Package javax.jcr.security

Interface Privilege

public interface Privilege
A privilege represents the capability of performing a particular set of operations on items in the JCR repository. Each privilege is identified by a JCR name. JCR defines a set of standard privileges in the jcr namespace. Implementations may add additional privileges in namespaces other than jcr.

A privilege may be an aggregate privilege. Aggregate privileges are sets of other privileges. Granting, denying, or testing an aggregate privilege is equivalent to individually granting, denying, or testing each privilege it contains. The privileges contained by an aggregate privilege may themselves be aggregate privileges if the resulting privilege graph is acyclic.

A privilege may be an abstract privilege. Abstract privileges cannot themselves be granted or denied, but can be composed into aggregate privileges which are granted or denied.

A privilege can be both aggregate and abstract.

Since:
JCR 2.0

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    JCR_ADD_CHILD_NODES
    A constant representing jcr:addChildNodes (in expanded form), the privilege to create child nodes of a node.
    static final String
    JCR_ALL
    A constant representing jcr:all (in expanded form), an aggregate privilege that contains all predefined privileges.
    static final String
    JCR_LIFECYCLE_MANAGEMENT
    A constant representing jcr:lifecycleManagement (in expanded form), the privilege to perform lifecycle operations on a node.
    static final String
    JCR_LOCK_MANAGEMENT
    A constant representing jcr:lockManagement (in expanded form), the privilege to lock and unlock a node.
    static final String
    JCR_MODIFY_ACCESS_CONTROL
    A constant representing jcr:modifyAccessControl (in expanded form), the privilege to modify the access control policies of a node.
    static final String
    JCR_MODIFY_PROPERTIES
    A constant representing jcr:modifyProperties (in expanded form), the privilege to create, modify and remove the properties of a node.
    static final String
    JCR_NODE_TYPE_MANAGEMENT
    A constant representing jcr:nodeTypeManagement (in expanded form), the privilege to add and remove mixin node types and change the primary node type of a node.
    static final String
    JCR_READ
    A constant representing jcr:read (in expanded form), the privilege to retrieve a node and get its properties and their values.
    static final String
    JCR_READ_ACCESS_CONTROL
    A constant representing jcr:readAccessControl (in expanded form), the privilege to get the access control policy of a node.
    static final String
    JCR_REMOVE_CHILD_NODES
    A constant representing jcr:removeChildNodes (in expanded form), the privilege to remove child nodes of a node.
    static final String
    JCR_REMOVE_NODE
    A constant representing jcr:removeNode (in expanded form), the privilege to remove a node.
    static final String
    JCR_RETENTION_MANAGEMENT
    A constant representing jcr:retentionManagement (in expanded form), the privilege to perform retention management operations on a node.
    static final String
    JCR_VERSION_MANAGEMENT
    A constant representing jcr:versionManagement (in expanded form), the privilege to perform versioning operations on a node.
    static final String
    JCR_WRITE
    A constant representing jcr:write (in expanded form), an aggregate privilege that contains: jcr:modifyProperties jcr:addChildNodes jcr:removeNode jcr:removeChildNodes

  • Method Summary

    Modifier and Type
    Method
    Description
    Privilege[]
    getAggregatePrivileges()
    If this privilege is an aggregate privilege, returns the privileges it contains, the privileges contained by any aggregate privileges among those, and so on (the transitive closure of privileges contained by this privilege).
    Privilege[]
    getDeclaredAggregatePrivileges()
    If this privilege is an aggregate privilege, returns the privileges directly contained by the aggregate privilege.
    String
    getName()
    Returns the name of this privilege.
    boolean
    isAbstract()
    Returns whether this privilege is an abstract privilege.
    boolean
    isAggregate()
    Returns whether this privilege is an aggregate privilege.

  • Field Details

    • JCR_READ

      static final String JCR_READ
      A constant representing jcr:read (in expanded form), the privilege to retrieve a node and get its properties and their values.
      See Also:

    • JCR_MODIFY_PROPERTIES

      static final String JCR_MODIFY_PROPERTIES
      A constant representing jcr:modifyProperties (in expanded form), the privilege to create, modify and remove the properties of a node.
      See Also:

    • JCR_ADD_CHILD_NODES

      static final String JCR_ADD_CHILD_NODES
      A constant representing jcr:addChildNodes (in expanded form), the privilege to create child nodes of a node.
      See Also:

    • JCR_REMOVE_NODE

      static final String JCR_REMOVE_NODE
      A constant representing jcr:removeNode (in expanded form), the privilege to remove a node.

