org.apache.sling.jcr.base.util.AccessControlUtil
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public class AccessControlUtil
A simple utility class providing utilities with respect to access control over repositories.
| Constructor Summary | |
|---|---|
AccessControlUtil()
|
|
| Method Summary | |
|---|---|
static boolean |
addEntry(javax.jcr.security.AccessControlList acl,
Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow)
Same as addEntry(AccessControlList, Principal, Privilege[], boolean, Map) using
some implementation specific restrictions. |
static boolean |
addEntry(javax.jcr.security.AccessControlList acl,
Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow,
Map restrictions)
Adds an access control entry to the acl consisting of the specified principal, the specified privileges, the
isAllow flag and an optional map containing additional
restrictions. |
static javax.jcr.security.AccessControlManager |
getAccessControlManager(javax.jcr.Session session)
Returns the AccessControlManager for the given
session. |
static String |
getPath(javax.jcr.security.AccessControlList acl)
Returns the path of the node AccessControlList acl
has been created for. |
static org.apache.jackrabbit.api.security.principal.PrincipalManager |
getPrincipalManager(javax.jcr.Session session)
Returns the PrincipalManager for the given
session. |
static org.apache.jackrabbit.api.security.user.UserManager |
getUserManager(javax.jcr.Session session)
Returns the UserManager for the given
session. |
static boolean |
isAllow(javax.jcr.security.AccessControlEntry ace)
Returns true if the AccessControlEntry represents 'allowed' rights or false it it represents 'denied' rights. |
static boolean |
isEmpty(javax.jcr.security.AccessControlList acl)
Returns true if AccessControlList acl
does not yet define any entries. |
static void |
replaceAccessControlEntry(javax.jcr.Session session,
String resourcePath,
Principal principal,
String[] grantedPrivilegeNames,
String[] deniedPrivilegeNames,
String[] removedPrivilegeNames)
Deprecated. use @link replaceAccessControlEntry(Session, String, Principal, String[], String[], String[], String) instead. |
static void |
replaceAccessControlEntry(javax.jcr.Session session,
String resourcePath,
Principal principal,
String[] grantedPrivilegeNames,
String[] deniedPrivilegeNames,
String[] removedPrivilegeNames,
String order)
Replaces existing access control entries in the ACL for the specified principal and resourcePath. |
static int |
size(javax.jcr.security.AccessControlList acl)
Returns the number of acl entries or 0 if the acl is empty. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public AccessControlUtil()
| Method Detail |
|---|
public static javax.jcr.security.AccessControlManager getAccessControlManager(javax.jcr.Session session)
throws javax.jcr.UnsupportedRepositoryOperationException,
javax.jcr.RepositoryException
AccessControlManager for the given
session. If the session does not have a
getAccessControlManager method, a
UnsupportedRepositoryOperationException is thrown. Otherwise
the AccessControlManager is returned or if the call fails,
the respective exception is thrown.
session - The JCR Session whose AccessControlManager is
to be returned. If the session is a pooled session, the
session underlying the pooled session is actually used.
AccessControlManager of the session
javax.jcr.UnsupportedRepositoryOperationException - If the session has no
getAccessControlManager method or the exception
thrown by the method.
javax.jcr.RepositoryException - Forwarded from the
getAccessControlManager method call.
public static org.apache.jackrabbit.api.security.user.UserManager getUserManager(javax.jcr.Session session)
throws javax.jcr.AccessDeniedException,
javax.jcr.UnsupportedRepositoryOperationException,
javax.jcr.RepositoryException
UserManager for the given
session. If the session does not have a
getUserManager method, a
UnsupportedRepositoryOperationException is thrown. Otherwise
the UserManager is returned or if the call fails,
the respective exception is thrown.
session - The JCR Session whose UserManager is
to be returned. If the session is not a JackrabbitSession
uses reflection to retrive the manager from the repository.
