public abstract class AbstractAccessControlManager extends Object implements JackrabbitAccessControlManager, AccessControlConstants
JackrabbitAccessControlManager interface.
This implementation covers both editing access control content by path and
by Principal resulting both in the same content structure.AC_NODETYPE_NAMES, ACE_PROPERTY_NAMES, MIX_REP_ACCESS_CONTROLLABLE, MIX_REP_REPO_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_POLICY, NT_REP_RESTRICTIONS, PARAM_RESTRICTION_PROVIDER, POLICY_NODE_NAMES, REP_GLOB, REP_ITEM_NAMES, REP_NODE_PATH, REP_NT_NAMES, REP_POLICY, REP_PREFIXES, REP_PRINCIPAL_NAME, REP_PRIVILEGES, REP_REPO_POLICY, REP_RESTRICTIONS| Modifier | Constructor and Description |
|---|---|
protected |
AbstractAccessControlManager(@NotNull Root root,
@NotNull NamePathMapper namePathMapper,
@NotNull SecurityProvider securityProvider) |
| Modifier and Type | Method and Description |
|---|---|
protected @NotNull AuthorizationConfiguration |
getConfig() |
protected @NotNull Root |
getLatestRoot() |
protected @NotNull NamePathMapper |
getNamePathMapper() |
protected @Nullable String |
getOakPath(@Nullable String jcrPath) |
protected @NotNull PermissionProvider |
getPermissionProvider() |
protected @NotNull PrivilegeManager |
getPrivilegeManager() |
@NotNull Privilege[] |
getPrivileges(@Nullable String absPath) |
@NotNull Privilege[] |
getPrivileges(@Nullable String absPath,
@NotNull Set<Principal> principals)
Returns the privileges the given set of
Principals has for
absolute path absPath, which must be an existing node. |
protected @NotNull Root |
getRoot() |
@NotNull Privilege[] |
getSupportedPrivileges(@Nullable String absPath) |
protected @NotNull Tree |
getTree(@Nullable String oakPath,
long permissions,
boolean checkAcContent) |
boolean |
hasPrivileges(@Nullable String absPath,
@Nullable Privilege[] privileges) |
boolean |
hasPrivileges(@Nullable String absPath,
@NotNull Set<Principal> principals,
@Nullable Privilege[] privileges)
Returns whether the given set of
Principals has the specified
privileges for absolute path absPath, which must be an
existing node. |
@NotNull Privilege |
privilegeFromName(@NotNull String privilegeName) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetApplicablePolicies, getEffectivePolicies, getPoliciesgetApplicablePolicies, getEffectivePolicies, getPolicies, removePolicy, setPolicyprotected AbstractAccessControlManager(@NotNull
@NotNull Root root,
@NotNull
@NotNull NamePathMapper namePathMapper,
@NotNull
@NotNull SecurityProvider securityProvider)
@NotNull public @NotNull Privilege[] getSupportedPrivileges(@Nullable @Nullable String absPath) throws RepositoryException
getSupportedPrivileges in interface AccessControlManagerRepositoryException@NotNull public @NotNull Privilege privilegeFromName(@NotNull @NotNull String privilegeName) throws RepositoryException
privilegeFromName in interface AccessControlManagerRepositoryExceptionpublic boolean hasPrivileges(@Nullable
@Nullable String absPath,
@Nullable
@Nullable Privilege[] privileges)
throws RepositoryException
hasPrivileges in interface AccessControlManagerRepositoryException@NotNull public @NotNull Privilege[] getPrivileges(@Nullable @Nullable String absPath) throws RepositoryException
getPrivileges in interface AccessControlManagerRepositoryExceptionpublic boolean hasPrivileges(@Nullable
@Nullable String absPath,
@NotNull
@NotNull Set<Principal> principals,
@Nullable
@Nullable Privilege[] privileges)
throws RepositoryException
JackrabbitAccessControlManagerPrincipals has the specified
privileges for absolute path absPath, which must be an
existing node.
Testing an aggregate privilege is equivalent to testing each non
aggregate privilege among the set returned by calling
Privilege.getAggregatePrivileges() for that privilege.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save() and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException if the session lacks
READ_ACCESS_CONTROL privilege for the absPath
node.
hasPrivileges in interface JackrabbitAccessControlManagerabsPath - an absolute path.principals - a set of Principals for which is the
given privileges are tested.privileges - an array of Privileges.true if the session has the specified privileges;
false otherwise.PathNotFoundException - if no node at absPath exists
or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException - if the session lacks
READ_ACCESS_CONTROL privilege for the absPath node.RepositoryException - if another error occurs.@NotNull public @NotNull Privilege[] getPrivileges(@Nullable @Nullable String absPath, @NotNull @NotNull Set<Principal> principals) throws RepositoryException
JackrabbitAccessControlManagerPrincipals has for
absolute path absPath, which must be an existing node.
The returned privileges are those for which JackrabbitAccessControlManager.hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[]) would
return true.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save() and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException if the session lacks
READ_ACCESS_CONTROL privilege for the absPath
node.
Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.
getPrivileges in interface JackrabbitAccessControlManagerabsPath - an absolute path.principals - a set of Principals for which is the
privileges are retrieved.Privileges.PathNotFoundException - if no node at absPath exists
or the session does not have sufficient access to retrieve a node at that
location.AccessDeniedException - if the session lacks READ_ACCESS_CONTROL
privilege for the absPath node.RepositoryException - if another error occurs.@NotNull protected @NotNull AuthorizationConfiguration getConfig()
@NotNull protected @NotNull Root getRoot()
@NotNull protected @NotNull Root getLatestRoot()
@NotNull protected @NotNull NamePathMapper getNamePathMapper()
@NotNull protected @NotNull PrivilegeManager getPrivilegeManager()
@Nullable protected @Nullable String getOakPath(@Nullable @Nullable String jcrPath) throws RepositoryException
RepositoryException@NotNull protected @NotNull Tree getTree(@Nullable @Nullable String oakPath, long permissions, boolean checkAcContent) throws RepositoryException
RepositoryException@NotNull protected @NotNull PermissionProvider getPermissionProvider()
Copyright © 2012–2020 The Apache Software Foundation. All rights reserved.