Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.jackrabbit.core.security.simple
Class SimpleAccessManager

java.lang.Object
  extended by org.apache.jackrabbit.core.security.AbstractAccessControlManager
      extended by org.apache.jackrabbit.core.security.simple.SimpleAccessManager
All Implemented Interfaces:
AccessControlManager, JackrabbitAccessControlManager, AccessManager
public class SimpleAccessManager
extends AbstractAccessControlManager
implements AccessManager

SimpleAccessManager ...

Field Summary
 
Fields inherited from interface org.apache.jackrabbit.core.security.AccessManager
READ, REMOVE, WRITE
 
Constructor Summary
SimpleAccessManager()
          Empty constructor
 
Method Summary
 boolean canAccess(String workspaceName)
          Determines whether the subject of the current context is granted access to the given workspace.
 boolean canRead(Path itemPath, ItemId itemId)
          Determines whether the item with the specified itemPath or itemId can be read.
protected  void checkInitialized()
          Check if this manager has been properly initialized.
 void checkPermission(ItemId id, int permissions)
          Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).
 void checkPermission(Path absPath, int permissions)
          Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).
protected  void checkPermission(String absPath, int permission)
          Check if the specified privileges are granted at absPath.
protected  void checkValidNodePath(String absPath)
          Tests if the given absPath is absolute and points to an existing node.
 void close()
          Close this access manager.
 AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals)
          Returns the AccessControlPolicy objects that are in effect for the given Principals.
 AccessControlPolicy[] getEffectivePolicies(String absPath)
          
protected  PrivilegeRegistry getPrivilegeRegistry()
           
 Privilege[] getPrivileges(String absPath)
          
 Privilege[] getPrivileges(String absPath, Set<Principal> principals)
          Returns the privileges the given set of Principals has for absolute path absPath, which must be an existing node.
 boolean hasPrivileges(String absPath, Privilege[] privileges)
          
 boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges)
          Returns whether the given set of Principals has the specified privileges for absolute path absPath, which must be an existing node.
 void init(AMContext context)
          Initialize this access manager.
 void init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager)
          Initialize this access manager.
 boolean isGranted(ItemId id, int permissions)
          Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).
 boolean isGranted(Path absPath, int permissions)
          Determines whether the specified permissions are granted on the item with the specified absPath (i.e. the target item, that may or may not yet exist).
 boolean isGranted(Path parentPath, Name childName, int permissions)
          Determines whether the specified permissions are granted on an item represented by the combination of the given parentPath and childName (i.e. the target item, that may or may not yet exist).
 
Methods inherited from class org.apache.jackrabbit.core.security.AbstractAccessControlManager
getApplicablePolicies, getApplicablePolicies, getPolicies, getPolicies, getSupportedPrivileges, privilegeFromName, removePolicy, setPolicy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SimpleAccessManager

public SimpleAccessManager()
Empty constructor

Method Detail

init

public void init(AMContext context)
          throws AccessDeniedException,
                 Exception
Initialize this access manager. An AccessDeniedException will be thrown if the subject of the given context is not granted access to the specified workspace.

Specified by:
init in interface AccessManager
Parameters:
context - access manager context
Throws:
AccessDeniedException - if the subject is not granted access to the specified workspace.
Exception - if another error occurs

init

public void init(AMContext context,
                 AccessControlProvider acProvider,
                 WorkspaceAccessManager wspAccessManager)
          throws AccessDeniedException,
                 Exception
Initialize this access manager. An AccessDeniedException will be thrown if the subject of the given context is not granted access to the specified workspace.

Specified by:
init in interface AccessManager
Parameters:
context - access manager context.
acProvider - The access control provider.
wspAccessManager - The workspace access manager.
Throws:
AccessDeniedException - if the subject is not granted access to the specified workspace.
Exception - if another error occurs

close

public void close()
           throws Exception
Close this access manager. After having closed an access manager, further operations on this object are treated as illegal and throw

Specified by:
close in interface AccessManager
Throws:
Exception - if an error occurs

checkPermission

public void checkPermission(ItemId id,
                            int permissions)
                     throws AccessDeniedException,
                            RepositoryException
Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).

Specified by:
checkPermission in interface AccessManager
Parameters:
id - the id of the target item
permissions - A combination of one or more of the following constants encoded as a bitmask value:
  • READ
  • WRITE
  • REMOVE
Throws:
AccessDeniedException - if permission is denied
ItemNotFoundException - if the target item does not exist
RepositoryException - it an error occurs

checkPermission

public void checkPermission(Path absPath,
                            int permissions)
                     throws AccessDeniedException,
                            RepositoryException
Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).

Specified by:
checkPermission in interface AccessManager
Parameters:
absPath - Path to an item.
permissions - A combination of one or more of the Permission constants encoded as a bitmask value.
Throws:
AccessDeniedException - if permission is denied
RepositoryException - it another error occurs

isGranted

public boolean isGranted(ItemId id,
                         int permissions)
                  throws RepositoryException
Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).

Specified by:
isGranted in interface AccessManager
Parameters:
id - the id of the target item
permissions - A combination of one or more of the following constants encoded as a bitmask value:
  • READ
  • WRITE
  • REMOVE
Returns:
true if permission is granted; otherwise false
Throws:
ItemNotFoundException - if the target item does not exist
RepositoryException - if another error occurs

isGranted

public boolean isGranted(Path absPath,
                         int permissions)
                  throws RepositoryException
Description copied from interface: AccessManager
Determines whether the specified permissions are granted on the item with the specified absPath (i.e. the target item, that may or may not yet exist).

Specified by:
isGranted in interface AccessManager
Parameters:
absPath - the absolute path to test
permissions - A combination of one or more of the Permission constants encoded as a bitmask value.
Returns:
true if the specified permissions are granted; otherwise false.
Throws:
RepositoryException - if an error occurs.

isGranted

public boolean isGranted(Path parentPath,
                         Name childName,
                         int permissions)
                  throws RepositoryException
Description copied from interface: AccessManager
Determines whether the specified permissions are granted on an item represented by the combination of the given parentPath and childName (i.e. the target item, that may or may not yet exist).

Specified by:
isGranted in interface AccessManager
Parameters:
parentPath - Path to an existing parent node.
childName - Name of the child item that may or may not exist yet.
permissions - A combination of one or more of the Permission constants encoded as a bitmask value.
Returns:
true if the specified permissions are granted; otherwise false.
Throws:
RepositoryException - if an error occurs.

canRead

public boolean canRead(Path itemPath,
                       ItemId itemId)
                throws RepositoryException
Description copied from interface: AccessManager
Determines whether the item with the specified itemPath or itemId can be read. Either of the two parameters may be null.
Note, that this method should only be called for persisted items as NEW items may not be visible to the permission evaluation. For new items AccessManager.isGranted(Path, int) should be used instead.

If this method is called with both Path and ItemId it is left to the evaluation, which parameter is used.

Specified by:
canRead in interface AccessManager
Parameters:
itemPath - The path to the item or null if itemId should be used to determine the READ permission.
itemId - Id of the item to be tested or null if the itemPath should be used to determine the permission.
Returns:
true if the item can be read; otherwise false.
Throws:
RepositoryException - if the item is NEW and only an itemId is specified or if another error occurs.

canAccess

public boolean canAccess(String workspaceName)
                  throws RepositoryException
Determines whether the subject of the current context is granted access to the given workspace. Note that an implementation is free to test for the existance of a workspace with the specified name. In this case the expected return value is false, if no such workspace exists.

Specified by:
canAccess in interface AccessManager
Parameters:
workspaceName - name of workspace
Returns:
true if the subject of the current context is granted access to the given workspace; otherwise false.
Throws:
RepositoryException - if an error occurs.

hasPrivileges

public boolean hasPrivileges(String absPath,
                             Privilege[] privileges)
                      throws PathNotFoundException,
                             RepositoryException

Specified by:
hasPrivileges in interface AccessControlManager
Throws:
PathNotFoundException
RepositoryException

getPrivileges

public Privilege[] getPrivileges(String absPath)
                          throws PathNotFoundException,
                                 RepositoryException

Specified by:
getPrivileges in interface AccessControlManager
Throws:
PathNotFoundException
RepositoryException

getEffectivePolicies

public AccessControlPolicy[] getEffectivePolicies(String absPath)
                                           throws PathNotFoundException,
                                                  AccessDeniedException,
                                                  RepositoryException

Specified by:
getEffectivePolicies in interface AccessControlManager
Throws:
PathNotFoundException
AccessDeniedException
RepositoryException

checkInitialized

protected void checkInitialized()
                         throws IllegalStateException
Description copied from class: AbstractAccessControlManager
Check if this manager has been properly initialized.

Specified by:
checkInitialized in class AbstractAccessControlManager
Throws:
IllegalStateException - If this manager has not been properly initialized.
See Also:
AbstractAccessControlManager.checkInitialized()

checkPermission

protected void checkPermission(String absPath,
                               int permission)
                        throws AccessDeniedException,
                               PathNotFoundException,
                               RepositoryException
Description copied from class: AbstractAccessControlManager
Check if the specified privileges are granted at absPath.

