Package org.apache.jackrabbit.oak.spi.security.authorization.restriction

Interface RestrictionProvider

All Known Implementing Classes:
AbstractRestrictionProvider, CompositeRestrictionProvider, CustomRestrictionProvider, PrincipalRestrictionProvider, RestrictionProviderImpl, WhiteboardRestrictionProvider
public interface RestrictionProvider
Interface to manage the supported restrictions present with a given access control and permission management implementation.
Since:
OAK 1.0

  • Field Details

    • EMPTY

      static final RestrictionProvider EMPTY
      Empty restriction provider implementation that doesn't support any restrictions.

  • Method Details

    • getSupportedRestrictions

      @NotNull @NotNull Set<RestrictionDefinition> getSupportedRestrictions(@Nullable @Nullable String oakPath)
      Returns the restriction definitions supported by this provider implementation at the specified path.
      Parameters:
      oakPath - The path of the access controlled tree. A null path indicates that the supported restrictions for repository level policies should be returned.
      Returns:
      The set of supported restrictions at the given path.

    • createRestriction

      @NotNull @NotNull Restriction createRestriction(@Nullable @Nullable String oakPath, @NotNull @NotNull String oakName, @NotNull @NotNull Value value) throws AccessControlException, RepositoryException
      Creates a new single valued restriction for the specified parameters.
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      oakName - The name of the restriction.
      value - The value of the restriction.
      Returns:
      A new restriction instance.
      Throws:
      AccessControlException - If no matching restriction definition exists for the specified parameters.
      RepositoryException - If another error occurs.

    • createRestriction

      @NotNull @NotNull Restriction createRestriction(@Nullable @Nullable String oakPath, @NotNull @NotNull String oakName, @NotNull @NotNull Value... values) throws AccessControlException, RepositoryException
      Creates a new multi valued restriction for the specified parameters.
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      oakName - The name of the restriction.
      values - The values of the restriction.
      Returns:
      A new restriction instance.
      Throws:
      AccessControlException - If no matching restriction definition exists for the specified parameters.
      RepositoryException - If another error occurs.

    • readRestrictions

      @NotNull @NotNull Set<Restriction> readRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree aceTree)
      Read the valid restrictions stored in the specified ACE tree.
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      aceTree - The tree corresponding to an ACE that may contain restrictions.
      Returns:
      The valid restrictions stored with the specified tree or an empty set.

    • writeRestrictions

      void writeRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree aceTree, @NotNull @NotNull Set<Restriction> restrictions) throws RepositoryException
      Writes the given restrictions to the specified ACE tree. Note, that this method does not need to validate the specified restrictions (see also validateRestrictions(String, org.apache.jackrabbit.oak.api.Tree)).
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      aceTree - The tree corresponding to an ACE that will have the specified restrictions added.
      restrictions - The set of restrictions to be written to the specified tree.
      Throws:
      RepositoryException - If an error occurs while writing the restrictions.

    • validateRestrictions

      void validateRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree aceTree) throws AccessControlException, RepositoryException
      Validate the restrictions present with the specified ACE tree.
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      aceTree - The tree corresponding to an ACE.
      Throws:
      AccessControlException - If any invalid restrictions are detected.
      RepositoryException - If another error occurs.

    • getPattern

      @NotNull @NotNull RestrictionPattern getPattern(@Nullable @Nullable String oakPath, @NotNull @NotNull Tree tree)
      Creates the RestrictionPattern for the restriction information stored with specified tree.
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      tree - The tree holding the restriction information.
      Returns:
      A new RestrictionPattern representing the restriction information present with the given tree.

    • getPattern

      @NotNull @NotNull RestrictionPattern getPattern(@Nullable @Nullable String oakPath, @NotNull @NotNull Set<Restriction> restrictions)
      Creates the RestrictionPattern for the specified restrictions. The implementation should ignore all restrictions present in the specified set that it doesn't support.
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      restrictions - the restrictions.
      Returns:
      A new RestrictionPattern representing those restrictions of the specified set that are supported by this implementation.