org.apache.jackrabbit.core.security.authorization
Class AbstractAccessControlProvider

java.lang.Object
  org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider

All Implemented Interfaces:

AccessControlConstants, AccessControlProvider, AccessControlUtils

Direct Known Subclasses:

ACLProvider, ACLProvider, CombinedProvider, UserAccessControlProvider

public abstract class AbstractAccessControlProvider
extends Object
implements AccessControlProvider, AccessControlUtils, AccessControlConstants

AbstractAccessControlProvider...

Field Summary

protected ObservationManager	observationMgr
static String	PARAM_OMIT_DEFAULT_PERMISSIONS Constant for the name of the configuration option "omit-default-permission".
protected int	privAll
protected int	privRead
protected NamePathResolver	resolver
protected SessionImpl	session the system session this provider has been created for.

Fields inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlConstants

N_ACCESSCONTROL, N_POLICY, NT_REP_ACCESS_CONTROL, NT_REP_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_PRINCIPAL_ACCESS_CONTROL, P_GLOB, P_PRINCIPAL_NAME, P_PRIVILEGES

Constructor Summary

protected

AbstractAccessControlProvider()

Method Summary

protected void	checkInitialized() Throws IllegalStateException if the provider has not been initialized or has been closed.
void	close() Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider.
protected CompiledPermissions	getAdminPermissions() Returns compiled permissions for the administrator i.e. permissions that grants everything and returns the int representation of Privilege.JCR_ALL upon CompiledPermissions.getPrivileges(Path) for all paths.
protected CompiledPermissions	getReadOnlyPermissions() Returns compiled permissions for a read-only user i.e. permissions that grants READ permission for all non-AC items.
void	init(Session systemSession, Map configuration) Tests if the given systemSession is a SessionImpl and retrieves the observation manager.
boolean	isAcItem(ItemImpl item) Test if the given node is itself a rep:ACL or a rep:ACE node.
boolean	isAcItem(Path absPath) Test if the specified path points to an item that defines AC information.
boolean	isAdminOrSystem(Set<Principal> principals) Test if the specified set of principals contains an admin or system principal.
boolean	isLive() Returns true, if this provider is still alive and able to evaluate permissions; false otherwise.
boolean	isReadOnly(Set<Principal> principals) Test if if the specified set of principals will have read-only permissions only.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlProvider

canAccessRoot, compilePermissions, getEditor, getEffectivePolicies, getEffectivePolicies

Field Detail

PARAM_OMIT_DEFAULT_PERMISSIONS

public static final String PARAM_OMIT_DEFAULT_PERMISSIONS

Constant for the name of the configuration option "omit-default-permission". The option is a flag indicating whether default permissions should be created upon initialization of this provider.

If this option is present in the configuration no initial ACL content is created.
If this configuration option is omitted the default permissions are installed. Note however, that the initialization should not overwrite previously installed AC content.

See Also:

Constant Field Values

session

protected SessionImpl session

the system session this provider has been created for.

observationMgr

protected ObservationManager observationMgr

resolver

protected NamePathResolver resolver

privAll

protected int privAll

privRead

protected int privRead

Constructor Detail

AbstractAccessControlProvider

protected AbstractAccessControlProvider()

Method Detail

checkInitialized

protected void checkInitialized()

Throws IllegalStateException if the provider has not been initialized or has been closed.

getAdminPermissions

protected CompiledPermissions getAdminPermissions()

Returns compiled permissions for the administrator i.e. permissions that grants everything and returns the int representation of Privilege.JCR_ALL upon CompiledPermissions.getPrivileges(Path) for all paths.

Returns:

an implementation of CompiledPermissions that grants everything and always returns the int representation of Privilege.JCR_ALL upon CompiledPermissions.getPrivileges(Path).

getReadOnlyPermissions

protected CompiledPermissions getReadOnlyPermissions()

Returns compiled permissions for a read-only user i.e. permissions that grants READ permission for all non-AC items.

Returns:

an implementation of CompiledPermissions that grants READ permission for all non-AC items.

isAcItem

public boolean isAcItem(Path absPath)
                 throws RepositoryException

Description copied from interface: AccessControlUtils

Test if the specified path points to an item that defines AC information.

Specified by:

isAcItem in interface AccessControlUtils

Parameters:

absPath - Path to an item.

Returns:

true if the item at the specified absPath contains access control information.

Throws:

RepositoryException - If an error occurs.

See Also:

AccessControlUtils.isAcItem(Path)

isAcItem

public boolean isAcItem(ItemImpl item)
                 throws RepositoryException

Test if the given node is itself a rep:ACL or a rep:ACE node.

Specified by:

isAcItem in interface AccessControlUtils

Parameters:

item - An item.

Returns:

true if the item at the specified item defines access control related information is should therefore be considered protected.

Throws:

RepositoryException - If an error occurs.

See Also:

AccessControlUtils.isAcItem(org.apache.jackrabbit.core.ItemImpl)

isAdminOrSystem

public boolean isAdminOrSystem(Set<Principal> principals)

Description copied from interface: AccessControlUtils

Test if the specified set of principals contains an admin or system principal.

Specified by:

isAdminOrSystem in interface AccessControlUtils

Parameters:

principals - A set of principals.

Returns:

true if the specified set of principals contains an AdminPrincipal or a SystemPrincipal.

See Also:

AccessControlUtils.isAdminOrSystem(Set)

isReadOnly

public boolean isReadOnly(Set<Principal> principals)

Description copied from interface: AccessControlUtils

Test if if the specified set of principals will have read-only permissions only. False otherwise (or if it cannot be determined from the principal set only).

Specified by:

isReadOnly in interface AccessControlUtils

Parameters:

principals - A set of principals.

Returns:

true if the specified set of principals will only be granted read permission on all items.

See Also:

AccessControlUtils.isReadOnly(Set)

init

public void init(Session systemSession,
                 Map configuration)
          throws RepositoryException

Tests if the given systemSession is a SessionImpl and retrieves the observation manager. The it sets the internal 'initialized' field to true.

Specified by:

init in interface AccessControlProvider

Parameters:

systemSession - System session.

configuration - Configuration used to initialize this provider.

Throws:

RepositoryException - If the specified session is not a SessionImpl or if retrieving the observation manager fails.

See Also:

AccessControlProvider.init(Session, Map)

close

public void close()

Description copied from interface: AccessControlProvider

Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider.

Specified by:

close in interface AccessControlProvider

See Also:

AccessControlProvider.close()

isLive

public boolean isLive()

Description copied from interface: AccessControlProvider

Returns true, if this provider is still alive and able to evaluate permissions; false otherwise.

Specified by:

isLive in interface AccessControlProvider

Returns:

true, if this provider is still alive and able to evaluate permissions; false otherwise.

See Also:

AccessControlProvider.isLive()