Specified by:
checkPermission in class AbstractAccessControlManager
Parameters:
absPath - Path to an existing node.
permission - Permissions to be checked.
Throws:
AccessDeniedException - if the session does not have the specified privileges.
PathNotFoundException - if no node exists at absPath of if the session does not have the permission to READ it.
RepositoryException - If another error occurs.
See Also:
AbstractAccessControlManager.checkPermission(String,int)

getPrivilegeRegistry

protected PrivilegeRegistry getPrivilegeRegistry()
                                          throws RepositoryException
Specified by:
getPrivilegeRegistry in class AbstractAccessControlManager
Returns:
the privilege registry
Throws:
RepositoryException - If another error occurs.
See Also:
AbstractAccessControlManager.getPrivilegeRegistry()

checkValidNodePath

protected void checkValidNodePath(String absPath)
                           throws PathNotFoundException,
                                  RepositoryException
Description copied from class: AbstractAccessControlManager
Tests if the given absPath is absolute and points to an existing node.

Specified by:
checkValidNodePath in class AbstractAccessControlManager
Parameters:
absPath - Path to an existing node.
Throws:
PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.
RepositoryException - If the given absPath is not absolute or if some other error occurs.
See Also:
AbstractAccessControlManager.checkValidNodePath(String)

getEffectivePolicies

public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals)
                                           throws AccessDeniedException,
                                                  AccessControlException,
                                                  UnsupportedRepositoryOperationException,
                                                  RepositoryException
Description copied from interface: JackrabbitAccessControlManager
Returns the AccessControlPolicy objects that are in effect for the given Principals. This may be policies set through this API or some implementation specific (default) policies.

Specified by:
getEffectivePolicies in interface JackrabbitAccessControlManager
Parameters:
principals - A set of valid principals.
Returns:
The policies defined for the given principal or an empty array.
Throws:
AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege.
AccessControlException - if the specified principal does not exist or if another access control related exception occurs.
UnsupportedRepositoryOperationException - if editing access control policies by principal is not supported.
RepositoryException - If another error occurs.
See Also:
JackrabbitAccessControlManager.getEffectivePolicies(Set)

hasPrivileges

public boolean hasPrivileges(String absPath,
                             Set<Principal> principals,
                             Privilege[] privileges)
                      throws PathNotFoundException,
                             RepositoryException
Description copied from interface: JackrabbitAccessControlManager
Returns whether the given set of Principals has the specified privileges for absolute path absPath, which must be an existing node.

Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling Privilege.getAggregatePrivileges() for that privilege.

The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

Since this method allows to view the privileges of principals other than included in the editing session, this method must throw AccessDeniedException if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

Specified by:
hasPrivileges in interface JackrabbitAccessControlManager
Parameters:
absPath - an absolute path.
principals - a set of Principals for which is the given privileges are tested.
privileges - an array of Privileges.
Returns:
true if the session has the specified privileges; false otherwise.
Throws:
PathNotFoundException - if no node at absPath exists or the session does not have sufficient access to retrieve a node at that location.
AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
RepositoryException - if another error occurs.
See Also:
JackrabbitAccessControlManager.hasPrivileges(String, Set, Privilege[])

getPrivileges

public Privilege[] getPrivileges(String absPath,
                                 Set<Principal> principals)
                          throws PathNotFoundException,
                                 RepositoryException
Description copied from interface: JackrabbitAccessControlManager
Returns the privileges the given set of Principals has for absolute path absPath, which must be an existing node.

The returned privileges are those for which JackrabbitAccessControlManager.hasPrivileges(java.lang.String, java.util.Set, javax.jcr.security.Privilege[]) would return true.

The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

Since this method allows to view the privileges of principals other than included in the editing session, this method must throw AccessDeniedException if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

Note that this method does not resolve any group membership, as this is the job of the user manager. nor does it augment the set with the "everyone" principal.

Specified by:
getPrivileges in interface JackrabbitAccessControlManager
Parameters:
absPath - an absolute path.
principals - a set of Principals for which is the privileges are retrieved.
Returns:
an array of Privileges.
Throws:
PathNotFoundException - if no node at absPath exists or the session does not have sufficient access to retrieve a node at that location.
AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
RepositoryException - if another error occurs.
See Also:
JackrabbitAccessControlManager.getPrivileges(String, Set)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2010 The Apache Software Foundation. All Rights Reserved.