Interface AccessControlConstants
-
- All Known Implementing Classes:
AbstractAccessControlManager,AbstractRestrictionProvider,AccessControlImporter,AccessControlManagerImpl,MountPermissionProvider,PermissionHook,PermissionProviderImpl,PrincipalRestrictionProvider,RestrictionProviderImpl
public interface AccessControlConstantsConstants for the default access control management implementation and and for built-in access control related node types.
-
-
Field Summary
Fields Modifier and Type Field Description static Collection<String>AC_NODETYPE_NAMESstatic Collection<String>ACE_PROPERTY_NAMESstatic StringMIX_REP_ACCESS_CONTROLLABLEstatic StringMIX_REP_REPO_ACCESS_CONTROLLABLEstatic StringNT_REP_ACEstatic StringNT_REP_ACLstatic StringNT_REP_DENY_ACEstatic StringNT_REP_GRANT_ACEstatic StringNT_REP_POLICYstatic StringNT_REP_RESTRICTIONSstatic StringPARAM_RESTRICTION_PROVIDERstatic Collection<String>POLICY_NODE_NAMESstatic StringREP_CURRENTName of the optional multivalued access control restriction that limits access to a single level i.e.static StringREP_GLOBstatic StringREP_GLOBSName of the optional multi-valued access control restriction that allows to combine more than oneREP_GLOBrestriction.static StringREP_ITEM_NAMESName of the optional multivalued access control restriction by item name.static StringREP_NODE_PATHstatic StringREP_NT_NAMESName of the optional multivalued access control restriction by node type name.static StringREP_POLICYstatic StringREP_PREFIXESName of the optional multivalued access control restriction which matches by name space prefix.static StringREP_PRINCIPAL_NAMEstatic StringREP_PRIVILEGESstatic StringREP_REPO_POLICYstatic StringREP_RESTRICTIONSstatic StringREP_SUBTREESName of the optional multi-valued access control restriction that allows to limit the effect to one or multiple subtrees.
-
-
-
Field Detail
-
REP_POLICY
static final String REP_POLICY
- See Also:
- Constant Field Values
-
REP_REPO_POLICY
static final String REP_REPO_POLICY
- See Also:
- Constant Field Values
-
REP_PRIVILEGES
static final String REP_PRIVILEGES
- See Also:
- Constant Field Values
-
REP_PRINCIPAL_NAME
static final String REP_PRINCIPAL_NAME
- See Also:
- Constant Field Values
-
REP_GLOB
static final String REP_GLOB
- See Also:
- Constant Field Values
-
REP_NODE_PATH
static final String REP_NODE_PATH
- See Also:
- Constant Field Values
-
REP_NT_NAMES
static final String REP_NT_NAMES
Name of the optional multivalued access control restriction by node type name. The corresponding restriction type isType.NAMES.- Since:
- OAK 1.0
- See Also:
- Constant Field Values
-
REP_PREFIXES
static final String REP_PREFIXES
Name of the optional multivalued access control restriction which matches by name space prefix. The corresponding restriction type isType.STRINGS.- Since:
- OAK 1.0
- See Also:
- Constant Field Values
-
REP_ITEM_NAMES
static final String REP_ITEM_NAMES
Name of the optional multivalued access control restriction by item name. The corresponding restriction type isType.NAMES.- Since:
- OAK 1.3.8
- See Also:
- Constant Field Values
-
REP_CURRENT
static final String REP_CURRENT
Name of the optional multivalued access control restriction that limits access to a single level i.e. the target node where the access control entry takes effect and optionally all or a subset of it's properties. An empty value array will make this restriction matching the target node only (i.e. equivalent to rep:glob=""). An array of property names will extend the effect of the restriction to properties of the target node that match the specified names. The
residual name '*'will match the target node and all it's properties.The corresponding restriction type is
Type.STRINGSNote: due to the support of
NodeTypeConstants.RESIDUAL_NAME, which isn't a valid JCR name, this restriction is defined to be ofType.STRINGSinstead ofType.NAMES. Like the rep:glob restriction it will therefore not work with expanded JCR names or with remapped namespace prefixes.Note: In case of permission evaluation for a path pointing to a non-existing JCR item (see e.g.