UserManager of the session.
javax.jcr.AccessDeniedException - If this session is not allowed
to access user data.
javax.jcr.UnsupportedRepositoryOperationException - If the session has no
getUserManager method or the exception
thrown by the method.
javax.jcr.RepositoryException - Forwarded from the
getUserManager method call.
public static org.apache.jackrabbit.api.security.principal.PrincipalManager getPrincipalManager(javax.jcr.Session session)
throws javax.jcr.AccessDeniedException,
javax.jcr.UnsupportedRepositoryOperationException,
javax.jcr.RepositoryException
PrincipalManager for the given
session. If the session does not have a
PrincipalManager method, a
UnsupportedRepositoryOperationException is thrown. Otherwise
the PrincipalManager is returned or if the call fails,
the respective exception is thrown.
session - The JCR Session whose PrincipalManager is
to be returned. If the session is not a JackrabbitSession
uses reflection to retrive the manager from the repository.
PrincipalManager of the session.
javax.jcr.AccessDeniedException
javax.jcr.UnsupportedRepositoryOperationException - If the session has no
PrincipalManager method or the exception
thrown by the method.
javax.jcr.RepositoryException - Forwarded from the
PrincipalManager method call.
public static String getPath(javax.jcr.security.AccessControlList acl)
throws javax.jcr.RepositoryException
AccessControlList acl
has been created for.
javax.jcr.RepositoryException
public static boolean isEmpty(javax.jcr.security.AccessControlList acl)
throws javax.jcr.RepositoryException
true if AccessControlList acl
does not yet define any entries.
javax.jcr.RepositoryException
public static int size(javax.jcr.security.AccessControlList acl)
throws javax.jcr.RepositoryException
javax.jcr.RepositoryException
public static boolean addEntry(javax.jcr.security.AccessControlList acl,
Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow)
throws javax.jcr.security.AccessControlException,
javax.jcr.RepositoryException
addEntry(AccessControlList, Principal, Privilege[], boolean, Map) using
some implementation specific restrictions.
javax.jcr.security.AccessControlException
javax.jcr.RepositoryException
public static boolean addEntry(javax.jcr.security.AccessControlList acl,
Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow,
Map restrictions)
throws javax.jcr.UnsupportedRepositoryOperationException,
javax.jcr.RepositoryException
principal, the specified privileges, the
isAllow flag and an optional map containing additional
restrictions.
This method returns true if this policy was modified,
false otherwise.
javax.jcr.UnsupportedRepositoryOperationException
javax.jcr.RepositoryException
public static void replaceAccessControlEntry(javax.jcr.Session session,
String resourcePath,
Principal principal,
String[] grantedPrivilegeNames,
String[] deniedPrivilegeNames,
String[] removedPrivilegeNames)
throws javax.jcr.RepositoryException
replaceAccessControlEntry(Session, String, Principal, String[], String[], String[], String) instead.
principal and resourcePath. Any existing granted
or denied privileges which do not conflict with the specified privileges
are maintained. Where conflicts exist, existing privileges are dropped.
The end result will be at most two ACEs for the principal: one for grants
and one for denies. Aggregate privileges are disaggregated before checking
for conflicts.
session - resourcePath - principal - grantedPrivilegeNames - deniedPrivilegeNames - removedPrivilegeNames - privileges which, if they exist, should be
removed for this principal and resource
javax.jcr.RepositoryException
public static void replaceAccessControlEntry(javax.jcr.Session session,
String resourcePath,
Principal principal,
String[] grantedPrivilegeNames,
String[] deniedPrivilegeNames,
String[] removedPrivilegeNames,
String order)
throws javax.jcr.RepositoryException
principal and resourcePath. Any existing granted
or denied privileges which do not conflict with the specified privileges
are maintained. Where conflicts exist, existing privileges are dropped.
The end result will be at most two ACEs for the principal: one for grants
and one for denies. Aggregate privileges are disaggregated before checking
for conflicts.
session - resourcePath - principal - grantedPrivilegeNames - deniedPrivilegeNames - removedPrivilegeNames - privileges which, if they exist, should be
removed for this principal and resourceorder - where the access control entry should go in the list.
Value should be one of these:
| null | If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. |
| first | Place the target ACE as the first amongst its siblings |
| last | Place the target ACE as the last amongst its siblings |
| before xyz | Place the target ACE immediately before the sibling whose name is xyz |
| after xyz | Place the target ACE immediately after the sibling whose name is xyz |
| numeric | Place the target ACE at the specified numeric index |
javax.jcr.RepositoryException
public static boolean isAllow(javax.jcr.security.AccessControlEntry ace)
throws javax.jcr.RepositoryException
javax.jcr.RepositoryException
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||