|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.jackrabbit.core.ProtectedItemModifier
org.apache.jackrabbit.core.security.user.UserManagerImpl
public class UserManagerImpl
Default implementation of the UserManager
interface with the
following characteristics:
UserConstants.USERS_PATH
,UserConstants.GROUPS_PATH
(unless otherwise configured).getUsersPath()
or getGroupsPath()
.escaped
.+ rep:security [nt:unstructured] + rep:authorizables [rep:AuthorizableFolder] + rep:users [rep:AuthorizableFolder] + a [rep:AuthorizableFolder] + aS [rep:AuthorizableFolder] + aSmith [rep:User]Creating a non-existing user with ID 'aSmith' specifying an intermediate path 'some/tree' would result in the following structure:
+ rep:security [nt:unstructured] + rep:authorizables [rep:AuthorizableFolder] + rep:users [rep:AuthorizableFolder] + some [rep:AuthorizableFolder] + tree [rep:AuthorizableFolder] + aSmith [rep:User]This
UserManager
is able to handle the following configuration
options:
PARAM_USERS_PATH
: Defines where user nodes are created.
If missing set to USERS_PATH
.PARAM_GROUPS_PATH
. Defines where group nodes are created.
If missing set to GROUPS_PATH
.PARAM_COMPATIBILE_JR16
: If the param is present and its
value is true
looking up authorizables by ID will use the
NodeResolver
if not found otherwise.PARAM_DEFAULT_DEPTH
: Parameter used to change the number of
levels that are used by default to store authorizable nodes.PARAM_AUTO_EXPAND_TREE
: If this parameter is present and its
value is true
, the trees containing user and group nodes will
automatically created additional hierarchy levels if the number of nodes
on a given level exceeds the maximal allowed size
.
PARAM_AUTO_EXPAND_SIZE
: This parameter only takes effect
if PARAM_AUTO_EXPAND_TREE
is enabled.
Field Summary | |
---|---|
static String |
AUTHORIZABLES_PATH
|
static String |
GROUP_ADMIN_GROUP_NAME
Configuration key and default value for the the name of the 'GroupAdmin' group-principal |
static String |
GROUPS_PATH
|
static Name |
MIX_REP_IMPERSONATABLE
|
static Name |
N_MEMBERS
|
static NameFactory |
NF
|
static Name |
NT_REP_AUTHORIZABLE
|
static Name |
NT_REP_AUTHORIZABLE_FOLDER
|
static Name |
NT_REP_GROUP
|
static Name |
NT_REP_MEMBERS
|
static Name |
NT_REP_USER
|
static Name |
P_DISABLED
|
static Name |
P_GROUPS
Deprecated. As of 2.0 group membership is stored with the group node. |
static Name |
P_IMPERSONATORS
Name of the user property containing the principal names of those allowed to impersonate. |
static Name |
P_MEMBERS
|
static Name |
P_PASSWORD
|
static Name |
P_PRINCIPAL_NAME
|
static Name |
P_USERID
Deprecated. As of 2.0 the id-hash is stored with the jcr:uuid making the rep:userId property redundant. It has been removed from the node type definition. |
static String |
PARAM_AUTO_EXPAND_SIZE
This parameter only takes effect if PARAM_AUTO_EXPAND_TREE is
enabled. |
static String |
PARAM_AUTO_EXPAND_TREE
If this parameter is present and its value is true , the trees
containing user and group nodes will automatically created additional
hierarchy levels if the number of nodes on a given level exceeds the
maximal allowed size . |
static String |
PARAM_COMPATIBILE_JR16
Flag to enable a minimal backwards compatibility with Jackrabbit < v2.0 If the param is present and its value is true looking up
authorizables by ID will use the NodeResolver if not found
otherwise. |
static String |
PARAM_DEFAULT_DEPTH
Parameter used to change the number of levels that are used by default store authorizable nodes. |
static String |
PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE
If this parameter is present group memberships are collected in a node structure below UserConstants.N_MEMBERS instead of the default
multi valued property UserConstants.P_MEMBERS . |
static String |
PARAM_GROUPS_PATH
Configuration option to change the default path for creating groups. |
static String |
PARAM_USERS_PATH
Configuration option to change the default path for creating users. |
static String |
SECURITY_ROOT_PATH
root-path to security related content e.g. principals |
static String |
USER_ADMIN_GROUP_NAME
Configuration key and default value for the the name of the 'UserAdmin' group-principal. |
static String |
USERS_PATH
|
Fields inherited from interface org.apache.jackrabbit.api.security.user.UserManager |
---|
