Package org.apache.jackrabbit.oak.spi.security.user.action

Interface AuthorizableAction

All Known Subinterfaces:

GroupAction, UserAction

All Known Implementing Classes:

AbstractAuthorizableAction, AbstractGroupAction, AccessControlAction, ClearMembershipAction, PasswordChangeAction, PasswordValidationAction

public interface AuthorizableAction

The AuthorizableAction interface provide an implementation specific way to execute additional validation or write tasks upon

• User creation,
• Group creation,
• Authorizable removal and
• User password modification.

Please be aware, that in contrast to Validator the authorizable actions will only be enforced when user related content modifications are generated by using the user management API.

Note: user management operations are defined to perform transient modifications, which require an explicit save/commit call by the API consumer to be persisted. For consistency, implementations of the AuthorizableAction are expected to adhere to this rule and must not pre-emptively call Root.commit().

Since:

OAK 1.0

See Also:

• ConfigurationParameters

Method Summary

Modifier and Type	Method	Description
void	init(@NotNull SecurityProvider securityProvider, @NotNull ConfigurationParameters config)	Initialize this action with the specified security provider and configuration.
void	onCreate(@NotNull Group group, @NotNull Root root, @NotNull NamePathMapper namePathMapper)	Allows to add application specific modifications or validation associated with the creation of a new group.
default void	onCreate(@NotNull User systemUser, @NotNull Root root, @NotNull NamePathMapper namePathMapper)	Allows to add application specific modifications or validation associated with the creation of a new systemsystem.
void	onCreate(@NotNull User user, @Nullable String password, @NotNull Root root, @NotNull NamePathMapper namePathMapper)	Allows to add application specific modifications or validation associated with the creation of a new user.
void	onPasswordChange(@NotNull User user, @Nullable String newPassword, @NotNull Root root, @NotNull NamePathMapper namePathMapper)	Allows to add application specific action or validation associated with changing a user password.
void	onRemove(@NotNull Authorizable authorizable, @NotNull Root root, @NotNull NamePathMapper namePathMapper)	Allows to add application specific behavior associated with the removal of an authorizable.

Method Details

init

void init(@NotNull
 @NotNull SecurityProvider securityProvider,
 @NotNull
 @NotNull ConfigurationParameters config)

Initialize this action with the specified security provider and configuration.

Parameters:

securityProvider - The security provider present with the repository

config - The configuration parameters for this action.

onCreate

void onCreate(@NotNull
 @NotNull Group group,
 @NotNull
 @NotNull Root root,
 @NotNull
 @NotNull NamePathMapper namePathMapper)
       throws RepositoryException

Allows to add application specific modifications or validation associated with the creation of a new group. Note, that this method is called before any Root#commit() call.

Parameters:

group - The new group that has not yet been persisted; e.g. the associated tree is still 'NEW'.

root - The root associated with the user manager.

namePathMapper -

Throws:

RepositoryException - If an error occurs.

onCreate

void onCreate(@NotNull
 @NotNull User user,
 @Nullable
 @Nullable String password,
 @NotNull
 @NotNull Root root,
 @NotNull
 @NotNull NamePathMapper namePathMapper)
       throws RepositoryException

Allows to add application specific modifications or validation associated with the creation of a new user. Note, that this method is called before any Root#commit() call.

Parameters:

user - The new user that has not yet been persisted; e.g. the associated tree is still 'NEW'.

password - The password that was specified upon user creation.

root - The root associated with the user manager.

namePathMapper -

Throws:

RepositoryException - If an error occurs.

onCreate

default void onCreate(@NotNull
 @NotNull User systemUser,
 @NotNull
 @NotNull Root root,
 @NotNull
 @NotNull NamePathMapper namePathMapper)
               throws RepositoryException

Allows to add application specific modifications or validation associated with the creation of a new systemsystem. Note, that this method is called before any Root#commit() call.

Parameters:

systemUser - The new system user that has not yet been persisted; e.g. the associated tree is still 'NEW'.

root - The root associated with the user manager.

namePathMapper - The NamePathMapper present with the editing session.

Throws:

RepositoryException - If an error occurs.

onRemove

void onRemove(@NotNull
 @NotNull Authorizable authorizable,
 @NotNull
 @NotNull Root root,
 @NotNull
 @NotNull NamePathMapper namePathMapper)
       throws RepositoryException

Allows to add application specific behavior associated with the removal of an authorizable. Note, that this method is called before Authorizable.remove() is executed (and persisted); thus the target authorizable still exists.

Parameters:

authorizable - The authorizable to be removed.

root - The root associated with the user manager.

namePathMapper -

Throws:

RepositoryException - If an error occurs.

onPasswordChange

void onPasswordChange(@NotNull
 @NotNull User user,
 @Nullable
 @Nullable String newPassword,
 @NotNull
 @NotNull Root root,
 @NotNull
 @NotNull NamePathMapper namePathMapper)
               throws RepositoryException

Allows to add application specific action or validation associated with changing a user password. Note, that this method is called before the password property is being modified in the content.

Parameters:

user - The user that whose password is going to change.

newPassword - The new password as specified in User.changePassword(java.lang.String)

root - The root associated with the user manager.

namePathMapper -

Throws:

RepositoryException - If an exception or error occurs.