org.apache.jackrabbit.oak.spi.security.authorization.restriction

Interface RestrictionProvider

All Known Implementing Classes:

AbstractRestrictionProvider, CompositeRestrictionProvider, CustomRestrictionProvider, PrincipalRestrictionProvider, RestrictionProviderImpl, WhiteboardRestrictionProvider

public interface RestrictionProvider

Interface to manage the supported restrictions present with a given access control and permission management implementation.

Since:

OAK 1.0

Field Summary

Fields

Modifier and Type	Field and Description
static RestrictionProvider	EMPTY Empty restriction provider implementation that doesn't support any restrictions.

Method Summary

Modifier and Type	Method and Description
Restriction	createRestriction(String oakPath, String oakName, Value... values) Creates a new multi valued restriction for the specified parameters.
Restriction	createRestriction(String oakPath, String oakName, Value value) Creates a new single valued restriction for the specified parameters.
RestrictionPattern	getPattern(String oakPath, Set<Restriction> restrictions) Creates the RestrictionPattern for the specified restrictions.
RestrictionPattern	getPattern(String oakPath, Tree tree) Creates the RestrictionPattern for the restriction information stored with specified tree.
Set<RestrictionDefinition>	getSupportedRestrictions(String oakPath) Returns the restriction definitions supported by this provider implementation at the specified path.
Set<Restriction>	readRestrictions(String oakPath, Tree aceTree) Read the valid restrictions stored in the specified ACE tree.
void	validateRestrictions(String oakPath, Tree aceTree) Validate the restrictions present with the specified ACE tree.
void	writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) Writes the given restrictions to the specified ACE tree.

Field Detail

EMPTY

static final RestrictionProvider EMPTY

Empty restriction provider implementation that doesn't support any restrictions.

Method Detail

getSupportedRestrictions

@Nonnull
Set<RestrictionDefinition> getSupportedRestrictions(@Nullable
                                                              String oakPath)

Returns the restriction definitions supported by this provider implementation at the specified path.

Parameters:

oakPath - The path of the access controlled tree. A null path indicates that the supported restrictions for repository level policies should be returned.

Returns:

The set of supported restrictions at the given path.

createRestriction

@Nonnull
Restriction createRestriction(@Nullable
                                        String oakPath,
                                        @Nonnull
                                        String oakName,
                                        @Nonnull
                                        Value value)
                                 throws AccessControlException,
                                        RepositoryException

Creates a new single valued restriction for the specified parameters.

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

oakName - The name of the restriction.

value - The value of the restriction.

Returns:

A new restriction instance.

Throws:

AccessControlException - If no matching restriction definition exists for the specified parameters.

RepositoryException - If another error occurs.

createRestriction

@Nonnull
Restriction createRestriction(@Nullable
                                        String oakPath,
                                        @Nonnull
                                        String oakName,
                                        @Nonnull
                                        Value... values)
                                 throws AccessControlException,
                                        RepositoryException

Creates a new multi valued restriction for the specified parameters.

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

oakName - The name of the restriction.

values - The values of the restriction.

Returns:

A new restriction instance.

Throws:

AccessControlException - If no matching restriction definition exists for the specified parameters.

RepositoryException - If another error occurs.

readRestrictions

@Nonnull
Set<Restriction> readRestrictions(@Nullable
                                            String oakPath,
                                            @Nonnull
                                            Tree aceTree)

Read the valid restrictions stored in the specified ACE tree.

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE that may contain restrictions.

Returns:

The valid restrictions stored with the specified tree or an empty set.

writeRestrictions

void writeRestrictions(String oakPath,
                       Tree aceTree,
                       Set<Restriction> restrictions)
                throws RepositoryException

Writes the given restrictions to the specified ACE tree. Note, that this method does not need to validate the specified restrictions (see also validateRestrictions(String, org.apache.jackrabbit.oak.api.Tree)).

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE that will have the specified restrictions added.

restrictions - The set of restrictions to be written to the specified tree.

Throws:

RepositoryException - If an error occurs while writing the restrictions.

validateRestrictions

void validateRestrictions(@Nullable
                          String oakPath,
                          @Nonnull
                          Tree aceTree)
                   throws AccessControlException,
                          RepositoryException

Validate the restrictions present with the specified ACE tree.

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

aceTree - The tree corresponding to an ACE.

Throws:

AccessControlException - If any invalid restrictions are detected.

RepositoryException - If another error occurs.

getPattern

@Nonnull
RestrictionPattern getPattern(@Nullable
                                        String oakPath,
                                        @Nonnull
                                        Tree tree)

Creates the RestrictionPattern for the restriction information stored with specified tree.

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

tree - The tree holding the restriction information.

Returns:

A new RestrictionPattern representing the restriction information present with the given tree.

getPattern

@Nonnull
RestrictionPattern getPattern(@Nullable
                                        String oakPath,
                                        @Nonnull
                                        Set<Restriction> restrictions)

Creates the RestrictionPattern for the specified restrictions. The implementation should ignore all restrictions present in the specified set that it doesn't support.

Parameters:

oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.

restrictions - the restrictions.

Returns:

A new RestrictionPattern representing those restrictions of the specified set that are supported by this implementation.