Package org.apache.jackrabbit.oak.security.authorization.restriction

Class RestrictionProviderImpl

java.lang.Object

org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider

org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl

All Implemented Interfaces:

AccessControlConstants, AggregationAware, RestrictionProvider

public class RestrictionProviderImpl
extends AbstractRestrictionProvider

Default restriction provider implementation that supports the following restrictions:

• AccessControlConstants.REP_GLOB: A simple paths matching pattern. See GlobPattern for details.
• AccessControlConstants.REP_NT_NAMES: A restriction that allows to limit the effect of a given access control entries to JCR nodes of any of the specified primary node type. In case of a JCR property the primary type of the parent node is taken into consideration when evaluating the permissions.
• AccessControlConstants.REP_PREFIXES: A multivalued access control restriction which matches by name space prefix. The corresponding restriction type is Type.STRINGS.

Field Summary

Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants

AC_NODETYPE_NAMES, ACE_PROPERTY_NAMES, MIX_REP_ACCESS_CONTROLLABLE, MIX_REP_REPO_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_POLICY, NT_REP_RESTRICTIONS, PARAM_RESTRICTION_PROVIDER, POLICY_NODE_NAMES, REP_CURRENT, REP_GLOB, REP_GLOBS, REP_ITEM_NAMES, REP_NODE_PATH, REP_NT_NAMES, REP_POLICY, REP_PREFIXES, REP_PRINCIPAL_NAME, REP_PRIVILEGES, REP_REPO_POLICY, REP_RESTRICTIONS, REP_SUBTREES

Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider

EMPTY

Constructor Summary

Constructors

Constructor	Description
RestrictionProviderImpl()

Method Summary

Modifier and Type	Method	Description
@NotNull RestrictionPattern	getPattern(@Nullable java.lang.String oakPath, @NotNull java.util.Set<Restriction> restrictions)	Creates the RestrictionPattern for the specified restrictions.
@NotNull RestrictionPattern	getPattern(@Nullable java.lang.String oakPath, @NotNull Tree tree)	Creates the RestrictionPattern for the restriction information stored with specified tree.
void	validateRestrictions(@Nullable java.lang.String oakPath, @NotNull Tree aceTree)	Validate the restrictions present with the specified ACE tree.

Methods inherited from class org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider

createRestriction, createRestriction, getRestrictionsTree, getSupportedRestrictions, isUnsupportedPath, readRestrictions, setComposite, writeRestrictions

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RestrictionProviderImpl

public RestrictionProviderImpl()

Method Detail

getPattern

@NotNull
public @NotNull RestrictionPattern getPattern(@Nullable
                                              @Nullable java.lang.String oakPath,
                                              @NotNull
                                              @NotNull Tree tree)

Description copied from interface: RestrictionProvider

Creates the RestrictionPattern for the restriction information stored with specified tree.

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

tree - The tree holding the restriction information.

Returns:

A new RestrictionPattern representing the restriction information present with the given tree.

getPattern

@NotNull
public @NotNull RestrictionPattern getPattern(@Nullable
                                              @Nullable java.lang.String oakPath,
                                              @NotNull
                                              @NotNull java.util.Set<Restriction> restrictions)

Description copied from interface: RestrictionProvider

Creates the RestrictionPattern for the specified restrictions. The implementation should ignore all restrictions present in the specified set that it doesn't support.

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

restrictions - the restrictions.

Returns:

A new RestrictionPattern representing those restrictions of the specified set that are supported by this implementation.

validateRestrictions

public void validateRestrictions(@Nullable
                                 @Nullable java.lang.String oakPath,
                                 @NotNull
                                 @NotNull Tree aceTree)
                          throws AccessControlException

Description copied from interface: RestrictionProvider

Validate the restrictions present with the specified ACE tree.

Specified by:

validateRestrictions in interface RestrictionProvider

Overrides:

validateRestrictions in class AbstractRestrictionProvider

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE.

Throws:

AccessControlException - If any invalid restrictions are detected.