SEARCH_TYPE_AUTHORIZABLE, SEARCH_TYPE_GROUP, SEARCH_TYPE_USER |
Constructor Summary | |
---|---|
UserManagerImpl(SessionImpl session,
String adminId)
Create a new UserManager with the default configuration. |
|
UserManagerImpl(SessionImpl session,
String adminId,
Properties config)
Create a new UserManager |
|
UserManagerImpl(SessionImpl session,
String adminId,
Properties config,
MembershipCache mCache)
Create a new UserManager for the given session . |
Method Summary | |
---|---|
void |
autoSave(boolean enable)
Always throws unsupportedRepositoryOperationException as
modification of the autosave behavior is not supported. |
Group |
createGroup(Principal principal)
Same as createGroup(java.security.Principal, String) where the
intermediate path is null . |
Group |
createGroup(Principal principal,
String intermediatePath)
Same as createGroup(String, Principal, String) where a groupID
is generated from the principal name. |
Group |
createGroup(String groupID)
Creates a Group for the given groupID, which must not be null . |
Group |
createGroup(String groupID,
Principal principal,
String intermediatePath)
Create a new Group from the given groupID and
principal . |
User |
createUser(String userID,
String password)
Creates an User for the given userID / password pair; neither of the specified parameters can be null . |
User |
createUser(String userID,
String password,
Principal principal,
String intermediatePath)
Creates an User for the given parameters. |
protected Group |
doCreateGroup(NodeImpl node)
Build the group object from the given group node. |
protected User |
doCreateUser(NodeImpl node)
Build the user object from the given user node. |
Iterator<Authorizable> |
findAuthorizables(Query query)
Return Authorizable s that match a specific Query . |
Iterator<Authorizable> |
findAuthorizables(String relPath,
String value)
Returns all Authorizable s that have a
property with the given relative
path (or name) that matches the specified value. |
Iterator<Authorizable> |
findAuthorizables(String relPath,
String value,
int searchType)
Returns all Authorizable s that have a
property with the given relative
path (or name) that matches the specified value. |
Authorizable |
getAuthorizable(Principal principal)
Get the Authorizable by its main Principal. |
Authorizable |
getAuthorizable(String id)
Get the Authorizable by its id. |
int |
getGroupMembershipSplitSize()
Maximum number of properties on the group membership node structure under UserConstants.N_MEMBERS until additional intermediate nodes are inserted. |
String |
getGroupsPath()
Implementation specific methods releaving where groups are created within the content. |
MembershipCache |
getMembershipCache()
|
String |
getUsersPath()
Implementation specific methods releaving where users are created within the content. |
boolean |
isAutoSave()
Always returns true as by default the autoSave behavior
cannot be altered (see also autoSave(boolean) . |
void |
loggedOut(SessionImpl session)
Called when a Session has been 'closed' by
calling
|
void |
loggingOut(SessionImpl session)
Called when a Session is about to be 'closed' by
calling
|
Methods inherited from class org.apache.jackrabbit.core.ProtectedItemModifier |
---|
addNode, addNode, markModified, performProtected, removeItem, setProperty, setProperty, setProperty, setProperty |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String PARAM_USERS_PATH
default path
for creating users.
public static final String PARAM_GROUPS_PATH
default path
for creating groups.
public static final String PARAM_COMPATIBILE_JR16
true
looking up
authorizables by ID will use the NodeResolver
if not found
otherwise.
public static final String PARAM_DEFAULT_DEPTH
PARAM_AUTO_EXPAND_TREE
flag is set to true
.
public static final String PARAM_AUTO_EXPAND_TREE
true
, the trees
containing user and group nodes will automatically created additional
hierarchy levels if the number of nodes on a given level exceeds the
maximal allowed size
.
public static final String PARAM_AUTO_EXPAND_SIZE
PARAM_AUTO_EXPAND_TREE
is
enabled.
public static final String PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE
UserConstants.N_MEMBERS
instead of the default
multi valued property UserConstants.P_MEMBERS
. Its value determines
the maximum number of member properties until additional intermediate nodes
are inserted. Valid values are integers > 4.
