Package org.apache.jackrabbit.commons.jackrabbit.authorization

Class AccessControlUtils

  • public class AccessControlUtils
extends java.lang.Object
    This class provides common access control related utilities.

    • Constructor Detail

      • AccessControlUtils

        public AccessControlUtils()

    • Method Detail

      • privilegesFromNames

        public static Privilege[] privilegesFromNames​(Session session,
                                              java.lang.String... privilegeNames)
                                       throws RepositoryException
        Retrieves the Privileges from the specified privilege names.
        Parameters:
        session - The editing session.
        privilegeNames - The privilege names.
        Returns:
        An array of privileges.
        Throws:
        RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.

      • privilegesFromNames

        public static Privilege[] privilegesFromNames​(AccessControlManager accessControlManager,
                                              java.lang.String... privilegeNames)
                                       throws RepositoryException
        Retrieves the Privileges from the specified privilege names.
        Parameters:
        accessControlManager - The access control manager.
        privilegeNames - The privilege names.
        Returns:
        An array of privileges.
        Throws:
        RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.

      • namesFromPrivileges

        public static java.lang.String[] namesFromPrivileges​(Privilege... privileges)
        Retrieves the names of the specified privileges.
        Parameters:
        privileges - One or more privileges.
        Returns:
        The names of the specified privileges.

      • addAccessControlEntry

        public static boolean addAccessControlEntry​(Session session,
                                            java.lang.String absPath,
                                            java.security.Principal principal,
                                            java.lang.String[] privilegeNames,
                                            boolean isAllow)
                                     throws RepositoryException
        A utility method to add a new access control entry.
        Please note, that calling Session.save() is required in order to persist the changes.
        Parameters:
        session - The editing session.
        absPath - The absolute path of the target node.
        principal - The principal to grant/deny privileges to.
        privilegeNames - The names of the privileges to grant or deny.
        isAllow - true to grant; false otherwise.
        Returns:
        true if the node's ACL was modified and the session has pending changes.
        Throws:
        RepositoryException - If an error occurs.

      • addAccessControlEntry

        public static boolean addAccessControlEntry​(Session session,
                                            java.lang.String absPath,
                                            java.security.Principal principal,
                                            Privilege[] privileges,
                                            boolean isAllow)
                                     throws RepositoryException
        A utility method to add a new access control entry. Please note, that a call to Session.save() is required in order to persist the changes.
        Parameters:
        session - The editing session
        absPath - The absolute path of the target node.
        principal - The principal to grant/deny privileges to.
        privileges - The privileges to grant or deny
        isAllow - true to grant; false otherwise;
        Returns:
        true if the node's ACL was modified and the session has pending changes.
        Throws:
        RepositoryException - If an error occurs.

      • grantAllToEveryone

        public static boolean grantAllToEveryone​(Session session,
                                         java.lang.String absPath)
                                  throws RepositoryException
        Utility to grant jcr:all privilege to the everyone group principal. Please note, that Session.save() is required in order to persist the changes.
        Parameters:
        session - The editing session.
        absPath - The absolute path of the target node
        Returns:
        true if the node's access control list was modified; false otherwise;
        Throws:
        RepositoryException - If an error occurs.

      • denyAllToEveryone

        public static boolean denyAllToEveryone​(Session session,
                                        java.lang.String absPath)
                                 throws RepositoryException
        Utility to deny jcr:all privilege to the everyone group principal. Please note, that Session.save() is required in order to persist the changes.
        Parameters:
        session - The editing session.
        absPath - The absolute path of the target node
        Returns:
        true if the node's access control list was modified; false otherwise;
        Throws:
        RepositoryException - If an error occurs.

      • allow

        public static boolean allow​(Node node,
                            java.lang.String principalName,
                            java.lang.String... privileges)
                     throws RepositoryException
        Allow certain privileges on a given node for a given principal.

        To activate the ACL change, session.save() must be called.

        Parameters:
        node - node to set the resource-based ACL entry on; underlying session is used to write the ACL
        principalName - Name of the principal for which the ACL entry should apply
        privileges - list of privileges to set by name (see Privilege)
        Returns:
        true if the node's ACL was modified and the session has pending changes.
        Throws:
        RepositoryException - If an unexpected repository error occurs

      • deny

        public static boolean deny​(Node node,
                           java.lang.String principalName,
                           java.lang.String... privileges)
                    throws RepositoryException
        Deny certain privileges on a node for a given principal.

        To activate the ACL change, session.save() must be called.

        Parameters:
        node - node to set the resource-based ACL entry on; underlying session is used to write the ACL
        principalName - Name of the principal for which the ACL entry should apply
        privileges - list of privileges to set by name (see Privilege)
        Returns:
        true if the node's ACL was modified and the session has pending changes.
        Throws:
        RepositoryException - If an unexpected repository error occurs

      • clear

        public static boolean clear​(Session session,
                            java.lang.String absPath,
                            java.lang.String principalName)
                     throws RepositoryException
        Removes all ACL entries for a principal at a given absolute path. If the specified principalName is null the policy will be removed altogether.

        Modifications only take effect upon Session.save().

        Parameters:
        session - The editing session.
        absPath - Absolute path of an existing node from which to remove ACL entries (or the policy)
        principalName - Name of the principal whose entries should be removed; use null to clear the policy.
        Returns:
        true if the policy has been modified; false otherwise.
        Throws:
        RepositoryException - If an unexpected repository error occurs

      • clear

        public static boolean clear​(Node node,
                            java.lang.String principalName)
                     throws RepositoryException
        Removes all ACL entries for a principal on a given node.

        Modification to the policy only take effect upon Session.save() must be called.

        Parameters:
        node - node from which to remove ACL entries; underlying session is used to write the changes
        principalName - Name of the principal whose entries should be removed; use null to clear the policy altogether.
        Returns:
        true if the node's ACL was modified, false otherwise.
        Throws:
        RepositoryException - If an unexpected repository error occurs

      • clear

        public static boolean clear​(Node node)
                     throws RepositoryException
        Removes the access control list at a given node.

        To persist the modifications, Session.save() must be called.

        Parameters:
        node - node from which to remove the ACL; underlying session is used to write the changes
        Returns:
        true if the node's ACL was removed, false otherwise.
        Throws:
        RepositoryException - If an unexpected repository error occurs

      • clear

        public static boolean clear​(Session session,
                            java.lang.String absPath)
                     throws RepositoryException
        Removes the access control list at the specified absolute path.

        To persist the modification, session.save() must be called.

        Parameters:
        session - The editing session.
        absPath - An absolute path of a valid node accessible to the editing session from which to remove the ACL.
        Returns:
        true if the node's ACL got removed, false otherwise.
        Throws:
        RepositoryException - If an unexpected repository error occurs

      • getPrincipal

        public static java.security.Principal getPrincipal​(Session session,
                                                   java.lang.String principalName)
                                            throws RepositoryException
        Retrieves the principal with the specified principalName. Shortcut for calling PrincipalManager.getPrincipal(String).
        Parameters:
        session - The editing session which must be a JackrabbitSession.
        principalName - The name of the principal.
        Returns:
        The principal with the specified name or null if no such principal exists.
        Throws:
        RepositoryException - If an error occurs or if the session is not a JackrabbitSession.

      • getEveryonePrincipal

        public static java.security.Principal getEveryonePrincipal​(Session session)
                                                    throws RepositoryException
        Shortcut for calling PrincipalManager.getEveryone().
        Parameters:
        session - The editing session which must be a JackrabbitSession.
        Returns:
        The group principal presenting everyone.
        Throws:
        RepositoryException - If an error occurs or if the session is not a JackrabbitSession.