Package org.apache.jackrabbit.oak.security.authorization.restriction

Class PrincipalRestrictionProvider

java.lang.Object

org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider

All Implemented Interfaces:

AccessControlConstants, RestrictionProvider

public class PrincipalRestrictionProvider
extends Object
implements RestrictionProvider, AccessControlConstants

Restriction provider implementation used for editing access control by principal. It wraps the configured base provider and adds a mandatory restriction definition with name AccessControlConstants.REP_NODE_PATH and type PATH which stores the path of the access controlled node to which a given access control entry will be applied.

Field Summary

Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants

AC_NODETYPE_NAMES, ACE_PROPERTY_NAMES, MIX_REP_ACCESS_CONTROLLABLE, MIX_REP_REPO_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_POLICY, NT_REP_RESTRICTIONS, PARAM_RESTRICTION_PROVIDER, POLICY_NODE_NAMES, REP_CURRENT, REP_GLOB, REP_GLOBS, REP_ITEM_NAMES, REP_NODE_PATH, REP_NT_NAMES, REP_POLICY, REP_PREFIXES, REP_PRINCIPAL_NAME, REP_PRIVILEGES, REP_REPO_POLICY, REP_RESTRICTIONS, REP_SUBTREES

Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider

EMPTY

Constructor Summary

Constructors

Constructor	Description
PrincipalRestrictionProvider(@NotNull RestrictionProvider base)

Method Summary

Modifier and Type	Method	Description
@NotNull Restriction	createRestriction(@Nullable String oakPath, @NotNull String oakName, @NotNull Value value)	Creates a new single valued restriction for the specified parameters.
@NotNull Restriction	createRestriction(@Nullable String oakPath, @NotNull String oakName, @NotNull Value... values)	Creates a new multi valued restriction for the specified parameters.
@NotNull RestrictionPattern	getPattern(@Nullable String oakPath, @NotNull Set<Restriction> restrictions)	Creates the RestrictionPattern for the specified restrictions.
@NotNull RestrictionPattern	getPattern(@Nullable String oakPath, @NotNull Tree tree)	Creates the RestrictionPattern for the restriction information stored with specified tree.
@NotNull Set<RestrictionDefinition>	getSupportedRestrictions(@Nullable String oakPath)	Returns the restriction definitions supported by this provider implementation at the specified path.
@NotNull Set<Restriction>	readRestrictions(@Nullable String oakPath, @NotNull Tree aceTree)	Read the valid restrictions stored in the specified ACE tree.
void	validateRestrictions(@Nullable String oakPath, @NotNull Tree aceTree)	Validate the restrictions present with the specified ACE tree.
void	writeRestrictions(@Nullable String oakPath, @NotNull Tree aceTree, @NotNull Set<Restriction> restrictions)	Writes the given restrictions to the specified ACE tree.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PrincipalRestrictionProvider

public PrincipalRestrictionProvider(@NotNull
                                    @NotNull RestrictionProvider base)

Method Detail

getSupportedRestrictions

@NotNull
public @NotNull Set<RestrictionDefinition> getSupportedRestrictions(@Nullable
                                                                    @Nullable String oakPath)

Description copied from interface: RestrictionProvider

Returns the restriction definitions supported by this provider implementation at the specified path.

Specified by:

getSupportedRestrictions in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree. A null path indicates that the supported restrictions for repository level policies should be returned.

Returns:

The set of supported restrictions at the given path.

createRestriction

@NotNull
public @NotNull Restriction createRestriction(@Nullable
                                              @Nullable String oakPath,
                                              @NotNull
                                              @NotNull String oakName,
                                              @NotNull
                                              @NotNull Value value)
                                       throws RepositoryException

Description copied from interface: RestrictionProvider

Creates a new single valued restriction for the specified parameters.

Specified by:

createRestriction in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

oakName - The name of the restriction.

value - The value of the restriction.

Returns:

A new restriction instance.

Throws:

AccessControlException - If no matching restriction definition exists for the specified parameters.

RepositoryException - If another error occurs.

createRestriction

@NotNull
public @NotNull Restriction createRestriction(@Nullable
                                              @Nullable String oakPath,
                                              @NotNull
                                              @NotNull String oakName,
                                              @NotNull
                                              @NotNull Value... values)
                                       throws RepositoryException

Description copied from interface: RestrictionProvider

Creates a new multi valued restriction for the specified parameters.

Specified by:

createRestriction in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

oakName - The name of the restriction.

values - The values of the restriction.

Returns:

A new restriction instance.

Throws:

AccessControlException - If no matching restriction definition exists for the specified parameters.

RepositoryException - If another error occurs.

readRestrictions

@NotNull
public @NotNull Set<Restriction> readRestrictions(@Nullable
                                                  @Nullable String oakPath,
                                                  @NotNull
                                                  @NotNull Tree aceTree)

Description copied from interface: RestrictionProvider

Read the valid restrictions stored in the specified ACE tree.

Specified by:

readRestrictions in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE that may contain restrictions.

Returns:

The valid restrictions stored with the specified tree or an empty set.

writeRestrictions

public void writeRestrictions(@Nullable
                              @Nullable String oakPath,
                              @NotNull
                              @NotNull Tree aceTree,
                              @NotNull
                              @NotNull Set<Restriction> restrictions)
                       throws RepositoryException

Description copied from interface: RestrictionProvider

Writes the given restrictions to the specified ACE tree. Note, that this method does not need to validate the specified restrictions (see also RestrictionProvider.validateRestrictions(String, org.apache.jackrabbit.oak.api.Tree)).

Specified by:

writeRestrictions in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE that will have the specified restrictions added.

restrictions - The set of restrictions to be written to the specified tree.

Throws:

RepositoryException - If an error occurs while writing the restrictions.

validateRestrictions

public void validateRestrictions(@Nullable
                                 @Nullable String oakPath,
                                 @NotNull
                                 @NotNull Tree aceTree)
                          throws RepositoryException

Description copied from interface: RestrictionProvider

Validate the restrictions present with the specified ACE tree.

Specified by:

validateRestrictions in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE.

Throws:

AccessControlException - If any invalid restrictions are detected.

RepositoryException - If another error occurs.

getPattern

@NotNull
public @NotNull RestrictionPattern getPattern(@Nullable
                                              @Nullable String oakPath,
                                              @NotNull
                                              @NotNull Tree tree)

Description copied from interface: RestrictionProvider

Creates the RestrictionPattern for the restriction information stored with specified tree.

Specified by:

getPattern in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

tree - The tree holding the restriction information.

Returns:

A new RestrictionPattern representing the restriction information present with the given tree.

getPattern

@NotNull
public @NotNull RestrictionPattern getPattern(@Nullable
                                              @Nullable String oakPath,
                                              @NotNull
                                              @NotNull Set<Restriction> restrictions)

Description copied from interface: RestrictionProvider

Creates the RestrictionPattern for the specified restrictions. The implementation should ignore all restrictions present in the specified set that it doesn't support.

Specified by:

getPattern in interface RestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

restrictions - the restrictions.

Returns:

A new RestrictionPattern representing those restrictions of the specified set that are supported by this implementation.