AccessControlConstants (Jackrabbit Oak 1.44.0 API)

All Known Implementing Classes:

AbstractAccessControlManager, AbstractRestrictionProvider, AccessControlImporter, AccessControlManagerImpl, MountPermissionProvider, PermissionHook, PermissionProviderImpl, PrincipalRestrictionProvider, RestrictionProviderImpl
```
public interface AccessControlConstants
```
Constants for the default access control management implementation and and for built-in access control related node types.

Field Summary

Fields
Modifier and Type	Field and Description
`static java.util.Collection<java.lang.String>`	`AC_NODETYPE_NAMES`
`static java.util.Collection<java.lang.String>`	`ACE_PROPERTY_NAMES`
`static java.lang.String`	`MIX_REP_ACCESS_CONTROLLABLE`
`static java.lang.String`	`MIX_REP_REPO_ACCESS_CONTROLLABLE`
`static java.lang.String`	`NT_REP_ACE`
`static java.lang.String`	`NT_REP_ACL`
`static java.lang.String`	`NT_REP_DENY_ACE`
`static java.lang.String`	`NT_REP_GRANT_ACE`
`static java.lang.String`	`NT_REP_POLICY`
`static java.lang.String`	`NT_REP_RESTRICTIONS`
`static java.lang.String`	`PARAM_RESTRICTION_PROVIDER`
`static java.util.Collection<java.lang.String>`	`POLICY_NODE_NAMES`
`static java.lang.String`	`REP_CURRENT` Name of the optional multivalued access control restriction that limits access to a single level i.e.
`static java.lang.String`	`REP_GLOB`
`static java.lang.String`	`REP_GLOBS` Name of the optional multi-valued access control restriction that allows to combine more than one `REP_GLOB` restriction.
`static java.lang.String`	`REP_ITEM_NAMES` Name of the optional multivalued access control restriction by item name.
`static java.lang.String`	`REP_NODE_PATH`
`static java.lang.String`	`REP_NT_NAMES` Name of the optional multivalued access control restriction by node type name.
`static java.lang.String`	`REP_POLICY`
`static java.lang.String`	`REP_PREFIXES` Name of the optional multivalued access control restriction which matches by name space prefix.
`static java.lang.String`	`REP_PRINCIPAL_NAME`
`static java.lang.String`	`REP_PRIVILEGES`
`static java.lang.String`	`REP_REPO_POLICY`
`static java.lang.String`	`REP_RESTRICTIONS`
`static java.lang.String`	`REP_SUBTREES` Name of the optional multi-valued access control restriction that allows to limit the effect to one or multiple subtrees.

- Field Detail
  - REP_POLICY
```
static final java.lang.String REP_POLICY
```
    See Also:
    
    Constant Field Values
  - REP_REPO_POLICY
```
static final java.lang.String REP_REPO_POLICY
```
    See Also:
    
    Constant Field Values
  - REP_PRIVILEGES
```
static final java.lang.String REP_PRIVILEGES
```
    See Also:
    
    Constant Field Values
  - REP_PRINCIPAL_NAME
```
static final java.lang.String REP_PRINCIPAL_NAME
```
    See Also:
    
    Constant Field Values
  - REP_GLOB
```
static final java.lang.String REP_GLOB
```
    See Also:
    
    Constant Field Values
  - REP_NODE_PATH
```
static final java.lang.String REP_NODE_PATH
```
    See Also:
    
    Constant Field Values
  - REP_NT_NAMES
```
static final java.lang.String REP_NT_NAMES
```
    Name of the optional multivalued access control restriction by node type name. The corresponding restriction type is Type.NAMES.
    
    Since:
    
    OAK 1.0
    
    See Also:
    
    Constant Field Values
  - REP_PREFIXES
```
static final java.lang.String REP_PREFIXES
```
    Name of the optional multivalued access control restriction which matches by name space prefix. The corresponding restriction type is Type.STRINGS.
    
    Since:
    
    OAK 1.0
    
    See Also:
    
    Constant Field Values
  - REP_ITEM_NAMES
```
static final java.lang.String REP_ITEM_NAMES
```
    Name of the optional multivalued access control restriction by item name. The corresponding restriction type is Type.NAMES.
    
    Since:
    
    OAK 1.3.8
    
    See Also:
    
    Constant Field Values
  - REP_CURRENT
```
static final java.lang.String REP_CURRENT
```
    Name of the optional multivalued access control restriction that limits access to a single level i.e. the target node where the access control entry takes effect and optionally all or a subset of it's properties. An empty value array will make this restriction matching the target node only (i.e. equivalent to rep:glob=""). An array of property names will extend the effect of the restriction to properties of the target node that match the specified names. The residual name '*' will match the target node and all it's properties.
    
    The corresponding restriction type is Type.STRINGS
    
    Note: due to the support of NodeTypeConstants.RESIDUAL_NAME, which isn't a valid JCR name, this restriction is defined to be of Type.STRINGS instead of Type.NAMES. Like the rep:glob restriction it will therefore not work with expanded JCR names or with remapped namespace prefixes.
    
