Package org.apache.jackrabbit.oak.spi.security.authorization.principalbased

Interface Filter

  • @ProviderType
public interface Filter
    Interface that allows to define the principals for which principal based access control management and permission evaluation can be executed. For any other principals this module would never take effect.

    • Method Detail

      • canHandle

        boolean canHandle​(@NotNull
                  @NotNull Set<Principal> principals)
        Reveals if this filter implementation is able to handle the given set of principals.
        Parameters:
        principals - A set of principals.
        Returns:
        true if the principals can be dealt with by this filter implementation, false otherwise.

      • getOakPath

        @NotNull
@NotNull String getOakPath​(@NotNull
                           @NotNull Principal validPrincipal)
        Returns the Oak path of the Tree to which the policy for the given validPrincipal will be bound. This method can rely on the fact that the given principal has been validated before and is not expected to validate the principal.
        Parameters:
        validPrincipal - A valid principal i.e. that has been validated through canHandle(Set).
        Returns:
        The absolute oak path to an exiting Tree. The policy for the given principal will be bound to that tree.
        Throws:
        IllegalArgumentException - If the specified principal is not validated/valid.

      • getValidPrincipal

        @Nullable
@Nullable Principal getValidPrincipal​(@NotNull
                                      @NotNull String oakPath)
        Retrieves the ItemBasedPrincipal for the given oakPath and returns it if it is considered valid by the Filter implementation. Otherwise this method returns null.
        Parameters:
        oakPath - A non-null Oak path pointing to an ItemBasedPrincipal.
        Returns:
        A valid principal or null if no valid principal can be retrieved/exists for the given path.