Package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol

Class AbstractAccessControlManager

java.lang.Object

org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager

All Implemented Interfaces:

AccessControlManager, JackrabbitAccessControlManager, AccessControlConstants

public abstract class AbstractAccessControlManager
extends java.lang.Object
implements JackrabbitAccessControlManager, AccessControlConstants

Default implementation of the JackrabbitAccessControlManager interface. This implementation covers both editing access control content by path and by Principal resulting both in the same content structure.

Field Summary

Fields inherited from interface org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants

AC_NODETYPE_NAMES, ACE_PROPERTY_NAMES, MIX_REP_ACCESS_CONTROLLABLE, MIX_REP_REPO_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_POLICY, NT_REP_RESTRICTIONS, PARAM_RESTRICTION_PROVIDER, POLICY_NODE_NAMES, REP_GLOB, REP_ITEM_NAMES, REP_NODE_PATH, REP_NT_NAMES, REP_POLICY, REP_PREFIXES, REP_PRINCIPAL_NAME, REP_PRIVILEGES, REP_REPO_POLICY, REP_RESTRICTIONS

Method Summary

Modifier and Type	Method	Description
@NotNull Privilege[]	getPrivileges(@Nullable java.lang.String absPath)
@NotNull Privilege[]	getPrivileges(@Nullable java.lang.String absPath, @NotNull java.util.Set<java.security.Principal> principals)	Returns the privileges the given set of Principals has for absolute path absPath, which must be an existing node.
@NotNull Privilege[]	getSupportedPrivileges(@Nullable java.lang.String absPath)
boolean	hasPrivileges(@Nullable java.lang.String absPath, @NotNull java.util.Set<java.security.Principal> principals, @Nullable Privilege[] privileges)	Returns whether the given set of Principals has the specified privileges for absolute path absPath, which must be an existing node.
boolean	hasPrivileges(@Nullable java.lang.String absPath, @Nullable Privilege[] privileges)
@NotNull Privilege	privilegeFromName(@NotNull java.lang.String privilegeName)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.jcr.security.AccessControlManager

getApplicablePolicies, getEffectivePolicies, getPolicies, removePolicy, setPolicy

Methods inherited from interface org.apache.jackrabbit.api.security.JackrabbitAccessControlManager

getApplicablePolicies, getEffectivePolicies, getPolicies

Method Detail

getSupportedPrivileges

@NotNull
public @NotNull Privilege[] getSupportedPrivileges(@Nullable
                                                   @Nullable java.lang.String absPath)
                                            throws RepositoryException

Specified by:

getSupportedPrivileges in interface AccessControlManager

Throws:

RepositoryException

privilegeFromName

@NotNull
public @NotNull Privilege privilegeFromName(@NotNull
                                            @NotNull java.lang.String privilegeName)
                                     throws RepositoryException

Specified by:

privilegeFromName in interface AccessControlManager

Throws:

RepositoryException

hasPrivileges

public boolean hasPrivileges(@Nullable
                             @Nullable java.lang.String absPath,
                             @Nullable
                             @Nullable Privilege[] privileges)
                      throws RepositoryException

Specified by:

hasPrivileges in interface AccessControlManager

Throws:

RepositoryException

getPrivileges

@NotNull
public @NotNull Privilege[] getPrivileges(@Nullable
                                          @Nullable java.lang.String absPath)
                                   throws RepositoryException

Specified by:

getPrivileges in interface AccessControlManager

Throws:

RepositoryException

hasPrivileges

public boolean hasPrivileges(@Nullable
                             @Nullable java.lang.String absPath,
                             @NotNull
                             @NotNull java.util.Set<java.security.Principal> principals,
                             @Nullable
                             @Nullable Privilege[] privileges)
                      throws RepositoryException

Description copied from interface: JackrabbitAccessControlManager

Returns whether the given set of Principals has the specified privileges for absolute path absPath, which must be an existing node.

Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling Privilege.getAggregatePrivileges() for that privilege.

The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

Since this method allows to view the privileges of principals other than included in the editing session, this method must throw AccessDeniedException if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

Specified by:

hasPrivileges in interface JackrabbitAccessControlManager

Parameters:

absPath - an absolute path.

principals - a set of Principals for which is the given privileges are tested.

privileges - an array of Privileges.

Returns:

true if the session has the specified privileges; false otherwise.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have sufficient access to retrieve a node at that location.

AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

RepositoryException - if another error occurs.

getPrivileges

@NotNull
public @NotNull Privilege[] getPrivileges(@Nullable
                                          @Nullable java.lang.String absPath,
                                          @NotNull
                                          @NotNull java.util.Set<java.security.Principal> principals)
                                   throws RepositoryException

Description copied from interface: JackrabbitAccessControlManager

Returns the privileges the given set of Principals has for absolute path absPath, which must be an existing node.

The returned privileges are those for which JackrabbitAccessControlManager.hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[]) would return true.

The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

Since this method allows to view the privileges of principals other than included in the editing session, this method must throw AccessDeniedException if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.

Specified by:

getPrivileges in interface JackrabbitAccessControlManager

Parameters:

absPath - an absolute path.

principals - a set of Principals for which is the privileges are retrieved.

Returns:

an array of Privileges.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have sufficient access to retrieve a node at that location.

AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

RepositoryException - if another error occurs.