    Note: In case of permission evaluation for a path pointing to a non-existing JCR item (see e.g. Session.hasPermission(String, String)) a best-effort attempt is made to determine if the path may point to a property, default being that the path points to a non-existing node.
    Example:
```
 rep:current = []                => restriction applies to the target node only
 rep:current = [*]               => restriction applies to the target node and all it's properties
 rep:current = [jcr:primaryType] => restriction applies to the target node and it's property jcr:primaryType
 rep:current = [a, b, prefix:c]  => restriction applies to the target node and it's properties a, b and prefix:c
 
```
    Since:
    
    OAK 1.42.0
    
    See Also:
    
    Constant Field Values
  - REP_GLOBS
```
static final java.lang.String REP_GLOBS
```
    Name of the optional multi-valued access control restriction that allows to combine more than one REP_GLOB restriction. The effect is equivalent to defining multiple access control entries with a single REP_GLOB restriction each and will match a given path or item if any of the specified glob-values matches.
    
    Note, that an empty value array will never match any path/item.
    
    The corresponding restriction type is Type.STRINGS
    
    See Also:
    
    Constant Field Values
  - REP_SUBTREES
```
static final java.lang.String REP_SUBTREES
```
    Name of the optional multi-valued access control restriction that allows to limit the effect to one or multiple subtrees. It is a simplified variant of the common pattern using 2 REP_GLOB wildcard patterns to grant or deny access on a particular node in the subtree and all its descendent items.
```
 NodePath = "/foo"
 Restriction   |   Matches
 -----------------------------------------------------------------------------
 /cat          |   all descendants of /foo whose path ends with "/cat" or that have an intermediate segment /cat/
 /cat/         |   all descendants of /foo that have an intermediate segment /cat/
 cat           |   all siblings or descendants of /foo whose path ends with "cat" or that have an intermediate segment ending with "cat"
 cat/          |   all siblings or descendants of /foo that have an intermediate segment ending with "cat"
 
```
    Note, that variants of 'cat'-paths could also consist of multiple segments like e.g. '/cat/dog' or '/cat/dog'
    
    Note, that in contrast to REP_GLOB
    no wildcard characters are used to specify the restriction.
    Note, that an empty value array will never match any path/item.
    
    Note, that null values and empty string values will be omitted.
    See Also:
    
    Constant Field Values
  - REP_RESTRICTIONS
```
static final java.lang.String REP_RESTRICTIONS
```
    Since:
    
    OAK 1.0
    
    See Also:
    
    Constant Field Values
  - MIX_REP_ACCESS_CONTROLLABLE
```
static final java.lang.String MIX_REP_ACCESS_CONTROLLABLE
```
    See Also:
    
    Constant Field Values
  - MIX_REP_REPO_ACCESS_CONTROLLABLE
```
static final java.lang.String MIX_REP_REPO_ACCESS_CONTROLLABLE
```
    See Also:
    
    Constant Field Values
  - NT_REP_POLICY
```
static final java.lang.String NT_REP_POLICY
```
    See Also:
    
    Constant Field Values
  - NT_REP_ACL
```
static final java.lang.String NT_REP_ACL
```
    See Also:
    
    Constant Field Values
  - NT_REP_ACE
```
static final java.lang.String NT_REP_ACE
```
    See Also:
    
    Constant Field Values
  - NT_REP_GRANT_ACE
```
static final java.lang.String NT_REP_GRANT_ACE
```
    See Also:
    
    Constant Field Values
  - NT_REP_DENY_ACE
```
static final java.lang.String NT_REP_DENY_ACE
```
    See Also:
    
    Constant Field Values
  - NT_REP_RESTRICTIONS
```
static final java.lang.String NT_REP_RESTRICTIONS
```
    Since:
    
    OAK 1.0
    
    See Also:
    
    Constant Field Values
  - POLICY_NODE_NAMES
```
static final java.util.Collection<java.lang.String> POLICY_NODE_NAMES
```
  - ACE_PROPERTY_NAMES
```
static final java.util.Collection<java.lang.String> ACE_PROPERTY_NAMES
```
  - AC_NODETYPE_NAMES
```
static final java.util.Collection<java.lang.String> AC_NODETYPE_NAMES
```
  - PARAM_RESTRICTION_PROVIDER
```
static final java.lang.String PARAM_RESTRICTION_PROVIDER
```
    See Also:
    
    Constant Field Values

Interface AccessControlConstants

Field Summary

Field Detail

REP_POLICY

REP_REPO_POLICY

REP_PRIVILEGES

REP_PRINCIPAL_NAME

REP_GLOB

REP_NODE_PATH

REP_NT_NAMES

REP_PREFIXES

REP_ITEM_NAMES

REP_CURRENT

REP_GLOBS

REP_SUBTREES

REP_RESTRICTIONS

MIX_REP_ACCESS_CONTROLLABLE

MIX_REP_REPO_ACCESS_CONTROLLABLE

NT_REP_POLICY

NT_REP_ACL

NT_REP_ACE

NT_REP_GRANT_ACE

NT_REP_DENY_ACE

NT_REP_RESTRICTIONS

POLICY_NODE_NAMES

ACE_PROPERTY_NAMES

AC_NODETYPE_NAMES

PARAM_RESTRICTION_PROVIDER