Session.hasPermission(String, String)) a best-effort attempt is made to determine if the path may point to a property, default being that the path points to a non-existing node.Example:
rep:current = [] => restriction applies to the target node only rep:current = [*] => restriction applies to the target node and all it's properties rep:current = [jcr:primaryType] => restriction applies to the target node and it's property jcr:primaryType rep:current = [a, b, prefix:c] => restriction applies to the target node and it's properties a, b and prefix:c
- Since:
- OAK 1.42.0
- See Also:
- Constant Field Values
-
REP_GLOBS
static final String REP_GLOBS
Name of the optional multi-valued access control restriction that allows to combine more than one
REP_GLOBrestriction. The effect is equivalent to defining multiple access control entries with a singleREP_GLOBrestriction each and will match a given path or item if any of the specified glob-values matches.Note, that an empty value array will never match any path/item.
The corresponding restriction type is
Type.STRINGS- See Also:
- Constant Field Values
-
REP_SUBTREES
static final String REP_SUBTREES
Name of the optional multi-valued access control restriction that allows to limit the effect to one or multiple subtrees. It is a simplified variant of the common pattern using 2
REP_GLOBwildcard patterns to grant or deny access on a particular node in the subtree and all its descendent items.NodePath = "/foo" Restriction | Matches ----------------------------------------------------------------------------- /cat | all descendants of /foo whose path ends with "/cat" or that have an intermediate segment /cat/ /cat/ | all descendants of /foo that have an intermediate segment /cat/ cat | all siblings or descendants of /foo whose path ends with "cat" or that have an intermediate segment ending with "cat" cat/ | all siblings or descendants of /foo that have an intermediate segment ending with "cat"
Note, that variants of 'cat'-paths could also consist of multiple segments like e.g. '/cat/dog' or '/cat/dog'
Note, that in contrast to
REP_GLOBno wildcard characters are used to specify the restriction.Note, that an empty value array will never match any path/item.
Note, that null values and empty string values will be omitted.
- See Also:
- Constant Field Values
-
REP_RESTRICTIONS
static final String REP_RESTRICTIONS
- Since:
- OAK 1.0
- See Also:
- Constant Field Values
-
MIX_REP_ACCESS_CONTROLLABLE
static final String MIX_REP_ACCESS_CONTROLLABLE
- See Also:
- Constant Field Values
-
MIX_REP_REPO_ACCESS_CONTROLLABLE
static final String MIX_REP_REPO_ACCESS_CONTROLLABLE
- See Also:
- Constant Field Values
-
NT_REP_POLICY
static final String NT_REP_POLICY
- See Also:
- Constant Field Values
-
NT_REP_ACL
static final String NT_REP_ACL
- See Also:
- Constant Field Values
-
NT_REP_ACE
static final String NT_REP_ACE
- See Also:
- Constant Field Values
-
NT_REP_GRANT_ACE
static final String NT_REP_GRANT_ACE
- See Also:
- Constant Field Values
-
NT_REP_DENY_ACE
static final String NT_REP_DENY_ACE
- See Also:
- Constant Field Values
-
NT_REP_RESTRICTIONS
static final String NT_REP_RESTRICTIONS
- Since:
- OAK 1.0
- See Also:
- Constant Field Values
-
POLICY_NODE_NAMES
static final Collection<String> POLICY_NODE_NAMES
-
ACE_PROPERTY_NAMES
static final Collection<String> ACE_PROPERTY_NAMES
-
AC_NODETYPE_NAMES
static final Collection<String> AC_NODETYPE_NAMES
-
PARAM_RESTRICTION_PROVIDER
static final String PARAM_RESTRICTION_PROVIDER
- See Also:
- Constant Field Values
-
-