public static final NameFactory NF
public static final String SECURITY_ROOT_PATH
public static final String AUTHORIZABLES_PATH
public static final String USERS_PATH
public static final String GROUPS_PATH
public static final String USER_ADMIN_GROUP_NAME
public static final String GROUP_ADMIN_GROUP_NAME
public static final Name P_PRINCIPAL_NAME
public static final Name P_USERID
public static final Name P_PASSWORD
public static final Name P_DISABLED
public static final Name P_GROUPS
P_MEMBERS
public static final Name P_MEMBERS
public static final Name N_MEMBERS
public static final Name P_IMPERSONATORS
public static final Name NT_REP_AUTHORIZABLE
public static final Name NT_REP_AUTHORIZABLE_FOLDER
public static final Name NT_REP_USER
public static final Name NT_REP_GROUP
public static final Name NT_REP_MEMBERS
public static final Name MIX_REP_IMPERSONATABLE
Constructor Detail |
---|
public UserManagerImpl(SessionImpl session, String adminId) throws RepositoryException
UserManager
with the default configuration.
session
- The editing/reading session.adminId
- The user ID of the administrator.
RepositoryException
public UserManagerImpl(SessionImpl session, String adminId, Properties config) throws RepositoryException
UserManager
session
- The editing/reading session.adminId
- The user ID of the administrator.config
- The configuration parameters.
RepositoryException
public UserManagerImpl(SessionImpl session, String adminId, Properties config, MembershipCache mCache) throws RepositoryException
UserManager
for the given session
.
Currently the following configuration options are respected:
PARAM_USERS_PATH
. If missing set to UserConstants.USERS_PATH
.PARAM_GROUPS_PATH
. If missing set to UserConstants.GROUPS_PATH
.PARAM_DEFAULT_DEPTH
. The default number of levels is 2.PARAM_AUTO_EXPAND_TREE
. By default this option is disabled.PARAM_AUTO_EXPAND_SIZE
. The default value is 1000.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE
. The default is 0 which means use
UserConstants.P_MEMBERS
.introduction
for details.
session
- The editing/reading session.adminId
- The user ID of the administrator.config
- The configuration parameters.mCache
- Shared membership cache.
RepositoryException
Method Detail |
---|
public String getUsersPath()
For the corresponding configuration parameter.
public String getGroupsPath()
For the corresponding configuration parameter.
public MembershipCache getMembershipCache()
public int getGroupMembershipSplitSize()
UserConstants.N_MEMBERS
until additional intermediate nodes are inserted.
If 0 (default), UserConstants.P_MEMBERS
is used to record group
memberships.
public Authorizable getAuthorizable(String id) throws RepositoryException
UserManager
getAuthorizable
in interface UserManager
id
- The user or group id.
null
, if not present.
RepositoryException
- If an error occurs.UserManager.getAuthorizable(String)
public Authorizable getAuthorizable(Principal principal) throws RepositoryException
UserManager
getAuthorizable
in interface UserManager
null
, if not present.
RepositoryException
- If an error occurs.UserManager.getAuthorizable(Principal)
public Iterator<Authorizable> findAuthorizables(String relPath, String value) throws RepositoryException
UserManager
Authorizable
s that have a
property
with the given relative
path (or name) that matches the specified value.
If a relative path with more than one segment is specified only properties
exactly matching that patch will be returned. If, however, a name is
specified all properties that may be retrieved using
Authorizable.getProperty(String)
will be searched for a match.
findAuthorizables
in interface UserManager
relPath
- A relative property path or name.
Authorizable
s that have a property with the given
name exactly matching the given value.
RepositoryException
- If an error occurs.UserManager.findAuthorizables(String,String)
public Iterator<Authorizable> findAuthorizables(String relPath, String value, int searchType) throws RepositoryException
UserManager
Authorizable
s that have a
property
with the given relative
path (or name) that matches the specified value. In contrast to
UserManager.findAuthorizables(String, String)
the type of authorizable is
respected while executing the search.
If a relative path with more than one segment is specified only properties
exactly matching that path will be returned. If, however, a name is
specified all properties that may be retrieved using
Authorizable.getProperty(String)
will be searched for a match.
findAuthorizables
in interface UserManager
relPath
- A relative property path or name.searchType
- Any of the following constants:
Authorizable
.
RepositoryException
- If an error occurs.UserManager.findAuthorizables(String,String, int)
public Iterator<Authorizable> findAuthorizables(Query query) throws RepositoryException
UserManager
Authorizable
s that match a specific Query
.
findAuthorizables
in interface UserManager
query
- A query
query
.
RepositoryException
- If an error occurs.UserManager.findAuthorizables(Query)
public User createUser(String userID, String password) throws RepositoryException
UserManager
null
.UserManager.createUser(String,String,Principal,String)
where
the specified userID is equal to the principal name and the intermediate
path is null
.
createUser
in interface UserManager
userID
- The id of the new user.password
- The initial password of this user.
