following security considerations that need to be respected
when implementing the PrincipalManager: All principals returned by this
manager as well as GroupPrincipal.members()
must respect access
restrictions that may be present for the Session
this manager
has been built for. The same applies for
getGroupMembership(Principal)
.
Since Jackrabbit 2.18, a new interface has been introduced to represent the
concept of a group of principals: GroupPrincipal
, alongside
java.security.acl.Group
which is deprecated to be deleted. Until the
final deletion of java.security.acl.Group
, the 2 interfaces will be
used concurrently for backwards compatibility reasons. See JCR-4249 for more
details.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final int
Filter flag indicating that allPrincipal
s should be search irrespective whether they represent a group of Principals or not.static final int
Filter flag indicating that onlyPrincipal
s that represent a group of Principals should be searched and returned.static final int
Filter flag indicating that onlyPrincipal
s that do NOT represent a group should be searched and returned. -
Method Summary
Modifier and TypeMethodDescription@NotNull PrincipalIterator
findPrincipals
(@Nullable String simpleFilter) Gets the principals matching a simple filter expression applied against theprincipal name
.@NotNull PrincipalIterator
findPrincipals
(@Nullable String simpleFilter, int searchType) Gets the principals matching a simple filter expression applied against theprincipal name
AND the specified search type.@NotNull Principal
Returns thePrincipal
which is implicitly applied to every subject.@NotNull PrincipalIterator
getGroupMembership
(@NotNull Principal principal) Returns an iterator over all group principals for which the given principal is either direct or indirect member of.@Nullable Principal
getPrincipal
(@NotNull String principalName) Returns the principal with the given name if is known to this manager (with respect to the sessions access rights).@NotNull PrincipalIterator
getPrincipals
(int searchType) Returns allPrincipal
s matching the specified search type.boolean
hasPrincipal
(@NotNull String principalName) Checks if the principal with the given name is known to this manager (in respect to the sessions access rights).
-
Field Details
-
SEARCH_TYPE_NOT_GROUP
static final int SEARCH_TYPE_NOT_GROUPFilter flag indicating that onlyPrincipal
s that do NOT represent a group should be searched and returned.- See Also:
-
SEARCH_TYPE_GROUP
static final int SEARCH_TYPE_GROUPFilter flag indicating that onlyPrincipal
s that represent a group of Principals should be searched and returned.- See Also:
-
SEARCH_TYPE_ALL
static final int SEARCH_TYPE_ALLFilter flag indicating that allPrincipal
s should be search irrespective whether they represent a group of Principals or not.- See Also:
-
-
Method Details
-
hasPrincipal
Checks if the principal with the given name is known to this manager (in respect to the sessions access rights). If this method returnstrue
then the following expression evaluates totrue
as well:PrincipalManager.getPrincipal(name).getName().equals(name)
- Parameters:
principalName
- the name of the principal to check- Returns:
- return
true
if the principal with this name is known to this manager;false
otherwise.
-
getPrincipal
Returns the principal with the given name if is known to this manager (with respect to the sessions access rights). Please note that due to security reasons group principals will only reveal those members that are visible to the Session thisPrincipalManager
has been built for.- Parameters:
principalName
- the name of the principal to retrieve- Returns:
- return the requested principal or
null
if a principal with the given name does not exist or is not accessible for the editing session.
-
findPrincipals
Gets the principals matching a simple filter expression applied against theprincipal name
. TODO: define the filter expression.
An implementation may limit the number of principals returned. If there are no matching principals, an empty iterator is returned.- Parameters:
simpleFilter
-- Returns:
- a
PrincipalIterator
over thePrincipal
s matching the given filter.
-
findPrincipals
@NotNull @NotNull PrincipalIterator findPrincipals(@Nullable @Nullable String simpleFilter, int searchType) Gets the principals matching a simple filter expression applied against theprincipal name
AND the specified search type. TODO: define the filter expression.
An implementation may limit the number of principals returned. If there are no matching principals, an empty iterator is returned.- Parameters:
simpleFilter
-searchType
- Any of the following constants:- Returns:
- a
PrincipalIterator
over thePrincipal
s matching the given filter and search type.
-
getPrincipals
Returns allPrincipal
s matching the specified search type.- Parameters:
searchType
- Any of the following constants:- Returns:
- a
PrincipalIterator
over all thePrincipal
s matching the given search type.
-
getGroupMembership
Returns an iterator over all group principals for which the given principal is either direct or indirect member of.Example:
If Principal P is member of Group A, and Group A is member of Group B, this method will return Principal A and Principal B.- Parameters:
principal
- the principal to return it's membership from.- Returns:
- an iterator returning all groups the given principal is member of.
-
getEveryone
Returns thePrincipal
which is implicitly applied to every subject.- Returns:
- the 'everyone' principal
-