java.lang.Object
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlList
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ImmutableACL
All Implemented Interfaces:
AccessControlList, AccessControlPolicy, JackrabbitAccessControlList, JackrabbitAccessControlPolicy

public class ImmutableACL extends AbstractAccessControlList
An implementation of the JackrabbitAccessControlList interface that only allows for reading. The write methods throw an AccessControlException.
  • Constructor Details

    • ImmutableACL

      public ImmutableACL(@Nullable @Nullable String oakPath, @NotNull @NotNull List<? extends JackrabbitAccessControlEntry> entries, @NotNull @NotNull RestrictionProvider restrictionProvider, @NotNull @NotNull NamePathMapper namePathMapper)
      Construct a new ImmutableACL
      Parameters:
      oakPath - The Oak path of this policy or null.
      entries - The access control entries contained in this policy.
      restrictionProvider - The restriction provider.
      namePathMapper - The NamePathMapper used for conversion.
    • ImmutableACL

      public ImmutableACL(@NotNull @NotNull AbstractAccessControlList accessControlList)
      Construct a new ImmutableACL from the given AbstractAccessControlList.
      Parameters:
      accessControlList - The base list
  • Method Details

    • removeAccessControlEntry

      public void removeAccessControlEntry(AccessControlEntry ace) throws AccessControlException
      Throws:
      AccessControlException
    • addEntry

      public boolean addEntry(@NotNull @NotNull Principal principal, @NotNull @NotNull Privilege[] privileges, boolean isAllow, @Nullable @Nullable Map<String,Value> restrictions) throws AccessControlException
      Description copied from interface: JackrabbitAccessControlList
      Adds an access control entry to this policy consisting of the specified principal, the specified privileges, the isAllow flag and an optional map containing additional restrictions.

      This method returns true if this policy was modified, false otherwise.

      An AccessControlException is thrown if any of the specified parameters is invalid or if some other access control related exception occurs.

      Specified by:
      addEntry in interface JackrabbitAccessControlList
      Overrides:
      addEntry in class AbstractAccessControlList
      Parameters:
      principal - the principal to add the entry for
      privileges - the privileges to add
      isAllow - if true if this is a positive (allow) entry
      restrictions - A map of additional restrictions used to narrow the effect of the entry to be created. The map must map JCR names to a single Value object.
      Returns:
      true if this policy has changed by incorporating the given entry; false otherwise.
      Throws:
      AccessControlException - If any of the given parameter is invalid or cannot be handled by the implementation.
      See Also:
    • addEntry

      public boolean addEntry(@NotNull @NotNull Principal principal, @NotNull @NotNull Privilege[] privileges, boolean isAllow, @Nullable @Nullable Map<String,Value> restrictions, @Nullable @Nullable Map<String,Value[]> mvRestrictions) throws AccessControlException
      Description copied from interface: JackrabbitAccessControlList
      Adds an access control entry to this policy consisting of the specified principal, the specified privileges, the isAllow flag and an optional map containing additional restrictions.

      This method returns true if this policy was modified, false otherwise.

      An AccessControlException is thrown if any of the specified parameters is invalid or if some other access control related exception occurs.

      Parameters:
      principal - the principal to add the entry for
      privileges - the privileges to add
      isAllow - if true if this is a positive (allow) entry
      restrictions - A map of additional restrictions used to narrow the effect of the entry to be created. The map must map JCR names to a single Value object.
      mvRestrictions - A map of additional multivalued restrictions used to narrow the effect of the entry to be created. The map must map JCR names to a Value array.
      Returns:
      true if this policy has changed by incorporating the given entry; false otherwise.
      Throws:
      AccessControlException - If any of the given parameter is invalid or cannot be handled by the implementation.
      See Also:
    • orderBefore

      public void orderBefore(@NotNull @NotNull AccessControlEntry srcEntry, @Nullable @Nullable AccessControlEntry destEntry) throws AccessControlException
      Description copied from interface: JackrabbitAccessControlList
      If the AccessControlList implementation supports reordering of entries the specified srcEntry is inserted at the position of the specified destEntry.

      If destEntry is null the entry is moved to the end of the list.

      If srcEntry and destEntry are the same no changes are made.

      Parameters:
      srcEntry - The access control entry to be moved within the list.
      destEntry - The entry before which the srcEntry will be moved.
      Throws:
      AccessControlException - If any of the given entries is invalid or cannot be handled by the implementation.
    • getEntries

      @NotNull public @NotNull List<JackrabbitAccessControlEntry> getEntries()
      Specified by:
      getEntries in class AbstractAccessControlList
    • getRestrictionProvider

      @NotNull public @NotNull RestrictionProvider getRestrictionProvider()
      Specified by:
      getRestrictionProvider in class AbstractAccessControlList
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object