|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.jackrabbit.core.security.AbstractAccessControlManager
org.apache.jackrabbit.core.security.DefaultAccessManager
public class DefaultAccessManager
The DefaultAccessManager
controls access by evaluating access
control policies for the Subject
attached to the
Session
this manager has been built for.
Please note the following exceptional situations:
This manager allows all privileges for a particular item if
SystemPrincipal
or
an AdminPrincipal
WorkspaceAccessManager
is defined.AccessControlProvider
set to this AccessManager.
AccessManager
,
AccessControlManager
Field Summary |
---|
Fields inherited from interface org.apache.jackrabbit.core.security.AccessManager |
---|
READ, REMOVE, WRITE |
Constructor Summary | |
---|---|
DefaultAccessManager()
|
Method Summary | |
---|---|
boolean |
canAccess(String workspaceName)
Determines whether the subject of the current context is granted access to the given workspace. |
boolean |
canRead(Path itemPath)
Determines whether the item at the specified absolute path can be read. |
protected void |
checkInitialized()
Check if this manager has been properly initialized. |
void |
checkPermission(ItemId id,
int permissions)
Determines whether the specified permissions are granted
on the item with the specified id (i.e. the target item). |
void |
checkPermission(Path absPath,
int permissions)
Determines whether the specified permissions are granted
on the item with the specified id (i.e. the target item). |
protected void |
checkPermission(String absPath,
int permission)
Check if the specified privileges are granted at absPath . |
protected void |
checkValidNodePath(String absPath)
Build a qualified path from the specified absPath and test
if it is really absolute and points to an existing node. |
void |
close()
Close this access manager. |
JackrabbitAccessControlPolicy[] |
getApplicablePolicies(Principal principal)
Returns the editable policies for the specified principal . |
AccessControlPolicyIterator |
getApplicablePolicies(String absPath)
Returns an empty iterator. |
AccessControlPolicy[] |
getEffectivePolicies(String absPath)
Returns the AccessControlPolicy objects that currently are
in effect at the node at absPath . |
AccessControlPolicy[] |
getPolicies(String absPath)
Returns null . |
protected PrivilegeRegistry |
getPrivilegeRegistry()
|
Privilege[] |
getPrivileges(String absPath)
Returns the privileges the session has for absolute path absPath, which must be an existing node. |
boolean |
hasPrivileges(String absPath,
Privilege[] privileges)
Returns whether the session has the specified privileges for absolute path absPath , which must be an existing node. |
void |
init(AMContext amContext)
Initialize this access manager. |
void |
init(AMContext amContext,
AccessControlProvider acProvider,
WorkspaceAccessManager wspAccessManager)
Initialize this access manager. |
boolean |
isGranted(ItemId id,
int actions)
Determines whether the specified permissions are granted
on the item with the specified id (i.e. the target item). |
boolean |
isGranted(Path absPath,
int permissions)
Determines whether the specified permissions are granted
on the item with the specified absPath (i.e. the target
item, that may or may not yet exist). |
boolean |
isGranted(Path parentPath,
Name childName,
int permissions)
Determines whether the specified permissions are granted
on an item represented by the combination of the given
parentPath and childName (i.e. the target
item, that may or may not yet exist). |
void |
removePolicy(String absPath,
AccessControlPolicy policy)
Always throws AccessControlException |
void |
setPolicy(String absPath,
AccessControlPolicy policy)
Always throws AccessControlException |
Methods inherited from class org.apache.jackrabbit.core.security.AbstractAccessControlManager |
---|
getSupportedPrivileges, privilegeFromName |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public DefaultAccessManager()
Method Detail |
---|
public void init(AMContext amContext) throws AccessDeniedException, Exception
AccessManager
AccessDeniedException
will
be thrown if the subject of the given context
is not
granted access to the specified workspace.
init
in interface AccessManager
amContext
- access manager context
AccessDeniedException
- if the subject is not granted access
to the specified workspace.
Exception
- if another error occursAccessManager.init(AMContext)
public void init(AMContext amContext, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager) throws AccessDeniedException, Exception
AccessManager
AccessDeniedException
will
be thrown if the subject of the given context
is not
granted access to the specified workspace.
init
in interface AccessManager
amContext
- access manager context.acProvider
- The access control provider.wspAccessManager
- The workspace access manager.
AccessDeniedException
- if the subject is not granted access
to the specified workspace.
Exception
- if another error occursAccessManager.init(AMContext, AccessControlProvider, WorkspaceAccessManager)
public void close() throws Exception
AccessManager
close
in interface AccessManager
Exception
- if an error occursAccessManager.close()
public void checkPermission(ItemId id, int permissions) throws AccessDeniedException, ItemNotFoundException, RepositoryException
AccessManager
permissions
are granted
on the item with the specified id
(i.e. the target item).
checkPermission
in interface AccessManager
id
- the id of the target itempermissions
- A combination of one or more of the following constants
encoded as a bitmask value:
READ
WRITE
REMOVE
AccessDeniedException
- if permission is denied
ItemNotFoundException
- if the target item does not exist
RepositoryException
- it an error occursAccessManager.checkPermission(ItemId, int)
public void checkPermission(Path absPath, int permissions) throws AccessDeniedException, RepositoryException
AccessManager
permissions
are granted
on the item with the specified id
(i.e. the target item).
checkPermission
in interface AccessManager
absPath
- Path to an item.permissions
- A combination of one or more of the
Permission
constants encoded as a bitmask value.
AccessDeniedException
- if permission is denied
RepositoryException
- it another error occursAccessManager.checkPermission(Path, int)
public boolean isGranted(ItemId id, int actions) throws ItemNotFoundException, RepositoryException
AccessManager
permissions
are granted
on the item with the specified id
(i.e. the target item).
isGranted
in interface AccessManager
id
- the id of the target itemactions
- A combination of one or more of the following constants
encoded as a bitmask value:
READ
WRITE
REMOVE
true
if permission is granted; otherwise false
ItemNotFoundException
- if the target item does not exist
RepositoryException
- if another error occursAccessManager.isGranted(ItemId, int)
public boolean isGranted(Path absPath, int permissions) throws RepositoryException
AccessManager
permissions
are granted
on the item with the specified absPath
(i.e. the target
item, that may or may not yet exist).
isGranted
in interface AccessManager
absPath
- the absolute path to testpermissions
- A combination of one or more of the
Permission
constants encoded as a bitmask value.
true
if the specified permissions are granted;
otherwise false
.
RepositoryException
- if an error occurs.AccessManager.isGranted(Path, int)
public boolean isGranted(Path parentPath, Name childName, int permissions) throws RepositoryException
AccessManager
permissions
are granted
on an item represented by the combination of the given
parentPath
and childName
(i.e. the target
item, that may or may not yet exist).
isGranted
in interface AccessManager
parentPath
- Path to an existing parent node.childName
- Name of the child item that may or may not exist yet.permissions
- A combination of one or more of the
Permission
constants encoded as a bitmask value.
true
if the specified permissions are granted;
otherwise false
.
RepositoryException
- if an error occurs.AccessManager.isGranted(Path, Name, int)
public boolean canRead(Path itemPath) throws RepositoryException
AccessManager
canRead
in interface AccessManager
itemPath
- Path to the item to be tested.s
true
if the item can be read; otherwise false
.
RepositoryException
- if an error occurs.AccessManager.canRead(Path)
public boolean canAccess(String workspaceName) throws RepositoryException
AccessManager
false
, if no such workspace
exists.
canAccess
in interface AccessManager
workspaceName
- name of workspace
true
if the subject of the current context is
granted access to the given workspace; otherwise false
.
RepositoryException
- if an error occurs.AccessManager.canAccess(String)
public boolean hasPrivileges(String absPath, Privilege[] privileges) throws PathNotFoundException, RepositoryException
AccessControlManager
absPath
, which must be an existing node.
Testing an aggregate privilege is equivalent to testing each non aggregate
privilege among the set returned by calling
Privilege.getAggregatePrivileges()
for that privilege.
The results reported by the this method reflect the net
effect of the currently applied control mechanisms. It does not reflect
unsaved access control policies or unsaved access control entries.
Changes to access control status caused by these mechanisms only take effect
on Session.save()
and are only then reflected in the results of
the privilege test methods.
A PathNotFoundException
is thrown if no node at
absPath
exists or the session does not have privilege to
retrieve the node.
A RepositoryException
is thrown if another error occurs.
hasPrivileges
in interface AccessControlManager
absPath
- an absolute path.privileges
- an array of Privilege
s.
true
if the session has the specified privileges;
false
otherwise.
PathNotFoundException
- if no node at absPath
exists
or the session does not have privilege to
retrieve the node.
RepositoryException
- if another error occurs.AccessControlManager.hasPrivileges(String, Privilege[])
public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException
AccessControlManager
AccessControlManager.hasPrivileges(java.lang.String, org.apache.jackrabbit.api.jsr283.security.Privilege[])
would
return true
.
The results reported by the this method reflect the net
effect of the currently applied control mechanisms. It does not reflect
unsaved access control policies or unsaved access control entries.
Changes to access control status caused by these mechanisms only take effect
on Session.save()
and are only then reflected in the results of
the privilege test methods.
A PathNotFoundException
is thrown if no node at
absPath
exists or the session does not have privilege to
retrieve the node.
A RepositoryException
is thrown if another error occurs.
getPrivileges
in interface AccessControlManager
absPath
- an absolute path.
Privilege
s.
PathNotFoundException
- if no node at absPath
exists
or the session does not have privilege to
retrieve the node.
RepositoryException
- if another error occurs.AccessControlManager.getPrivileges(String)
public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException
AbstractAccessControlManager
null
.
getPolicies
in interface AccessControlManager
getPolicies
in class AbstractAccessControlManager
absPath
- Path to an existing node.
null
.
PathNotFoundException
- if no node at absPath
exists
or the session does not have privilege to
retrieve the node.
AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege
for the absPath
node.
RepositoryException
- if another error occurs.AccessControlManager.getPolicies(String)
public AccessControlPolicy[] getEffectivePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException
AccessControlManager
AccessControlPolicy
objects that currently are
in effect at the node at absPath
. This may be policies
set through this API or some implementation specific (default) policies.
A PathNotFoundException
is thrown if no node at
absPath
exists or the session does not have privilege to
retrieve the node.
An AccessDeniedException
is thrown if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
A RepositoryException
is thrown if another error occurs.
getEffectivePolicies
in interface AccessControlManager
absPath
- an absolute path.
AccessControlPolicy
objects.
PathNotFoundException
- if no node at absPath
exists
or the session does not have privilege to
retrieve the node.
AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege
for the absPath
node.
RepositoryException
- if another error occurs.AccessControlManager.getEffectivePolicies(String)
public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException
AbstractAccessControlManager
getApplicablePolicies
in interface AccessControlManager
getApplicablePolicies
in class AbstractAccessControlManager
absPath
- Path to an existing node.
PathNotFoundException
- if no node at absPath
exists
or the session does not have privilege to
retrieve the node.
AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege
for the absPath
node.
RepositoryException
- if another error occurs.AccessControlManager.getApplicablePolicies(String)
public void setPolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException
AbstractAccessControlManager
AccessControlException
setPolicy
in interface AccessControlManager
setPolicy
in class AbstractAccessControlManager
absPath
- an absolute path.policy
- the AccessControlPolicy
to be applied.
PathNotFoundException
- if no node at absPath
exists
or the session does not have privilege to
retrieve the node.
AccessControlException
- if the policy is not applicable.
AccessDeniedException
- if the session lacks
MODIFY_ACCESS_CONTROL
privilege for the absPath
node.
LockException
- if a lock applies at the node at
absPath
and this implementation
performs this validation immediately instead
of waiting until save
.
VersionException
- if the node at absPath
is
versionable and checked-in or is non-versionable
but its nearest versionable ancestor is
checked-in and this implementation performs
this validation immediately instead of
waiting until save
.
RepositoryException
- if another error occurs.AccessControlManager.setPolicy(String, AccessControlPolicy)
public void removePolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException
AbstractAccessControlManager
AccessControlException
removePolicy
in interface AccessControlManager
removePolicy
in class AbstractAccessControlManager
absPath
- an absolute path.policy
- the policy to be removed.
PathNotFoundException
- if no node at absPath
exists
or the session does not have privilege to
retrieve the node.
AccessControlException
- if no policy exists.
AccessDeniedException
- if the session lacks
MODIFY_ACCESS_CONTROL
privilege for the absPath
node.
LockException
- if a lock applies at the node at
absPath
and this implementation
performs this validation immediately instead
of waiting until save
.
VersionException
- if the node at absPath
is
versionable and checked-in or is non-versionable
but its nearest versionable ancestor is
checked-in and this implementation performs
this validation immediately instead of
waiting until save
.
RepositoryException
- if another error occurs.AccessControlManager.removePolicy(String, AccessControlPolicy)
public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException
JackrabbitAccessControlManager
principal
.
getApplicablePolicies
in interface JackrabbitAccessControlManager
getApplicablePolicies
in class AbstractAccessControlManager
principal
- A principal known to the editing session.
principal
. Note
that the policy object returned must reveal the path of the node where
they can be applied later on using AccessControlManager.setPolicy(String, org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy)
.
AccessDeniedException
- if the session lacks
MODIFY_ACCESS_CONTROL
privilege.
AccessControlException
- if the specified principal does not exist
or if another access control related exception occurs.
UnsupportedRepositoryOperationException
- if editing access control
policies is not supported.
RepositoryException
- if another error occurs.JackrabbitAccessControlManager.getApplicablePolicies(Principal)
protected void checkInitialized()
AbstractAccessControlManager
checkInitialized
in class AbstractAccessControlManager
AbstractAccessControlManager.checkInitialized()
protected void checkValidNodePath(String absPath) throws PathNotFoundException, RepositoryException
AbstractAccessControlManager
absPath
and test
if it is really absolute and points to an existing node.
checkValidNodePath
in class AbstractAccessControlManager
absPath
- Path to an existing node.
PathNotFoundException
- if no node at absPath
exists
or the session does not have privilege to retrieve the node.
RepositoryException
- If the given absPath
is not
absolute or if some other error occurs.AbstractAccessControlManager.checkValidNodePath(String)
protected void checkPermission(String absPath, int permission) throws AccessDeniedException, RepositoryException
AbstractAccessControlManager
absPath
.
checkPermission
in class AbstractAccessControlManager
absPath
- Path to an existing node.permission
- Permissions to be checked.
AccessDeniedException
- if the session does not have the
specified privileges.
PathNotFoundException
- if no node exists at absPath
of if the session does not have the permission to READ it.
RepositoryException
- If another error occurs.AbstractAccessControlManager.checkPermission(String,int)
protected PrivilegeRegistry getPrivilegeRegistry() throws RepositoryException
getPrivilegeRegistry
in class AbstractAccessControlManager
RepositoryException
- If another error occurs.AbstractAccessControlManager.getPrivilegeRegistry()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |