public class AccessControlUtil
extends java.lang.Object
| Constructor and Description | 
|---|
| AccessControlUtil() | 
| Modifier and Type | Method and Description | 
|---|---|
| static boolean | addEntry(AccessControlList acl,
        java.security.Principal principal,
        Privilege[] privileges,
        boolean isAllow)Same as  addEntry(AccessControlList, Principal, Privilege[], boolean, Map)using
 some implementation specific restrictions. | 
| static boolean | addEntry(AccessControlList acl,
        java.security.Principal principal,
        Privilege[] privileges,
        boolean isAllow,
        java.util.Map restrictions)Adds an access control entry to the acl consisting of the specified
  principal, the specifiedprivileges, theisAllowflag and an optional map containing additional
 restrictions. | 
| static boolean | addEntry(AccessControlList acl,
        java.security.Principal principal,
        Privilege[] privileges,
        boolean isAllow,
        java.util.Map<java.lang.String,Value> restrictions,
        java.util.Map<java.lang.String,Value[]> mvRestrictions)Adds an access control entry to the acl consisting of the specified
  principal, the specifiedprivileges, theisAllowflag and an optional map containing additional
 restrictions. | 
| static AccessControlManager | getAccessControlManager(Session session)Returns the  AccessControlManagerfor the givensession. | 
| static java.lang.String | getPath(AccessControlList acl)Returns the path of the node  AccessControlListacl
 has been created for. | 
| static PrincipalManager | getPrincipalManager(Session session)Returns the  PrincipalManagerfor the givensession. | 
| static UserManager | getUserManager(Session session)Returns the  UserManagerfor the givensession. | 
| static boolean | isAllow(AccessControlEntry ace)Returns true if the AccessControlEntry represents 'allowed' rights or false
 it it represents 'denied' rights. | 
| static boolean | isEmpty(AccessControlList acl)Returns  trueifAccessControlListacl
 does not yet define any entries. | 
| static void | replaceAccessControlEntry(Session session,
                         java.lang.String resourcePath,
                         java.security.Principal principal,
                         java.lang.String[] grantedPrivilegeNames,
                         java.lang.String[] deniedPrivilegeNames,
                         java.lang.String[] removedPrivilegeNames)Deprecated. 
 | 
| static void | replaceAccessControlEntry(Session session,
                         java.lang.String resourcePath,
                         java.security.Principal principal,
                         java.lang.String[] grantedPrivilegeNames,
                         java.lang.String[] deniedPrivilegeNames,
                         java.lang.String[] removedPrivilegeNames,
                         java.lang.String order)Replaces existing access control entries in the ACL for the specified
  principalandresourcePath. | 
| static void | replaceAccessControlEntry(Session session,
                         java.lang.String resourcePath,
                         java.security.Principal principal,
                         java.lang.String[] grantedPrivilegeNames,
                         java.lang.String[] deniedPrivilegeNames,
                         java.lang.String[] removedPrivilegeNames,
                         java.lang.String order,
                         java.util.Map<java.lang.String,Value> restrictions,
                         java.util.Map<java.lang.String,Value[]> mvRestrictions,
                         java.util.Set<java.lang.String> removedRestrictionNames)Replaces existing access control entries in the ACL for the specified
  principalandresourcePath. | 
| static int | size(AccessControlList acl)Returns the number of acl entries or 0 if the acl is empty. | 
public static AccessControlManager getAccessControlManager(Session session) throws UnsupportedRepositoryOperationException, RepositoryException
AccessControlManager for the given
 session. If the session does not have a
 getAccessControlManager method, a
 UnsupportedRepositoryOperationException is thrown. Otherwise
 the AccessControlManager is returned or if the call fails,
 the respective exception is thrown.session - The JCR Session whose AccessControlManager is
            to be returned. If the session is a pooled session, the
            session underlying the pooled session is actually used.AccessControlManager of the sessionUnsupportedRepositoryOperationException - If the session has no
             getAccessControlManager method or the exception
             thrown by the method.RepositoryException - Forwarded from the
             getAccessControlManager method call.public static UserManager getUserManager(Session session) throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException
UserManager for the given
 session. If the session does not have a
 getUserManager method, a
 UnsupportedRepositoryOperationException is thrown. Otherwise
 the UserManager is returned or if the call fails,
 the respective exception is thrown.session - The JCR Session whose UserManager is
            to be returned. If the session is not a JackrabbitSession