      In order to actually remove a node requires jcr:removeNode on that node and jcr:removeChildNodes on the parent node.

      The distinction is provided in order to reflect implementations that internally model "remove" as a "delete" instead of a "unlink". A repository that uses the "delete" model can have jcr:removeChildNodes in every access control policy, so that removal is effectively controlled by jcr:removeNode.

      See Also:

    • JCR_REMOVE_CHILD_NODES

      static final String JCR_REMOVE_CHILD_NODES
      A constant representing jcr:removeChildNodes (in expanded form), the privilege to remove child nodes of a node. In order to actually remove a node requires jcr:removeNode on that node and jcr:removeChildNodes on the parent node.

      The distinction is provided in order to reflect implementations that internally model "remove" as a "unlink" instead of a "delete". A repository that uses the "unlink" model can have jcr:removeNode in every access control policy, so that removal is effectively controlled by jcr:removeChildNodes.

      See Also:

    • JCR_WRITE

      static final String JCR_WRITE
      A constant representing jcr:write (in expanded form), an aggregate privilege that contains:
      • jcr:modifyProperties
      • jcr:addChildNodes
      • jcr:removeNode
      • jcr:removeChildNodes
      See Also:

    • JCR_READ_ACCESS_CONTROL

      static final String JCR_READ_ACCESS_CONTROL
      A constant representing jcr:readAccessControl (in expanded form), the privilege to get the access control policy of a node.
      See Also:

    • JCR_MODIFY_ACCESS_CONTROL

      static final String JCR_MODIFY_ACCESS_CONTROL
      A constant representing jcr:modifyAccessControl (in expanded form), the privilege to modify the access control policies of a node.
      See Also:

    • JCR_LOCK_MANAGEMENT

      static final String JCR_LOCK_MANAGEMENT
      A constant representing jcr:lockManagement (in expanded form), the privilege to lock and unlock a node.
      See Also:

    • JCR_VERSION_MANAGEMENT

      static final String JCR_VERSION_MANAGEMENT
      A constant representing jcr:versionManagement (in expanded form), the privilege to perform versioning operations on a node.
      See Also:

    • JCR_NODE_TYPE_MANAGEMENT

      static final String JCR_NODE_TYPE_MANAGEMENT
      A constant representing jcr:nodeTypeManagement (in expanded form), the privilege to add and remove mixin node types and change the primary node type of a node.
      See Also:

    • JCR_RETENTION_MANAGEMENT

      static final String JCR_RETENTION_MANAGEMENT
      A constant representing jcr:retentionManagement (in expanded form), the privilege to perform retention management operations on a node.
      See Also:

    • JCR_LIFECYCLE_MANAGEMENT

      static final String JCR_LIFECYCLE_MANAGEMENT
      A constant representing jcr:lifecycleManagement (in expanded form), the privilege to perform lifecycle operations on a node.
      See Also:

    • JCR_ALL

      static final String JCR_ALL
      A constant representing jcr:all (in expanded form), an aggregate privilege that contains all predefined privileges.
      • jcr:read
      • jcr:write
      • jcr:readAccessControl
      • jcr:modifyAccessControl
      • jcr:lockManagement
      • jcr:versionManagement
      • jcr:nodeTypeManagement
      • jcr:retentionManagement
      • jcr:lifecycleManagement
      It should, in addition, include all implementation-defined privileges.
      See Also:

  • Method Details

    • getName

      String getName()
      Returns the name of this privilege.

      Since the privilege name is a JCR name, it must be returned in qualified form, according to the prevailing namespace-to-prefix mapping in the current Session (see the specification for details on JCR names).

      Returns:
      the name of this privilege.

    • isAbstract

      boolean isAbstract()
      Returns whether this privilege is an abstract privilege.
      Returns:
      true if this privilege is an abstract privilege; false otherwise.

    • isAggregate

      boolean isAggregate()
      Returns whether this privilege is an aggregate privilege.
      Returns:
      true if this privilege is an aggregate privilege; false otherwise.

    • getDeclaredAggregatePrivileges

      Privilege[] getDeclaredAggregatePrivileges()
      If this privilege is an aggregate privilege, returns the privileges directly contained by the aggregate privilege. Otherwise returns an empty array.
      Returns:
      an array of Privileges

    • getAggregatePrivileges

      Privilege[] getAggregatePrivileges()
      If this privilege is an aggregate privilege, returns the privileges it contains, the privileges contained by any aggregate privileges among those, and so on (the transitive closure of privileges contained by this privilege). Otherwise returns an empty array.
      Returns:
      an array of Privileges