|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider
org.apache.jackrabbit.core.security.user.UserAccessControlProvider
public class UserAccessControlProvider
Implementation of the AccessControlProvider
interface that
is used to protected the 'security workspace' containing the user and
group data. It applies special care to make sure that modifying user data
(e.g. password), group membership and impersonation is properly controlled.
Field Summary | |
---|---|
static String |
AUTHORIZABLES_PATH
|
static String |
GROUP_ADMIN_GROUP_NAME
Configuration key and default value for the the name of the 'GroupAdmin' group-principal |
static String |
GROUPS_PATH
|
static NameFactory |
NF
|
static Name |
NT_REP_AUTHORIZABLE
|
static Name |
NT_REP_AUTHORIZABLE_FOLDER
|
static Name |
NT_REP_GROUP
|
static Name |
NT_REP_USER
|
static Name |
P_GROUPS
|
static Name |
P_IMPERSONATORS
Name of the user property containing the principal names of those allowed to impersonate. |
static Name |
P_PASSWORD
|
static Name |
P_PRINCIPAL_NAME
|
static Name |
P_REFEREES
|
static Name |
P_USERID
|
static String |
SECURITY_ROOT_PATH
root-path to security related content e.g. principals |
static String |
USER_ADMIN_GROUP_NAME
Configuration key and default value for the the name of the 'UserAdmin' group-principal. |
static String |
USERS_PATH
|
Fields inherited from class org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider |
---|
observationMgr, PARAM_OMIT_DEFAULT_PERMISSIONS, privAll, privRead, resolver, session |
Constructor Summary | |
---|---|
UserAccessControlProvider()
|
Method Summary | |
---|---|
boolean |
canAccessRoot(Set principals)
Returns true if the given set of principals can access the
root node of the workspace this provider has been built for;
false otherwise. |
CompiledPermissions |
compilePermissions(Set principals)
Compiles the effective policy for the specified set of Principal s. |
AccessControlEditor |
getEditor(Session session)
Always returns null . |
AccessControlPolicy[] |
getEffectivePolicies(Path absPath)
Returns the effective policies for the node at the given absPath. |
void |
init(Session systemSession,
Map configuration)
Tests if the given systemSession is a SessionImpl and
retrieves the observation manager. |
boolean |
isAcItem(ItemImpl item)
Always returns false, since this ac provider does not use content stored in items to evaluate AC information. |
boolean |
isAcItem(Path absPath)
Always returns false, since this ac provider does not use content stored in items to evaluate AC information. |
Methods inherited from class org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider |
---|
checkInitialized, close, getAdminPermissions, getReadOnlyPermissions, isAdminOrSystem, isReadOnly |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final NameFactory NF
public static final String SECURITY_ROOT_PATH
public static final String AUTHORIZABLES_PATH
public static final String USERS_PATH
public static final String GROUPS_PATH
public static final String USER_ADMIN_GROUP_NAME
public static final String GROUP_ADMIN_GROUP_NAME
public static final Name P_REFEREES
public static final Name P_PRINCIPAL_NAME
public static final Name P_USERID
public static final Name P_PASSWORD
public static final Name P_GROUPS
public static final Name P_IMPERSONATORS
public static final Name NT_REP_AUTHORIZABLE
public static final Name NT_REP_AUTHORIZABLE_FOLDER
public static final Name NT_REP_USER
public static final Name NT_REP_GROUP
Constructor Detail |
---|
public UserAccessControlProvider()
Method Detail |
---|
public boolean isAcItem(Path absPath) throws RepositoryException
isAcItem
in interface AccessControlUtils
absPath
- Path to an item.
absPath
contains
access control information.
RepositoryException
- If an error occurs.AccessControlUtils.isAcItem(Path)
public boolean isAcItem(ItemImpl item) throws RepositoryException
isAcItem
in interface AccessControlUtils
item
- An item.
item
defines
access control related information is should therefore be considered
protected.
RepositoryException
- If an error occurs.AccessControlUtils.isAcItem(ItemImpl)
public void init(Session systemSession, Map configuration) throws RepositoryException
AbstractAccessControlProvider
systemSession
is a SessionImpl and
retrieves the observation manager. The it sets the internal 'initialized'
field to true.
init
in interface AccessControlProvider
init
in class AbstractAccessControlProvider
systemSession
- System session.configuration
- Configuration used to initialize this provider.
RepositoryException
- If the specified session is not a
SessionImpl
or if retrieving the observation manager fails.AccessControlProvider.init(Session, Map)
public AccessControlPolicy[] getEffectivePolicies(Path absPath) throws ItemNotFoundException, RepositoryException
AccessControlProvider
getEffectivePolicies
in interface AccessControlProvider
absPath
- an absolute path.
absPath
or
an empty array if the implementation cannot determine the effective
policy at the given path.
ItemNotFoundException
- If no Node with the specified
absPath
exists.
RepositoryException
- If another error occurs.AccessControlProvider.getEffectivePolicies(Path)
public AccessControlEditor getEditor(Session session)
null
.
getEditor
in interface AccessControlProvider
session
- The editing session.
null
.AccessControlProvider.getEditor(Session)
public CompiledPermissions compilePermissions(Set principals) throws RepositoryException
AccessControlProvider
Principal
s.
compilePermissions
in interface AccessControlProvider
principals
- Set of principals to compile the permissions for. If
the order of evaluating permissions for principals is meaningful, the
caller is adviced to pass a Set that respects the order of insertion.
RepositoryException
- If an error occurs.AccessControlProvider.compilePermissions(Set)
public boolean canAccessRoot(Set principals) throws RepositoryException
AccessControlProvider
true
if the given set of principals can access the
root node of the workspace this provider has been built for;
false
otherwise.
canAccessRoot
in interface AccessControlProvider
principals
- Set of principals to be tested for being allowed to
access the root node.
true
if the given set of principals can access the
root node of the workspace this provider has been built for;
false
otherwise.
RepositoryException
- If an error occurs.AccessControlProvider.canAccessRoot(Set)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |