@ProviderType public interface PrincipalAccessControlList extends JackrabbitAccessControlList
JackrabbitAccessControlList that is bound to a Principal.
Consequently, all entries returned by AccessControlList.getAccessControlEntries() will return the same value
as getPrincipal() and only entries associated with this very principal can be added/removed from this list.
In addition this implies that each entry contained within the PrincipalAccessControlList defines the target
object where it will take effect, which can either be an absolute path to a node or null if the entry takes
effect at the repository level.
Typically applicable, existing and effective policies of this type of access control list are expected to be obtained
through calls of
JackrabbitAccessControlManager.getApplicablePolicies(Principal),
JackrabbitAccessControlManager.getPolicies(Principal) and
JackrabbitAccessControlManager.getEffectivePolicies(Set), respectively.
Whether or not accessing PrincipalAccessControlList policies by path is supported is an implementation detail.
If it is supported the absPath parameter specified with AccessControlManager.getApplicablePolicies(String)
and AccessControlManager.getPolicies(String) will correspond to the path of the policy.
As far as the best-effort method AccessControlManager.getEffectivePolicies(String) is
concerned, the effective path defined with the individual entries will be consulted
in order to compute the policies that take effect at a given path.
Irrespective on whether access by path is supported or not the path
of the policy points to the access controlled node it is bound to and will be used to
set and
remove the policy.
This access controlled node may or may not be associated with an (optional) representation of the associated
Principal inside the repository.
| Modifier and Type | Interface and Description |
|---|---|
static interface |
PrincipalAccessControlList.Entry
Extension of the
JackrabbitAccessControlEntry that additionally defines the target object where this entry
will take effect. |
| Modifier and Type | Method and Description |
|---|---|
boolean |
addEntry(@Nullable java.lang.String effectivePath,
@NotNull Privilege[] privileges)
Adds an access control entry to this policy consisting of the specified
effectivePath and the specified
privileges and indicates upon return if the policy was modified. |
boolean |
addEntry(@Nullable java.lang.String effectivePath,
@NotNull Privilege[] privileges,
@NotNull java.util.Map<java.lang.String,Value> restrictions,
@NotNull java.util.Map<java.lang.String,Value[]> mvRestrictions)
Adds an access control entry to this policy consisting of the specified
effectivePath, the specified
privileges as well as the specified single and multivalued restrictions and indicates upon return if the
policy was modified. |
@NotNull java.security.Principal |
getPrincipal()
Returns the
Principal this policy is bound to. |
addEntry, addEntry, addEntry, getRestrictionNames, getRestrictionType, isEmpty, isMultiValueRestriction, orderBefore, sizegetPathaddAccessControlEntry, getAccessControlEntries, removeAccessControlEntry@NotNull @NotNull java.security.Principal getPrincipal()
Principal this policy is bound to. It will be the same all entries contained in this list.
An attempt to add an entry associated with a different
principal than the one returned by this method will fail.AccessControlEntry.getPrincipal()boolean addEntry(@Nullable
@Nullable java.lang.String effectivePath,
@NotNull
@NotNull Privilege[] privileges)
throws RepositoryException
effectivePath and the specified
privileges and indicates upon return if the policy was modified.
The effectivePath defines the object where the privileges will take effect. If effectivePath
is an absolute path then the specified object is a Node. If it is null the object
is the repository as a whole and the privileges in question are those that are not associated with any particular node
(e.g. privilege to register a namespace). Whether or not an absolute path must point to an accessible node is an
implementation detail.
How the entries are grouped within the list is an implementation detail. An implementation may e.g. combine the
specified privileges with those added by a previous call for the same effectivePath but it will not remove
Privileges added by a previous call.
Modifications to this policy will not take effect until this policy has been written back by calling
AccessControlManager.setPolicy(String, javax.jcr.security.AccessControlPolicy)
followed by Session.save() to persist the transient modifications.
This method is equivalent to calling addEntry(String, Privilege[], Map, Map) with empty restriction maps.
effectivePath - An absolute path or null to indicate where this entry will take effect.privileges - an array of Privilege.true if this policy was modify; false otherwise.AccessControlException - if the specified path or any of the privileges is not valid or if some other access
control related exception occurs.RepositoryException - If another error occursboolean addEntry(@Nullable
@Nullable java.lang.String effectivePath,
@NotNull
@NotNull Privilege[] privileges,
@NotNull
@NotNull java.util.Map<java.lang.String,Value> restrictions,
@NotNull
@NotNull java.util.Map<java.lang.String,Value[]> mvRestrictions)
throws RepositoryException
effectivePath, the specified
privileges as well as the specified single and multivalued restrictions and indicates upon return if the
policy was modified.
The effectivePath defines the object where the privileges will take effect. If effectivePath
is an absolute path then the specified object is a Node. If it is null the object
is the repository as a whole and the privileges in question are those that are not associated with any particular node
(e.g. privilege to register a namespace). Whether or not an absolute path must point to an accessible node is an
implementation detail.
The names of the supported restrictions can be obtained by calling JackrabbitAccessControlList.getRestrictionNames(), while
JackrabbitAccessControlList.getRestrictionType(String) and JackrabbitAccessControlList.isMultiValueRestriction(String) will reveal the expected value
type and cardinality.
How the entries are grouped within the list is an implementation detail. An implementation may e.g. combine the
specified privileges with those added by a previous call for the same effectivePath but it will not remove
a Privilege or restrictions added by a previous call.
Modifications to this policy will not take effect until this policy has been written back by calling
AccessControlManager.setPolicy(String, javax.jcr.security.AccessControlPolicy)
followed by Session.save() to persist the transient modifications.
effectivePath - An absolute path or null to indicate where this entry will take effect.privileges - an array of Privilege.restrictions - The single valued restrictions associated with the entry to be created or an empty map.mvRestrictions - the multi-valued restrictions associated with the entry to be created or an empty map.true if this policy was modify; false otherwise.AccessControlException - if the specified path, any of the privileges or the restrictions are not valid or
if some other access control related exception occurs.RepositoryException - If another error occursCopyright © 2010 - 2023 Adobe. All Rights Reserved