org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol

Class ImmutableACL

java.lang.Object

org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlList

org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ImmutableACL

All Implemented Interfaces:

JackrabbitAccessControlList, JackrabbitAccessControlPolicy

public class ImmutableACL
extends AbstractAccessControlList

An implementation of the JackrabbitAccessControlList interface that only allows for reading. The write methods throw an AccessControlException.

Constructor Summary

Constructors

Constructor and Description
ImmutableACL(java.lang.String oakPath, java.util.List<? extends JackrabbitAccessControlEntry> entries, RestrictionProvider restrictionProvider, NamePathMapper namePathMapper) Construct a new UnmodifiableAccessControlList

Method Summary

Modifier and Type	Method and Description
boolean	addEntry(java.security.Principal principal, Privilege[] privileges, boolean isAllow, java.util.Map<java.lang.String,Value> restrictions) Adds an access control entry to this policy consisting of the specified principal, the specified privileges, the isAllow flag and an optional map containing additional restrictions.
boolean	addEntry(java.security.Principal principal, Privilege[] privileges, boolean isAllow, java.util.Map<java.lang.String,Value> restrictions, java.util.Map<java.lang.String,Value[]> mvRestrictions) Adds an access control entry to this policy consisting of the specified principal, the specified privileges, the isAllow flag and an optional map containing additional restrictions.
boolean	equals(java.lang.Object obj)
java.util.List<JackrabbitAccessControlEntry>	getEntries()
RestrictionProvider	getRestrictionProvider()
int	hashCode()
void	orderBefore(AccessControlEntry srcEntry, AccessControlEntry destEntry) If the AccessControlList implementation supports reordering of entries the specified srcEntry is inserted at the position of the specified destEntry. If destEntry is null the entry is moved to the end of the list. If srcEntry and destEntry are the same no changes are made.
void	removeAccessControlEntry(AccessControlEntry ace)

Methods inherited from class org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlList

addAccessControlEntry, addEntry, getAccessControlEntries, getNamePathMapper, getOakPath, getPath, getRestrictionNames, getRestrictionType, isEmpty, size

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ImmutableACL

public ImmutableACL(java.lang.String oakPath,
                    java.util.List<? extends JackrabbitAccessControlEntry> entries,
                    RestrictionProvider restrictionProvider,
                    NamePathMapper namePathMapper)

Construct a new UnmodifiableAccessControlList

Parameters:

oakPath - The Oak path of this policy or null.

entries - The access control entries contained in this policy.

restrictionProvider - The restriction provider.

namePathMapper - The NamePathMapper used for conversion.

Method Detail

removeAccessControlEntry

public void removeAccessControlEntry(AccessControlEntry ace)
                              throws AccessControlException

Throws:

AccessControlException

addEntry

public boolean addEntry(java.security.Principal principal,
                        Privilege[] privileges,
                        boolean isAllow,
                        java.util.Map<java.lang.String,Value> restrictions)
                 throws AccessControlException

Description copied from interface: JackrabbitAccessControlList

Adds an access control entry to this policy consisting of the specified principal, the specified privileges, the isAllow flag and an optional map containing additional restrictions.

This method returns true if this policy was modified, false otherwise.

An AccessControlException is thrown if any of the specified parameters is invalid or if some other access control related exception occurs.

Specified by:

addEntry in interface JackrabbitAccessControlList

Overrides:

addEntry in class AbstractAccessControlList

Parameters:

principal - the principal to add the entry for

privileges - the privileges to add

isAllow - if true if this is a positive (allow) entry

restrictions - A map of additional restrictions used to narrow the effect of the entry to be created. The map must map JCR names to a single javax.jcr.Value object.

Returns:

true if this policy has changed by incorporating the given entry; false otherwise.

Throws:

AccessControlException - If any of the given parameter is invalid or cannot be handled by the implementation.

See Also:

AccessControlList#addAccessControlEntry(Principal, Privilege[])

addEntry

public boolean addEntry(java.security.Principal principal,
                        Privilege[] privileges,
                        boolean isAllow,
                        java.util.Map<java.lang.String,Value> restrictions,
                        java.util.Map<java.lang.String,Value[]> mvRestrictions)
                 throws AccessControlException

Description copied from interface: JackrabbitAccessControlList

Adds an access control entry to this policy consisting of the specified principal, the specified privileges, the isAllow flag and an optional map containing additional restrictions.

This method returns true if this policy was modified, false otherwise.

An AccessControlException is thrown if any of the specified parameters is invalid or if some other access control related exception occurs.

Parameters:

principal - the principal to add the entry for

privileges - the privileges to add

isAllow - if true if this is a positive (allow) entry

restrictions - A map of additional restrictions used to narrow the effect of the entry to be created. The map must map JCR names to a single javax.jcr.Value object.

Returns:

true if this policy has changed by incorporating the given entry; false otherwise.

Throws:

AccessControlException - If any of the given parameter is invalid or cannot be handled by the implementation.

See Also:

AccessControlList#addAccessControlEntry(Principal, Privilege[])

orderBefore

public void orderBefore(AccessControlEntry srcEntry,
                        AccessControlEntry destEntry)
                 throws AccessControlException

Description copied from interface: JackrabbitAccessControlList

If the AccessControlList implementation supports reordering of entries the specified srcEntry is inserted at the position of the specified destEntry.

If destEntry is null the entry is moved to the end of the list.

If srcEntry and destEntry are the same no changes are made.

Parameters:

srcEntry - The access control entry to be moved within the list.

destEntry - The entry before which the srcEntry will be moved.

Throws:

AccessControlException - If any of the given entries is invalid or cannot be handled by the implementation.

getEntries

public java.util.List<JackrabbitAccessControlEntry> getEntries()

Specified by:

getEntries in class AbstractAccessControlList

getRestrictionProvider

public RestrictionProvider getRestrictionProvider()

Specified by:

getRestrictionProvider in class AbstractAccessControlList

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

equals

public boolean equals(java.lang.Object obj)

Overrides:

equals in class java.lang.Object