            uses reflection to retrive the manager from the repository.UserManager of the session.AccessDeniedException - If this session is not allowed
                          to access user data.UnsupportedRepositoryOperationException - If the session has no
            getUserManager method or the exception
            thrown by the method.RepositoryException - Forwarded from the
             getUserManager method call.public static PrincipalManager getPrincipalManager(Session session) throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException
PrincipalManager for the given
 session. If the session does not have a
 PrincipalManager method, a
 UnsupportedRepositoryOperationException is thrown. Otherwise
 the PrincipalManager is returned or if the call fails,
 the respective exception is thrown.session - The JCR Session whose PrincipalManager is
            to be returned. If the session is not a JackrabbitSession
            uses reflection to retrive the manager from the repository.PrincipalManager of the session.AccessDeniedException - If the current user lacks sufficient privilegesUnsupportedRepositoryOperationException - If the session has no
                                PrincipalManager method or the exception
                thrown by the method.RepositoryException - Forwarded from the
             PrincipalManager method call.public static java.lang.String getPath(AccessControlList acl) throws RepositoryException
AccessControlList acl
 has been created for.acl - The acl to get the path forRepositoryException - Forwarded from the
             getPath method call.public static boolean isEmpty(AccessControlList acl) throws RepositoryException
true if AccessControlList acl
 does not yet define any entries.acl - The acl to checkRepositoryException - Forwarded from the
             isEmpty method call.public static int size(AccessControlList acl) throws RepositoryException
acl - The acl to get the size ofRepositoryException - Forwarded from the
             size method call.public static boolean addEntry(AccessControlList acl, java.security.Principal principal, Privilege[] privileges, boolean isAllow) throws AccessControlException, RepositoryException
addEntry(AccessControlList, Principal, Privilege[], boolean, Map) using
 some implementation specific restrictions.acl - the list to add the new entry toprincipal - the principal for the user or group to add the entry forprivileges - the set of privileges to grant or denyisAllow - try to grant the privileges or false to deny the privilegestrue if this policy was modified,
 false otherwise.AccessControlException - If any of the given parameter is invalid
 or cannot be handled by the implementation.RepositoryException - if any other error occurs.public static boolean addEntry(AccessControlList acl, java.security.Principal principal, Privilege[] privileges, boolean isAllow, java.util.Map restrictions) throws UnsupportedRepositoryOperationException, RepositoryException
principal, the specified privileges, the
 isAllow flag and an optional map containing additional
 restrictions.acl - the list to add the new entry toprincipal - the principal for the user or group to add the entry forprivileges - the set of privileges to grant or denyisAllow - try to grant the privileges or false to deny the privilegesrestrictions - (optional) additional restrictions to filter the scope of the added entry.  The value of the map must be a Value or Value[]true if this policy was modified,
 false otherwise.UnsupportedRepositoryOperationException - if the repository doesn't support adding access control entriesRepositoryException - if any other error occurs.public static boolean addEntry(AccessControlList acl, java.security.Principal principal, Privilege[] privileges, boolean isAllow, java.util.Map<java.lang.String,Value> restrictions, java.util.Map<java.lang.String,Value[]> mvRestrictions) throws UnsupportedRepositoryOperationException, RepositoryException
principal, the specified privileges, the
 isAllow flag and an optional map containing additional
 restrictions.acl - the list to add the new entry toprincipal - the principal for the user or group to add the entry forprivileges - the set of privileges to grant or denyisAllow - try to grant the privileges or false to deny the privilegesrestrictions - (optional) additional single-value restrictions to filter the scope of the added entrymvRestrictions - (optional) additional multi-value restrictions to filter the scope of the added entrytrue if this policy was modified,
 false otherwise.UnsupportedRepositoryOperationException - if the repository doesn't support adding access control entriesRepositoryException - if any other error occurs.@Deprecated public static void replaceAccessControlEntry(Session session, java.lang.String resourcePath, java.security.Principal principal, java.lang.String[] grantedPrivilegeNames, java.lang.String[] deniedPrivilegeNames, java.lang.String[] removedPrivilegeNames) throws RepositoryException
replaceAccessControlEntry(Session, String, Principal, String[], String[], String[], String) instead.principal and resourcePath. Any existing granted
 or denied privileges which do not conflict with the specified privileges
 are maintained. Where conflicts exist, existing privileges are dropped.
