|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider org.apache.jackrabbit.core.security.authorization.acl.ACLProvider
public class ACLProvider
The ACLProvider generates access control policies out of the items stored in the workspace applying the following rules:
Node
is considered access controlled if an ACL has
been explicitly assigned to it by adding the mixin type
rep:AccessControllable
and adding child node of type
rep:acl
that forms the acl.Property
item.Node
that is not access controlled may inherit the ACL.
The ACL is inherited from the closest access controlled ancestor.Node
has no effective ACL, in
which case some a default policy is returned that grants READ privilege to
any principal and denies all other privileges.
for additional information.
Field Summary |
---|
Fields inherited from class org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider |
---|
observationMgr, PARAM_OMIT_DEFAULT_PERMISSIONS, privAll, privRead, resolver, session |
Fields inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlConstants |
---|
N_ACCESSCONTROL, N_POLICY, NT_REP_ACCESS_CONTROL, NT_REP_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_PRINCIPAL_ACCESS_CONTROL, P_GLOB, P_PRINCIPAL_NAME, P_PRIVILEGES |
Constructor Summary | |
---|---|
ACLProvider()
|
Method Summary | |
---|---|
boolean |
canAccessRoot(Set<Principal> principals)
Returns true if the given set of principals can access the
root node of the workspace this provider has been built for;
false otherwise. |
void |
close()
Closes this provider when it is no longer used by the respective workspace and release resources bound by this provider. |
CompiledPermissions |
compilePermissions(Set<Principal> principals)
Compiles the effective policy for the specified set of Principal s. |
protected EntryCollector |
createEntryCollector(SessionImpl systemSession)
Create the EntryCollector instance that is used by this
provider to gather the effective ACEs for a given list of principals at a
given node during AC evaluation. |
AccessControlEditor |
getEditor(Session session)
Returns an AccessControlEditor for the given Session object
or null if the implementation does not support editing
of access control policies. |
AccessControlPolicy[] |
getEffectivePolicies(Path absPath,
CompiledPermissions permissions)
Returns the effective policies for the node at the given absPath. |
AccessControlPolicy[] |
getEffectivePolicies(Set<Principal> principals,
CompiledPermissions permissions)
Returns the effective policies for the given principals. |
void |
init(Session systemSession,
Map configuration)
Tests if the given systemSession is a SessionImpl and
retrieves the observation manager. |
Methods inherited from class org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider |
---|
checkInitialized, getAdminPermissions, getReadOnlyPermissions, isAcItem, isAcItem, isAdminOrSystem, isLive, isReadOnly |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public ACLProvider()
Method Detail |
---|
public void init(Session systemSession, Map configuration) throws RepositoryException
AbstractAccessControlProvider
systemSession
is a SessionImpl and
retrieves the observation manager. The it sets the internal 'initialized'
field to true.
init
in interface AccessControlProvider
init
in class AbstractAccessControlProvider
systemSession
- System session.configuration
- Configuration used to initialize this provider.
RepositoryException
- If the specified session is not a
SessionImpl
or if retrieving the observation manager fails.AccessControlProvider.init(Session, Map)
public void close()
AccessControlProvider
close
in interface AccessControlProvider
close
in class AbstractAccessControlProvider
AccessControlProvider.close()
public AccessControlPolicy[] getEffectivePolicies(Path absPath, CompiledPermissions permissions) throws ItemNotFoundException, RepositoryException
AccessControlProvider
getEffectivePolicies
in interface AccessControlProvider
absPath
- an absolute path.permissions
- The effective permissions of the editing
sessions that attempts to view the effective policies.
absPath
or
an empty array if the implementation cannot determine the effective
policy at the given path.
ItemNotFoundException
- If no Node with the specified
absPath
exists.
RepositoryException
- If another error occurs.AccessControlProvider.getEffectivePolicies(org.apache.jackrabbit.spi.Path,org.apache.jackrabbit.core.security.authorization.CompiledPermissions)
public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals, CompiledPermissions permissions) throws RepositoryException
AccessControlProvider
getEffectivePolicies
in interface AccessControlProvider
principals
- A set of principal.permissions
- The effective permissions of the editing
sessions that attempts to view the effective policies. @return The effective policies that are in effect for the given
principal
or an empty array.
RepositoryException
- If error occurs.AccessControlProvider.getEffectivePolicies(java.util.Set, CompiledPermissions)
public AccessControlEditor getEditor(Session session)
AccessControlProvider
AccessControlEditor
for the given Session object
or null
if the implementation does not support editing
of access control policies.
getEditor
in interface AccessControlProvider
session
- The editing session.
null
.AccessControlProvider.getEditor(Session)
public CompiledPermissions compilePermissions(Set<Principal> principals) throws RepositoryException
AccessControlProvider
Principal
s.
compilePermissions
in interface AccessControlProvider
principals
- Set of principals to compile the permissions for. If
the order of evaluating permissions for principals is meaningful, the
caller is adviced to pass a Set that respects the order of insertion.
RepositoryException
- If an error occurs.AccessControlProvider.compilePermissions(Set)
public boolean canAccessRoot(Set<Principal> principals) throws RepositoryException
AccessControlProvider
true
if the given set of principals can access the
root node of the workspace this provider has been built for;
false
otherwise.
canAccessRoot
in interface AccessControlProvider
principals
- Set of principals to be tested for being allowed to
access the root node.
true
if the given set of principals can access the
root node of the workspace this provider has been built for;
false
otherwise.
RepositoryException
- If an error occurs.AccessControlProvider.canAccessRoot(Set)
protected EntryCollector createEntryCollector(SessionImpl systemSession) throws RepositoryException
EntryCollector
instance that is used by this
provider to gather the effective ACEs for a given list of principals at a
given node during AC evaluation.
systemSession
- The system session to create the entry collector for.
CachingEntryCollector
.
RepositoryException
- If an error occurs.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |