Package org.apache.jackrabbit.oak.spi.security.authorization.restriction

Class AbstractRestrictionProvider

java.lang.Object
org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider
All Implemented Interfaces:
AccessControlConstants, AggregationAware, RestrictionProvider
public abstract class AbstractRestrictionProvider extends Object implements RestrictionProvider, AggregationAware, AccessControlConstants

  • Constructor Details

  • Method Details

    • setComposite

      public void setComposite(@NotNull @NotNull CompositeRestrictionProvider composite)
      Specified by:
      setComposite in interface AggregationAware

    • getSupportedRestrictions

      @NotNull public @NotNull Set<RestrictionDefinition> getSupportedRestrictions(@Nullable @Nullable String oakPath)
      Description copied from interface: RestrictionProvider
      Returns the restriction definitions supported by this provider implementation at the specified path.
      Specified by:
      getSupportedRestrictions in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree. A null path indicates that the supported restrictions for repository level policies should be returned.
      Returns:
      The set of supported restrictions at the given path.

    • createRestriction

      @NotNull public @NotNull Restriction createRestriction(@Nullable @Nullable String oakPath, @NotNull @NotNull String oakName, @NotNull @NotNull Value value) throws RepositoryException
      Description copied from interface: RestrictionProvider
      Creates a new single valued restriction for the specified parameters.
      Specified by:
      createRestriction in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      oakName - The name of the restriction.
      value - The value of the restriction.
      Returns:
      A new restriction instance.
      Throws:
      AccessControlException - If no matching restriction definition exists for the specified parameters.
      RepositoryException - If another error occurs.

    • createRestriction

      @NotNull public @NotNull Restriction createRestriction(@Nullable @Nullable String oakPath, @NotNull @NotNull String oakName, @NotNull @NotNull Value... values) throws RepositoryException
      Description copied from interface: RestrictionProvider
      Creates a new multi valued restriction for the specified parameters.
      Specified by:
      createRestriction in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      oakName - The name of the restriction.
      values - The values of the restriction.
      Returns:
      A new restriction instance.
      Throws:
      AccessControlException - If no matching restriction definition exists for the specified parameters.
      RepositoryException - If another error occurs.

    • readRestrictions

      @NotNull public @NotNull Set<Restriction> readRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull org.apache.jackrabbit.oak.api.Tree aceTree)
      Description copied from interface: RestrictionProvider
      Read the valid restrictions stored in the specified ACE tree.
      Specified by:
      readRestrictions in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      aceTree - The tree corresponding to an ACE that may contain restrictions.
      Returns:
      The valid restrictions stored with the specified tree or an empty set.

    • writeRestrictions

      public void writeRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull org.apache.jackrabbit.oak.api.Tree aceTree, @NotNull @NotNull Set<Restriction> restrictions) throws RepositoryException
      Description copied from interface: RestrictionProvider
      Writes the given restrictions to the specified ACE tree. Note, that this method does not need to validate the specified restrictions (see also RestrictionProvider.validateRestrictions(String, org.apache.jackrabbit.oak.api.Tree)).
      Specified by:
      writeRestrictions in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      aceTree - The tree corresponding to an ACE that will have the specified restrictions added.
      restrictions - The set of restrictions to be written to the specified tree.
      Throws:
      RepositoryException - If an error occurs while writing the restrictions.

    • validateRestrictions

      public void validateRestrictions(@Nullable @Nullable String oakPath, @NotNull @NotNull org.apache.jackrabbit.oak.api.Tree aceTree) throws AccessControlException
      Description copied from interface: RestrictionProvider
      Validate the restrictions present with the specified ACE tree.
      Specified by:
      validateRestrictions in interface RestrictionProvider
      Parameters:
      oakPath - The path of the access controlled tree or null if the target policies applies to the repository level.
      aceTree - The tree corresponding to an ACE.
      Throws:
      AccessControlException - If any invalid restrictions are detected.

    • isUnsupportedPath

      protected boolean isUnsupportedPath(@Nullable @Nullable String oakPath)
      Returns true if the specified path is null. Subclasses may change the default behavior.
      Parameters:
      oakPath - The path for which a restriction is being created.
      Returns:
      true if this implementation can create restrictions for the specified oakPath; false otherwise.

    • getRestrictionsTree

      @NotNull protected @NotNull org.apache.jackrabbit.oak.api.Tree getRestrictionsTree(@NotNull @NotNull org.apache.jackrabbit.oak.api.Tree aceTree)
      Returns the tree that contains the restriction of the specified ACE tree.
      Parameters:
      aceTree - The ACE tree for which the restrictions are being read.
      Returns:
      The tree storing the restriction information.