User
.
AuthorizableExistsException
- in case the given userID is already
in use or another Authorizable with the same principal name exists.
RepositoryException
- If another error occurs.UserManager.createUser(String,String)
public User createUser(String userID, String password, Principal principal, String intermediatePath) throws AuthorizableExistsException, RepositoryException
UserManager
intermediatePath
that parameter should
be ignored.
Except for the intermediatePath
, neither of the specified
parameters can be null
.
createUser
in interface UserManager
User
.
AuthorizableExistsException
- in case the given userID is already
in use or another Authorizable with the same principal name exists.
RepositoryException
- If the current Session is
not allowed to create users or some another error occurs.UserManager.createUser(String, String, java.security.Principal, String)
public Group createGroup(String groupID) throws AuthorizableExistsException, RepositoryException
UserManager
null
.
UserManager.createGroup(String, Principal,String)
where the specified
groupID is the name of the Principal
the intermediate path
is null
.
createGroup
in interface UserManager
groupID
- The id of the new group; must not be null
.
Group
.
AuthorizableExistsException
- in case the given groupID is already
in use or another Authorizable
with the same
ID
or principal name already exists.
RepositoryException
- If another error occurs.UserManager.createGroup(String)
public Group createGroup(Principal principal) throws RepositoryException
createGroup(java.security.Principal, String)
where the
intermediate path is null
.
createGroup
in interface UserManager
principal
- A non-null Principal
Group
.
AuthorizableExistsException
- in case the given principal is
already in use with another Authorizable.
RepositoryException
- If another error occurs.UserManager.createGroup(Principal)
public Group createGroup(Principal principal, String intermediatePath) throws AuthorizableExistsException, RepositoryException
createGroup(String, Principal, String)
where a groupID
is generated from the principal name. If the name conflicts with an
existing authorizable ID (may happen in cases where
principal name != ID) the principal name is expanded by a suffix;
otherwise the resulting group ID equals the principal name.
createGroup
in interface UserManager
principal
- A principal that doesn't yet represent an existing user
or group.intermediatePath
- Is always ignored.
AuthorizableExistsException
RepositoryException
UserManager.createGroup(java.security.Principal, String)
public Group createGroup(String groupID, Principal principal, String intermediatePath) throws AuthorizableExistsException, RepositoryException
Group
from the given groupID
and
principal
. It will be created below the defined
group path
.rep:AuthorizableFolder
.
createGroup
in interface UserManager
groupID
- A groupID that hasn't been used before for another
user or group.principal
- A principal that doesn't yet represent an existing user
or group.intermediatePath
- Is always ignored.
AuthorizableExistsException
RepositoryException
UserManager.createGroup(String, java.security.Principal, String)
public boolean isAutoSave()
true
as by default the autoSave behavior
cannot be altered (see also autoSave(boolean)
.
isAutoSave
in interface UserManager
true
.UserManager.isAutoSave()
public void autoSave(boolean enable) throws UnsupportedRepositoryOperationException, RepositoryException
unsupportedRepositoryOperationException
as
modification of the autosave behavior is not supported.
autoSave
in interface UserManager
enable
- If true
changes made through this API will
be automatically saved; otherwise an explicit call to
Session.save()
is required in order to persist changes.
UnsupportedRepositoryOperationException
- If the implementation
does not allow to change the auto save behavior.
RepositoryException
- If some other error occurs.UserManager.autoSave(boolean)
protected User doCreateUser(NodeImpl node) throws RepositoryException
node
- user node
RepositoryException
- if an error occursprotected Group doCreateGroup(NodeImpl node) throws RepositoryException
node
- group node
RepositoryException
- if an error occurspublic void loggingOut(SessionImpl session)
SessionListener
Session
is about to be 'closed' by
calling Session.logout()
- Specified by:
loggingOut
in interface SessionListener
- Parameters:
session
- the Session
that is about to be 'closed'- See Also:
SessionListener.loggingOut(org.apache.jackrabbit.core.SessionImpl)
public void loggedOut(SessionImpl session)
SessionListener
Session
has been 'closed' by
calling Session.logout()
- Specified by:
loggedOut
in interface SessionListener
- Parameters:
session
- the Session
that has been 'closed'- See Also:
SessionListener.loggedOut(org.apache.jackrabbit.core.SessionImpl)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |