@ProviderType public abstract class AbstractAccessControlManager extends java.lang.Object implements JackrabbitAccessControlManager, AccessControlConstants
JackrabbitAccessControlManager
interface.
This implementation covers both editing access control content by path and
by Principal
resulting both in the same content structure.AC_NODETYPE_NAMES, ACE_PROPERTY_NAMES, MIX_REP_ACCESS_CONTROLLABLE, MIX_REP_REPO_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_POLICY, NT_REP_RESTRICTIONS, PARAM_RESTRICTION_PROVIDER, POLICY_NODE_NAMES, REP_CURRENT, REP_GLOB, REP_GLOBS, REP_ITEM_NAMES, REP_NODE_PATH, REP_NT_NAMES, REP_POLICY, REP_PREFIXES, REP_PRINCIPAL_NAME, REP_PRIVILEGES, REP_REPO_POLICY, REP_RESTRICTIONS, REP_SUBTREES
Modifier | Constructor and Description |
---|---|
protected |
AbstractAccessControlManager(@NotNull Root root,
@NotNull NamePathMapper namePathMapper,
@NotNull SecurityProvider securityProvider) |
Modifier and Type | Method and Description |
---|---|
protected @NotNull AuthorizationConfiguration |
getConfig() |
protected @NotNull Root |
getLatestRoot() |
protected @NotNull NamePathMapper |
getNamePathMapper() |
protected @Nullable java.lang.String |
getOakPath(@Nullable java.lang.String jcrPath) |
protected @NotNull PermissionProvider |
getPermissionProvider() |
protected @NotNull PrivilegeBitsProvider |
getPrivilegeBitsProvider() |
@NotNull PrivilegeCollection |
getPrivilegeCollection(@Nullable java.lang.String absPath)
Returns the
PrivilegeCollection for editing session at the given absolute path, which
must be an existing node. |
@NotNull PrivilegeCollection |
getPrivilegeCollection(@Nullable java.lang.String absPath,
@NotNull java.util.Set<java.security.Principal> principals)
Returns the
PrivilegeCollection for the given set of principals at the given absolute path, which
must be an existing node. |
protected @NotNull PrivilegeManager |
getPrivilegeManager() |
@NotNull Privilege[] |
getPrivileges(@Nullable java.lang.String absPath) |
@NotNull Privilege[] |
getPrivileges(@Nullable java.lang.String absPath,
@NotNull java.util.Set<java.security.Principal> principals)
Returns the privileges the given set of
Principal s has for
absolute path absPath , which must be an existing node. |
protected @NotNull Root |
getRoot() |
@NotNull Privilege[] |
getSupportedPrivileges(@Nullable java.lang.String absPath) |
protected @NotNull Tree |
getTree(@Nullable java.lang.String oakPath,
long permissions,
boolean checkAcContent) |
boolean |
hasPrivileges(@Nullable java.lang.String absPath,
@Nullable Privilege[] privileges) |
boolean |
hasPrivileges(@Nullable java.lang.String absPath,
@NotNull java.util.Set<java.security.Principal> principals,
@Nullable Privilege[] privileges)
Returns whether the given set of
Principal s has the specified
privileges for absolute path absPath , which must be an
existing node. |
@NotNull PrivilegeCollection |
privilegeCollectionFromNames(java.lang.String... privilegeNames)
Returns the
PrivilegeCollection for the specified privilegeNames . |
@NotNull Privilege |
privilegeFromName(@NotNull java.lang.String privilegeName) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getApplicablePolicies, getEffectivePolicies, getPolicies
getApplicablePolicies, getEffectivePolicies, getPolicies, removePolicy, setPolicy
protected AbstractAccessControlManager(@NotNull @NotNull Root root, @NotNull @NotNull NamePathMapper namePathMapper, @NotNull @NotNull SecurityProvider securityProvider)
@NotNull public @NotNull Privilege[] getSupportedPrivileges(@Nullable @Nullable java.lang.String absPath) throws RepositoryException
getSupportedPrivileges
in interface AccessControlManager
RepositoryException
@NotNull public @NotNull Privilege privilegeFromName(@NotNull @NotNull java.lang.String privilegeName) throws RepositoryException
privilegeFromName
in interface AccessControlManager
RepositoryException
public boolean hasPrivileges(@Nullable @Nullable java.lang.String absPath, @Nullable @Nullable Privilege[] privileges) throws RepositoryException
hasPrivileges
in interface AccessControlManager
RepositoryException
@NotNull public @NotNull Privilege[] getPrivileges(@Nullable @Nullable java.lang.String absPath) throws RepositoryException
getPrivileges
in interface AccessControlManager
RepositoryException
public boolean hasPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals, @Nullable @Nullable Privilege[] privileges) throws RepositoryException
JackrabbitAccessControlManager
Principal
s has the specified
privileges for absolute path absPath
, which must be an
existing node.
Testing an aggregate privilege is equivalent to testing each non
aggregate privilege among the set returned by calling
Privilege.getAggregatePrivileges()
for that privilege.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException
if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
hasPrivileges
in interface JackrabbitAccessControlManager
absPath
- an absolute path.principals
- a set of Principal
s for which is the
given privileges are tested.privileges
- an array of Privilege
s.true
if the session has the specified privileges;
false
otherwise.PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that location.AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.RepositoryException
- if another error occurs.@NotNull public @NotNull Privilege[] getPrivileges(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals) throws RepositoryException
JackrabbitAccessControlManager
Principal
s has for
absolute path absPath
, which must be an existing node.
The returned privileges are those for which JackrabbitAccessControlManager.hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[])
would
return true
.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of
the privilege test methods.
Since this method allows to view the privileges of principals other
than included in the editing session, this method must throw
AccessDeniedException
if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.
getPrivileges
in interface JackrabbitAccessControlManager
absPath
- an absolute path.principals
- a set of Principal
s for which is the
privileges are retrieved.Privilege
s.PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.AccessDeniedException
- if the session lacks READ_ACCESS_CONTROL
privilege for the absPath
node.RepositoryException
- if another error occurs.@NotNull public @NotNull PrivilegeCollection getPrivilegeCollection(@Nullable @Nullable java.lang.String absPath) throws RepositoryException
JackrabbitAccessControlManager
Returns the PrivilegeCollection
for editing session at the given absolute path, which
must be an existing node. This is equivalent to AccessControlManager.getPrivileges(String)
and
AccessControlManager.hasPrivileges(String, Privilege[])
but allows for easy resolution of aggregated privileges
(like e.g. jcr:all) and repeated evaluation if the editing session has privileges granted
at the given target node.
PrivilegeCollection
using regular JCR/Jackrabbit API, which might not be efficient. Implementations of JackrabbitAccessControlManager
are therefore expected to overwrite the default.getPrivilegeCollection
in interface JackrabbitAccessControlManager
absPath
- An absolute path to an existing JCR node.PrivilegeCollection
wrapping around the privileges granted for the editing session at absPath.PathNotFoundException
- if no node at absPath
exists or the session does not have sufficient
access to retrieve a node at that location.RepositoryException
- If another error occurs.@NotNull public @NotNull PrivilegeCollection getPrivilegeCollection(@Nullable @Nullable java.lang.String absPath, @NotNull @NotNull java.util.Set<java.security.Principal> principals) throws RepositoryException
JackrabbitAccessControlManager
Returns the PrivilegeCollection
for the given set of principals at the given absolute path, which
must be an existing node. This is equivalent to JackrabbitAccessControlManager.getPrivileges(String,Set)
and
JackrabbitAccessControlManager.hasPrivileges(String, Set, Privilege[])
but allows for easy resolution of aggregated privileges
(like e.g. jcr:all) and repeated evaluation if the editing session has privileges granted
at the given target node.
PrivilegeCollection
using regular JCR/Jackrabbit API, which might not be efficient. Implementations of JackrabbitAccessControlManager
are therefore expected to overwrite the default.getPrivilegeCollection
in interface JackrabbitAccessControlManager
absPath
- An absolute path to an existing JCR node.principals
- A set of principals for which the PrivilegeCollection
should be created.PrivilegeCollection
wrapping around the privileges granted for the editing session at absPath.PathNotFoundException
- if no node at absPath
exists or the session does not have sufficient
access to retrieve a node at that location.AccessDeniedException
- if the session lacks READ_ACCESS_CONTROL
privilege for the absPath
node.RepositoryException
- If another error occurs.@NotNull public @NotNull PrivilegeCollection privilegeCollectionFromNames(@NotNull java.lang.String... privilegeNames) throws RepositoryException
JackrabbitAccessControlManager
Returns the PrivilegeCollection
for the specified privilegeNames
.
Since the privilege names are JCR names, they may be passed in either
qualified or expanded form (see specification for details on JCR names).
PrivilegeCollection
using regular JCR/Jackrabbit API, which might not be efficient. Implementations of JackrabbitAccessControlManager
are therefore expected to overwrite the default.privilegeCollectionFromNames
in interface JackrabbitAccessControlManager
privilegeNames
- the names of existing privilege.PrivilegeCollection
representing the specified privilegeNames
.AccessControlException
- if no privilege with any of the specified names exists.RepositoryException
- If another error occurs.@NotNull protected @NotNull AuthorizationConfiguration getConfig()
@NotNull protected @NotNull Root getRoot()
@NotNull protected @NotNull Root getLatestRoot()
@NotNull protected @NotNull NamePathMapper getNamePathMapper()
@NotNull protected @NotNull PrivilegeManager getPrivilegeManager()
@NotNull protected @NotNull PrivilegeBitsProvider getPrivilegeBitsProvider()
@Nullable protected @Nullable java.lang.String getOakPath(@Nullable @Nullable java.lang.String jcrPath) throws RepositoryException
RepositoryException
@NotNull protected @NotNull Tree getTree(@Nullable @Nullable java.lang.String oakPath, long permissions, boolean checkAcContent) throws RepositoryException
RepositoryException
@NotNull protected @NotNull PermissionProvider getPermissionProvider()
Copyright © 2012–2022 The Apache Software Foundation. All rights reserved.