org.apache.jackrabbit.api.jsr283.security
Interface AccessControlManager

All Known Subinterfaces:

JackrabbitAccessControlManager

All Known Implementing Classes:

AbstractAccessControlManager, DefaultAccessManager, SimpleAccessManager, SimpleAccessManager

public interface AccessControlManager

The AccessControlManager object is accessed via javax.jcr.Session#getAccessControlManager(). It provides methods for:

• Access control discovery
• Assigning access control policies

Since:

JCR 2.0

Method Summary

AccessControlPolicyIterator	getApplicablePolicies(String absPath) Returns the access control policies that are capable of being applied to the node at absPath.
AccessControlPolicy[]	getEffectivePolicies(String absPath) Returns the AccessControlPolicy objects that currently are in effect at the node at absPath.
AccessControlPolicy[]	getPolicies(String absPath) Returns the AccessControlPolicy objects that have been set to the node at absPath or an empty array if no policy has been set.
Privilege[]	getPrivileges(String absPath) Returns the privileges the session has for absolute path absPath, which must be an existing node.
Privilege[]	getSupportedPrivileges(String absPath) Returns the privileges supported for absolute path absPath, which must be an existing node.
boolean	hasPrivileges(String absPath, Privilege[] privileges) Returns whether the session has the specified privileges for absolute path absPath, which must be an existing node.
Privilege	privilegeFromName(String privilegeName) Returns the privilege with the specified privilegeName.
void	removePolicy(String absPath, AccessControlPolicy policy) Removes the specified AccessControlPolicy from the node at absPath.
void	setPolicy(String absPath, AccessControlPolicy policy) Binds the policy to the node at absPath.

Method Detail

getSupportedPrivileges

Privilege[] getSupportedPrivileges(String absPath)
                                   throws PathNotFoundException,
                                          RepositoryException

Returns the privileges supported for absolute path absPath, which must be an existing node.

This method does not return the privileges held by the session. Instead, it returns the privileges that the repository supports.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

A RepositoryException is thrown if another error occurs.

Parameters:

absPath - an absolute path.

Returns:

an array of Privileges.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.

RepositoryException - if another error occurs.

privilegeFromName

Privilege privilegeFromName(String privilegeName)
                            throws AccessControlException,
                                   RepositoryException

Returns the privilege with the specified privilegeName.

A AccessControlException is thrown if no privilege with the specified name exists.

A RepositoryException is thrown if another error occurs.

Parameters:

privilegeName - the name of an existing privilege.

Returns:

the Privilege with the specified privilegeName.

Throws:

AccessControlException - if no privilege with the specified name exists.

RepositoryException - if another error occurs.

hasPrivileges

boolean hasPrivileges(String absPath,
                      Privilege[] privileges)
                      throws PathNotFoundException,
                             RepositoryException

Returns whether the session has the specified privileges for absolute path absPath, which must be an existing node.

Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling Privilege.getAggregatePrivileges() for that privilege.

The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

A RepositoryException is thrown if another error occurs.

Parameters:

absPath - an absolute path.

privileges - an array of Privileges.

Returns:

true if the session has the specified privileges; false otherwise.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.

RepositoryException - if another error occurs.

getPrivileges

Privilege[] getPrivileges(String absPath)
                          throws PathNotFoundException,
                                 RepositoryException

Returns the privileges the session has for absolute path absPath, which must be an existing node.

The returned privileges are those for which hasPrivileges(java.lang.String, org.apache.jackrabbit.api.jsr283.security.Privilege[]) would return true.

The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

A RepositoryException is thrown if another error occurs.

Parameters:

absPath - an absolute path.

Returns:

an array of Privileges.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.

RepositoryException - if another error occurs.

getPolicies

AccessControlPolicy[] getPolicies(String absPath)
                                  throws PathNotFoundException,
                                         AccessDeniedException,
                                         RepositoryException

Returns the AccessControlPolicy objects that have been set to the node at absPath or an empty array if no policy has been set. This method reflects the binding state, including transient policy modifications.

Use getEffectivePolicies(String) in order to determine the policy that effectively applies at absPath.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

An AccessDeniedException is thrown if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

A RepositoryException is thrown if another error occurs.

Parameters:

absPath - an absolute path.

Returns:

an array of AccessControlPolicy objects or an empty array if no policy has been set.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.

AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

RepositoryException - if another error occurs.

getEffectivePolicies

AccessControlPolicy[] getEffectivePolicies(String absPath)
                                           throws PathNotFoundException,
                                                  AccessDeniedException,
                                                  RepositoryException

Returns the AccessControlPolicy objects that currently are in effect at the node at absPath. This may be policies set through this API or some implementation specific (default) policies.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

An AccessDeniedException is thrown if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

A RepositoryException is thrown if another error occurs.

Parameters:

absPath - an absolute path.

Returns:

an array of AccessControlPolicy objects.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.

AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

RepositoryException - if another error occurs.

getApplicablePolicies

AccessControlPolicyIterator getApplicablePolicies(String absPath)
                                                  throws PathNotFoundException,
                                                         AccessDeniedException,
                                                         RepositoryException

Returns the access control policies that are capable of being applied to the node at absPath.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

An AccessDeniedException is thrown if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

A RepositoryException is thrown if another error occurs.

Parameters:

absPath - an absolute path.

Returns:

an AccessControlPolicyIterator over the applicable access control policies or an empty iterator if no policies are applicable.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.

AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

RepositoryException - if another error occurs.

setPolicy

void setPolicy(String absPath,
               AccessControlPolicy policy)
               throws PathNotFoundException,
                      AccessControlException,
                      AccessDeniedException,
                      LockException,
                      VersionException,
                      RepositoryException

Binds the policy to the node at absPath.

Only policies obtained through getApplicablePolicies(absPath) can be set. The access control policy does not take effect until a save is performed.

Any implementation-specific (non-JCR) access control settings may be changed in response to a successful call to setPolicy.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

An AccessControlException is thrown if the policy is not applicable.

An AccessDeniedException is thrown if the session lacks MODIFY_ACCESS_CONTROL privilege for the absPath node.

An LockException is thrown if the node at absPath is locked and this implementation performs this validation immediately instead of waiting until save.

An VersionException is thrown if the node at absPath is versionable and checked-in or is non-versionable but its nearest versionable ancestor is checked-in and this implementation performs this validation immediately instead of waiting until save.

A RepositoryException is thrown if another error occurs.

Parameters:

absPath - an absolute path.

policy - the AccessControlPolicy to be applied.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.

AccessControlException - if the policy is not applicable.

AccessDeniedException - if the session lacks MODIFY_ACCESS_CONTROL privilege for the absPath node.

LockException - if a lock applies at the node at absPath and this implementation performs this validation immediately instead of waiting until save.

VersionException - if the node at absPath is versionable and checked-in or is non-versionable but its nearest versionable ancestor is checked-in and this implementation performs this validation immediately instead of waiting until save.

RepositoryException - if another error occurs.

removePolicy

void removePolicy(String absPath,
                  AccessControlPolicy policy)
                  throws PathNotFoundException,
                         AccessControlException,
                         AccessDeniedException,
                         LockException,
                         VersionException,
                         RepositoryException

Removes the specified AccessControlPolicy from the node at absPath.

An AccessControlPolicy can only be removed if it was bound to the specified node through this API before. The effect of the removal only takes place upon Session.save(). Note, that an implementation default or any other effective AccessControlPolicy that has not been applied to the node before may never be removed using this method.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

An AccessControlException is thrown if the policy to remove does not exist at the node at absPath.

An AccessDeniedException is thrown if the session lacks MODIFY_ACCESS_CONTROL privilege for the absPath node.

An LockException is thrown if the node at absPath is locked and this implementation performs this validation immediately instead of waiting until save.

An VersionException is thrown if the node at absPath is versionable and checked-in or is non-versionable but its nearest versionable ancestor is checked-in and this implementation performs this validation immediately instead of waiting until save.

A RepositoryException is thrown if another error occurs.

Parameters:

absPath - an absolute path.

policy - the policy to be removed.

Throws:

PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.

AccessControlException - if no policy exists.

AccessDeniedException - if the session lacks MODIFY_ACCESS_CONTROL privilege for the absPath node.

LockException - if a lock applies at the node at absPath and this implementation performs this validation immediately instead of waiting until save.

VersionException - if the node at absPath is versionable and checked-in or is non-versionable but its nearest versionable ancestor is checked-in and this implementation performs this validation immediately instead of waiting until save.

RepositoryException - if another error occurs.