Package org.apache.jackrabbit.commons.jackrabbit.authorization

Class AccessControlUtils

java.lang.Object
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
public class AccessControlUtils extends Object
This class provides common access control related utilities.

  • Constructor Details

    • AccessControlUtils

      public AccessControlUtils()

  • Method Details

    • privilegesFromNames

      public static Privilege[] privilegesFromNames(Session session, String... privilegeNames) throws RepositoryException
      Retrieves the Privileges from the specified privilege names.
      Parameters:
      session - The editing session.
      privilegeNames - The privilege names.
      Returns:
      An array of privileges.
      Throws:
      RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.

    • privilegesFromNames

      public static Privilege[] privilegesFromNames(AccessControlManager accessControlManager, String... privilegeNames) throws RepositoryException
      Retrieves the Privileges from the specified privilege names.
      Parameters:
      accessControlManager - The access control manager.
      privilegeNames - The privilege names.
      Returns:
      An array of privileges.
      Throws:
      RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.

    • namesFromPrivileges

      public static String[] namesFromPrivileges(Privilege... privileges)
      Retrieves the names of the specified privileges.
      Parameters:
      privileges - One or more privileges.
      Returns:
      The names of the specified privileges.

    • getAccessControlList

      public static JackrabbitAccessControlList getAccessControlList(Session session, String absPath) throws RepositoryException
      Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path.
      Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.
      Parameters:
      session - The editing session.
      absPath - The absolute path of the target node.
      Returns:
      A modifiable access control list or null if there is none.
      Throws:
      RepositoryException - If an error occurs.

    • getAccessControlList

      public static JackrabbitAccessControlList getAccessControlList(AccessControlManager accessControlManager, String absPath) throws RepositoryException
      Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path.
      Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.
      Parameters:
      accessControlManager - The AccessControlManager .
      absPath - The absolute path of the target node.
      Returns:
      A modifiable access control list or null if there is none.
      Throws:
      RepositoryException - If an error occurs.

    • addAccessControlEntry

      public static boolean addAccessControlEntry(Session session, String absPath, Principal principal, String[] privilegeNames, boolean isAllow) throws RepositoryException
      A utility method to add a new access control entry.
      Please note, that calling Session.save() is required in order to persist the changes.
      Parameters:
      session - The editing session.
      absPath - The absolute path of the target node.
      principal - The principal to grant/deny privileges to.
      privilegeNames - The names of the privileges to grant or deny.
      isAllow - true to grant; false otherwise.
      Returns:
      true if the node's ACL was modified and the session has pending changes.
      Throws:
      RepositoryException - If an error occurs.

    • addAccessControlEntry

      public static boolean addAccessControlEntry(Session session, String absPath, Principal principal, Privilege[] privileges, boolean isAllow) throws RepositoryException
      A utility method to add a new access control entry. Please note, that a call to Session.save() is required in order to persist the changes.
      Parameters:
      session - The editing session
      absPath - The absolute path of the target node.
      principal - The principal to grant/deny privileges to.
      privileges - The privileges to grant or deny
      isAllow - true to grant; false otherwise;
      Returns:
      true if the node's ACL was modified and the session has pending changes.
      Throws:
      RepositoryException - If an error occurs.

    • grantAllToEveryone

      public static boolean grantAllToEveryone(Session session, String absPath) throws RepositoryException
      Utility to grant jcr:all privilege to the everyone group principal. Please note, that Session.save() is required in order to persist the changes.
      Parameters:
      session - The editing session.
      absPath - The absolute path of the target node
      Returns:
      true if the node's access control list was modified; false otherwise;
      Throws:
      RepositoryException - If an error occurs.

    • denyAllToEveryone

      public static boolean denyAllToEveryone(Session session, String absPath) throws RepositoryException
      Utility to deny jcr:all privilege to the everyone group principal. Please note, that Session.save() is required in order to persist the changes.
      Parameters:
      session - The editing session.
      absPath - The absolute path of the target node
      Returns:
      true if the node's access control list was modified; false otherwise;
      Throws:
      RepositoryException - If an error occurs.

    • allow

      public static boolean allow(Node node, String principalName, String... privileges) throws RepositoryException
      Allow certain privileges on a given node for a given principal.

      To activate the ACL change, session.save() must be called.

      Parameters:
      node - node to set the resource-based ACL entry on; underlying session is used to write the ACL
      principalName - Name of the principal for which the ACL entry should apply
      privileges - list of privileges to set by name (see Privilege)
      Returns:
      true if the node's ACL was modified and the session has pending changes.
      Throws:
      RepositoryException - If an unexpected repository error occurs

    • deny

      public static boolean deny(Node node, String principalName, String... privileges) throws RepositoryException
      Deny certain privileges on a node for a given principal.

      To activate the ACL change, session.save() must be called.

      Parameters:
      node - node to set the resource-based ACL entry on; underlying session is used to write the ACL
      principalName - Name of the principal for which the ACL entry should apply
      privileges - list of privileges to set by name (see Privilege)
      Returns:
      true if the node's ACL was modified and the session has pending changes.
      Throws:
      RepositoryException - If an unexpected repository error occurs

    • clear

      public static boolean clear(Session session, String absPath, String principalName) throws RepositoryException
      Removes all ACL entries for a principal at a given absolute path. If the specified principalName is null the policy will be removed altogether.

      Modifications only take effect upon Session.save().

      Parameters:
      session - The editing session.
      absPath - Absolute path of an existing node from which to remove ACL entries (or the policy)
      principalName - Name of the principal whose entries should be removed; use null to clear the policy.
      Returns:
      true if the policy has been modified; false otherwise.
      Throws:
      RepositoryException - If an unexpected repository error occurs

    • clear

      public static boolean clear(Node node, String principalName) throws RepositoryException
      Removes all ACL entries for a principal on a given node.

      Modification to the policy only take effect upon Session.save() must be called.

      Parameters:
      node - node from which to remove ACL entries; underlying session is used to write the changes
      principalName - Name of the principal whose entries should be removed; use null to clear the policy altogether.
      Returns:
      true if the node's ACL was modified, false otherwise.
      Throws:
      RepositoryException - If an unexpected repository error occurs

    • clear

      public static boolean clear(Node node) throws RepositoryException
      Removes the access control list at a given node.

      To persist the modifications, Session.save() must be called.

      Parameters:
      node - node from which to remove the ACL; underlying session is used to write the changes
      Returns:
      true if the node's ACL was removed, false otherwise.
      Throws:
      RepositoryException - If an unexpected repository error occurs

    • clear

      public static boolean clear(Session session, String absPath) throws RepositoryException
      Removes the access control list at the specified absolute path.

      To persist the modification, session.save() must be called.

      Parameters:
      session - The editing session.
      absPath - An absolute path of a valid node accessible to the editing session from which to remove the ACL.
      Returns:
      true if the node's ACL got removed, false otherwise.
      Throws:
      RepositoryException - If an unexpected repository error occurs

    • getPrincipal

      public static Principal getPrincipal(Session session, String principalName) throws RepositoryException
      Retrieves the principal with the specified principalName. Shortcut for calling PrincipalManager.getPrincipal(String).
      Parameters:
      session - The editing session which must be a JackrabbitSession.
      principalName - The name of the principal.
      Returns:
      The principal with the specified name or null if no such principal exists.
      Throws:
      RepositoryException - If an error occurs or if the session is not a JackrabbitSession.

    • getEveryonePrincipal

      public static Principal getEveryonePrincipal(Session session) throws RepositoryException
      Shortcut for calling PrincipalManager.getEveryone().
      Parameters:
      session - The editing session which must be a JackrabbitSession.
      Returns:
      The group principal presenting everyone.
      Throws:
      RepositoryException - If an error occurs or if the session is not a JackrabbitSession.