Package com.adobe.granite.security.user.util

Class AuthorizableJSONWriter

java.lang.Object
com.adobe.granite.security.user.util.AuthorizableJSONWriter
All Implemented Interfaces:
PropConstants
public class AuthorizableJSONWriter extends Object implements PropConstants
AuthorizableJSONWriter is a utility to write a JSON serialization of users and groups.

Default Serialization

The default serialization of a given authorizable includes the following information:

Output Properties

In order to include additional information into the serialization a set of output properties can be specified. Currently the following additional properties are supported:
  • PropConstants.PRINCIPAL: The principal name.
  • PropConstants.MEMBER_OF: Includes the serialization of the groups this authorizable is member of (as visible to the editing session).
  • memberOfTotal: The total number of groups this authorizable is member of. Note, that -1 may be returned if a limit has been specified and the total amount of members exceeds the specified limit
  • PropConstants.DECLARED_MEMBER_OF: Includes the serialization of those groups this authorizable is declared member of (as visible to the editing session).
  • declaredMemberOfTotal: The number of those groups. Note, that -1 may be returned if a limit has been specified and the total amount of declared membership entries exceeds the specified limit.
  • PropConstants.IMAGE: The image information.
  • PropConstants.MODIFICATION: Modification information.
  • PropConstants.REPLICATION: Replication data.
  • PropConstants.WILDCARD: Includes all of the above properties plus the user and group specific properties listed below (except the *Total properties).
  • Any other property stored with an authorizable. The property to be included must be referred with a relative path. E.g. 'profile/givenName' would be used to retrieve a property 'givenName' that was stored in the profile subnode. The wildcard '*' is used to include all user specific properties of a subnode e.g. 'profile/*'. Note however, that this will not include protected JCR specific properties. The serialization of the these properties is hierarchical exposing intermediate nodes as JSON objects.
In addition the following user specific properties can be specified:
  • PropConstants.IMPERSONATORS: The serialization of those users that can impersonate the target user (as visible to the editing session).
  • impersonatorsTotal: The total amount of impersonators. Note, that -1 may be returned if a limit has been specified and the total amount of impersonators exceeds the specified limit.
  • PropConstants.DISABLED: The disabled text in case this user is disabled.
And there are a couple of group specific properties:
  • PropConstants.MEMBERS: The serialization of the members of this group (as visible to the editing session).
  • membersTotal: The total number of members. Note, that -1 may be returned if a limit has been specified and the total number exceeds the limit.
  • PropConstants.DECLARED_MEMBERS: The serialization of the declared members of this group (as visible to the editing session).
  • declaredMembersTotal: The total number of declared members. Note, that -1 is returned if a limit has been specified and the total number exceeds the limit.

Limit the number of serialized authorizables

For those properties that include serialization of additional authorizables it is possible to set a limit, which is the maximum amount of authorizables that should be serialized with the specified output property. This can be achieved by calling setLimit(String, long) where the 'key' is the name of the output property.

Compatibility Notes

This class replaces CQ AuthorizableJSONWriter.
Please note the following differences in usage: 
 - outputprop-keys should be relative paths
 - removed old backwards compatibility lookup from user-prop to profile
 - jcr:created and jcr:createdBy must be listed explicitly
 - rep:userId omitted as this properties no longer exists and is identical to "authorizableId"
 - the "id" key has been renamed to "authorizableId"
 - the "groupName" key has been omitted as it seems wrong to have "name"
   and "id" and in addition a "groupName" which essential was the "id".
 - basic option removed as this is covered by outputprops being empty.
 - the cq specific 'table' view has been removed

  • Constructor Details

    • AuthorizableJSONWriter

      public AuthorizableJSONWriter(UserPropertiesManager userPropertiesMgr, ResourceResolver resourceResolver, Session session, Set<String> outputProps, XSSFilter xss)
      Parameters:
      userPropertiesMgr - the manager to access the profile.
      resourceResolver - the resource resolver
      session - the session
      outputProps - the output properties
      xss - the XSS protection service

  • Method Details

    • setLimit

      public void setLimit(String key, long limit)
      Sets the limit for the number of authorizables included in the object with the specified key.
      Parameters:
      key - The key as present in the output props.
      limit - The maximal number of entries to be created for the given key.

    • setFilterPredicates

      public void setFilterPredicates(String[] filters)
      Creates a predicate list based of the given filters array containing only the non blank filters and merges all of them in a single resulting authorizable predicate. The resultingAuthorizablePredicate will validate an authorizable if any of the predicates from the list are valid.
      Parameters:
      filters - an array of given filters to use for creating a predicate list and a resulting predicate from that list

    • write

      public void write(JSONWriter writer, Authorizable authorizable) throws JSONException
      Write the data of the specified authorizable to the given writer.
      Parameters:
      writer - The JSONWriter to be used.
      authorizable - The target authorizable.
      Throws:
      JSONException - If an exception occurs.