 The end result will be at most two ACEs for the principal: one for grants
 and one for denies. Aggregate privileges are disaggregated before checking
 for conflicts.session - the JCR session of the user doing the workresourcePath - the path of the resource to replace the entry onprincipal - the principal for the user or group to add the entry forgrantedPrivilegeNames - the names of the privileges to grantdeniedPrivilegeNames - the names of the privileges to denyremovedPrivilegeNames - privileges which, if they exist, should be
 removed for this principal and resourceRepositoryException - if any error occurs.public static void replaceAccessControlEntry(Session session, java.lang.String resourcePath, java.security.Principal principal, java.lang.String[] grantedPrivilegeNames, java.lang.String[] deniedPrivilegeNames, java.lang.String[] removedPrivilegeNames, java.lang.String order) throws RepositoryException
principal and resourcePath. Any existing granted
 or denied privileges which do not conflict with the specified privileges
 are maintained. Where conflicts exist, existing privileges are dropped.
 The end result will be at most two ACEs for the principal: one for grants
 and one for denies. Aggregate privileges are disaggregated before checking
 for conflicts.session - the JCR session of the user doing the workresourcePath - the path of the resource to replace the entry onprincipal - the principal for the user or group to add the entry forgrantedPrivilegeNames - the names of the privileges to grantdeniedPrivilegeNames - the names of the privileges to denyremovedPrivilegeNames - privileges which, if they exist, should be
 removed for this principal and resourceorder - where the access control entry should go in the list.
         Value should be one of these:
         | null | If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. | 
| first | Place the target ACE as the first amongst its siblings | 
| last | Place the target ACE as the last amongst its siblings | 
| before xyz | Place the target ACE immediately before the sibling whose name is xyz | 
| after xyz | Place the target ACE immediately after the sibling whose name is xyz | 
| numeric | Place the target ACE at the specified numeric index | 
RepositoryException - if any error occurs.public static void replaceAccessControlEntry(Session session, java.lang.String resourcePath, java.security.Principal principal, java.lang.String[] grantedPrivilegeNames, java.lang.String[] deniedPrivilegeNames, java.lang.String[] removedPrivilegeNames, java.lang.String order, java.util.Map<java.lang.String,Value> restrictions, java.util.Map<java.lang.String,Value[]> mvRestrictions, java.util.Set<java.lang.String> removedRestrictionNames) throws RepositoryException
principal and resourcePath. Any existing granted
 or denied privileges which do not conflict with the specified privileges
 are maintained. Where conflicts exist, existing privileges are dropped.
 The end result will be at most two ACEs for the principal: one for grants
 and one for denies. Aggregate privileges are disaggregated before checking
 for conflicts.session - the JCR session of the user doing the workresourcePath - the path of the resource to replace the entry onprincipal - the principal for the user or group to add the entry forgrantedPrivilegeNames - the names of the privileges to grantdeniedPrivilegeNames - the names of the privileges to denyremovedPrivilegeNames - privileges which, if they exist, should be
 removed for this principal and resourceorder - where the access control entry should go in the list.
         Value should be one of these:
         | null | If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. | 
| first | Place the target ACE as the first amongst its siblings | 
| last | Place the target ACE as the last amongst its siblings | 
| before xyz | Place the target ACE immediately before the sibling whose name is xyz | 
| after xyz | Place the target ACE immediately after the sibling whose name is xyz | 
| numeric | Place the target ACE at the specified numeric index | 
restrictions - (optional) additional single-value restrictions to filter the scope of the replaced entrymvRestrictions - (optional) additional multi-value restrictions to filter the scope of the replaced entryremovedRestrictionNames - optional set of restriction names that should be removed (if they already exist).RepositoryException - if any error occurs.public static boolean isAllow(AccessControlEntry ace) throws RepositoryException
ace - the access control entry to checkRepositoryException - Forwarded from the
             isAllow method call.Copyright © 2010 - 2023 Adobe. All Rights Reserved