Package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol

Class AbstractAccessControlManager

    • Method Detail

      • getSupportedPrivileges

        @NotNull
public @NotNull Privilege[] getSupportedPrivileges​(@Nullable
                                                   @Nullable java.lang.String absPath)
                                            throws RepositoryException
        Description copied from interface: AccessControlManager
        Returns the privileges supported for absolute path absPath, which must be an existing node.

        This method does not return the privileges held by the session. Instead, it returns the privileges that the repository supports.

        Specified by:
        getSupportedPrivileges in interface AccessControlManager
        Parameters:
        absPath - an absolute path.
        Returns:
        an array of Privileges.
        Throws:
        PathNotFoundException - if no node at absPath exists or the session does not have sufficient access to retrieve a node at that location.
        RepositoryException - if another error occurs.

      • privilegeFromName

        @NotNull
public @NotNull Privilege privilegeFromName​(@NotNull
                                            @NotNull java.lang.String privilegeName)
                                     throws RepositoryException
        Description copied from interface: AccessControlManager
        Returns the privilege with the specified privilegeName. Since the privilege name is a JCR name, it may be passed in either qualified or expanded form (see specification for details on JCR names).
        Specified by:
        privilegeFromName in interface AccessControlManager
        Parameters:
        privilegeName - the name of an existing privilege.
        Returns:
        the Privilege with the specified privilegeName.
        Throws:
        AccessControlException - if no privilege with the specified name exists.
        RepositoryException - if another error occurs.

      • hasPrivileges

        public boolean hasPrivileges​(@Nullable
                             @Nullable java.lang.String absPath,
                             @Nullable
                             @Nullable Privilege[] privileges)
                      throws RepositoryException
        Description copied from interface: AccessControlManager
        Returns whether the session has the specified privileges for absolute path absPath, which must be an existing node.

        Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling Privilege.getAggregatePrivileges() for that privilege.

        The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

        Specified by:
        hasPrivileges in interface AccessControlManager
        Parameters:
        absPath - an absolute path.
        privileges - an array of Privileges.
        Returns:
        true if the session has the specified privileges; false otherwise.
        Throws:
        PathNotFoundException - if no node at absPath exists or the session does not have sufficent access to retrieve a node at that location.
        RepositoryException - if another error occurs.

      • getPrivileges

        @NotNull
public @NotNull Privilege[] getPrivileges​(@Nullable
                                          @Nullable java.lang.String absPath)
                                   throws RepositoryException
        Description copied from interface: AccessControlManager
        Returns the privileges the session has for absolute path absPath, which must be an existing node.

        The returned privileges are those for which AccessControlManager.hasPrivileges(java.lang.String, javax.jcr.security.Privilege[]) would return true.

        The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

        Specified by:
        getPrivileges in interface AccessControlManager
        Parameters:
        absPath - an absolute path.
        Returns:
        an array of Privileges.
        Throws:
        PathNotFoundException - if no node at absPath exists or the session does not have sufficient access to retrieve a node at that location.
        RepositoryException - if another error occurs.

      • hasPrivileges

        public boolean hasPrivileges​(@Nullable
                             @Nullable java.lang.String absPath,
                             @NotNull
                             @NotNull java.util.Set<java.security.Principal> principals,
                             @Nullable
                             @Nullable Privilege[] privileges)
                      throws RepositoryException
        Description copied from interface: JackrabbitAccessControlManager
        Returns whether the given set of Principals has the specified privileges for absolute path absPath, which must be an existing node.

        Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling Privilege.getAggregatePrivileges() for that privilege.

        The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

        Since this method allows to view the privileges of principals other than included in the editing session, this method must throw AccessDeniedException if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

        Specified by:
        hasPrivileges in interface JackrabbitAccessControlManager
        Parameters:
        absPath - an absolute path.
        principals - a set of Principals for which is the given privileges are tested.
        privileges - an array of Privileges.
        Returns:
        true if the session has the specified privileges; false otherwise.
        Throws:
        PathNotFoundException - if no node at absPath exists or the session does not have sufficient access to retrieve a node at that location.
        AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
        RepositoryException - if another error occurs.

      • getPrivileges

        @NotNull
public @NotNull Privilege[] getPrivileges​(@Nullable
                                          @Nullable java.lang.String absPath,
                                          @NotNull
                                          @NotNull java.util.Set<java.security.Principal> principals)
                                   throws RepositoryException
        Description copied from interface: JackrabbitAccessControlManager
        Returns the privileges the given set of Principals has for absolute path absPath, which must be an existing node.

        The returned privileges are those for which JackrabbitAccessControlManager.hasPrivileges(java.lang.String, java.util.Set<java.security.Principal>, javax.jcr.security.Privilege[]) would return true.

        The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

        Since this method allows to view the privileges of principals other than included in the editing session, this method must throw AccessDeniedException if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

        Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.

        Specified by:
        getPrivileges in interface JackrabbitAccessControlManager
        Parameters:
        absPath - an absolute path.
        principals - a set of Principals for which is the privileges are retrieved.
        Returns:
        an array of Privileges.
        Throws:
        PathNotFoundException - if no node at absPath exists or the session does not have sufficient access to retrieve a node at that location.
        AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
        RepositoryException - if another error occurs.