public class AccessControlUtil
extends java.lang.Object
| Constructor and Description |
|---|
AccessControlUtil() |
| Modifier and Type | Method and Description |
|---|---|
static boolean |
addEntry(javax.jcr.security.AccessControlList acl,
java.security.Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow)
Same as
addEntry(AccessControlList, Principal, Privilege[], boolean, Map) using
some implementation specific restrictions. |
static boolean |
addEntry(javax.jcr.security.AccessControlList acl,
java.security.Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow,
java.util.Map restrictions)
Adds an access control entry to the acl consisting of the specified
principal, the specified privileges, the
isAllow flag and an optional map containing additional
restrictions. |
static javax.jcr.security.AccessControlManager |
getAccessControlManager(javax.jcr.Session session)
Returns the
AccessControlManager for the given
session. |
static java.lang.String |
getPath(javax.jcr.security.AccessControlList acl)
Returns the path of the node
AccessControlList acl
has been created for. |
static org.apache.jackrabbit.api.security.principal.PrincipalManager |
getPrincipalManager(javax.jcr.Session session)
Returns the
PrincipalManager for the given
session. |
static org.apache.jackrabbit.api.security.user.UserManager |
getUserManager(javax.jcr.Session session)
Returns the
UserManager for the given
session. |
static boolean |
isAllow(javax.jcr.security.AccessControlEntry ace)
Returns true if the AccessControlEntry represents 'allowed' rights or false
it it represents 'denied' rights.
|
static boolean |
isEmpty(javax.jcr.security.AccessControlList acl)
Returns
true if AccessControlList acl
does not yet define any entries. |
static void |
replaceAccessControlEntry(javax.jcr.Session session,
java.lang.String resourcePath,
java.security.Principal principal,
java.lang.String[] grantedPrivilegeNames,
java.lang.String[] deniedPrivilegeNames,
java.lang.String[] removedPrivilegeNames)
Deprecated.
|
static void |
replaceAccessControlEntry(javax.jcr.Session session,
java.lang.String resourcePath,
java.security.Principal principal,
java.lang.String[] grantedPrivilegeNames,
java.lang.String[] deniedPrivilegeNames,
java.lang.String[] removedPrivilegeNames,
java.lang.String order)
Replaces existing access control entries in the ACL for the specified
principal and resourcePath. |
static int |
size(javax.jcr.security.AccessControlList acl)
Returns the number of acl entries or 0 if the acl is empty.
|
public static javax.jcr.security.AccessControlManager getAccessControlManager(javax.jcr.Session session)
throws javax.jcr.UnsupportedRepositoryOperationException,
javax.jcr.RepositoryException
AccessControlManager for the given
session. If the session does not have a
getAccessControlManager method, a
UnsupportedRepositoryOperationException is thrown. Otherwise
the AccessControlManager is returned or if the call fails,
the respective exception is thrown.session - The JCR Session whose AccessControlManager is
to be returned. If the session is a pooled session, the
session underlying the pooled session is actually used.AccessControlManager of the sessionjavax.jcr.UnsupportedRepositoryOperationException - If the session has no
getAccessControlManager method or the exception
thrown by the method.javax.jcr.RepositoryException - Forwarded from the
getAccessControlManager method call.public static org.apache.jackrabbit.api.security.user.UserManager getUserManager(javax.jcr.Session session)
throws javax.jcr.AccessDeniedException,
javax.jcr.UnsupportedRepositoryOperationException,
javax.jcr.RepositoryException
UserManager for the given
session. If the session does not have a
getUserManager method, a
UnsupportedRepositoryOperationException is thrown. Otherwise
the UserManager is returned or if the call fails,
the respective exception is thrown.session - The JCR Session whose UserManager is
to be returned. If the session is not a JackrabbitSession
uses reflection to retrive the manager from the repository.UserManager of the session.javax.jcr.AccessDeniedException - If this session is not allowed
to access user data.javax.jcr.UnsupportedRepositoryOperationException - If the session has no
getUserManager method or the exception
thrown by the method.javax.jcr.RepositoryException - Forwarded from the
getUserManager method call.public static org.apache.jackrabbit.api.security.principal.PrincipalManager getPrincipalManager(javax.jcr.Session session)
throws javax.jcr.AccessDeniedException,
javax.jcr.UnsupportedRepositoryOperationException,
javax.jcr.RepositoryException
PrincipalManager for the given
session. If the session does not have a
PrincipalManager method, a
UnsupportedRepositoryOperationException is thrown. Otherwise
the PrincipalManager is returned or if the call fails,
the respective exception is thrown.session - The JCR Session whose PrincipalManager is
to be returned. If the session is not a JackrabbitSession
uses reflection to retrive the manager from the repository.PrincipalManager of the session.javax.jcr.AccessDeniedExceptionjavax.jcr.UnsupportedRepositoryOperationException - If the session has no
PrincipalManager method or the exception
thrown by the method.javax.jcr.RepositoryException - Forwarded from the
PrincipalManager method call.public static java.lang.String getPath(javax.jcr.security.AccessControlList acl)
throws javax.jcr.RepositoryException
AccessControlList acl
has been created for.javax.jcr.RepositoryExceptionpublic static boolean isEmpty(javax.jcr.security.AccessControlList acl)
throws javax.jcr.RepositoryException
true if AccessControlList acl
does not yet define any entries.javax.jcr.RepositoryExceptionpublic static int size(javax.jcr.security.AccessControlList acl)
throws javax.jcr.RepositoryException
javax.jcr.RepositoryExceptionpublic static boolean addEntry(javax.jcr.security.AccessControlList acl,
java.security.Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow)
throws javax.jcr.security.AccessControlException,
javax.jcr.RepositoryException
addEntry(AccessControlList, Principal, Privilege[], boolean, Map) using
some implementation specific restrictions.javax.jcr.security.AccessControlExceptionjavax.jcr.RepositoryExceptionpublic static boolean addEntry(javax.jcr.security.AccessControlList acl,
java.security.Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow,
java.util.Map restrictions)
throws javax.jcr.UnsupportedRepositoryOperationException,
javax.jcr.RepositoryException
principal, the specified privileges, the
isAllow flag and an optional map containing additional
restrictions.
This method returns true if this policy was modified,
false otherwise.javax.jcr.UnsupportedRepositoryOperationExceptionjavax.jcr.RepositoryException@Deprecated
public static void replaceAccessControlEntry(javax.jcr.Session session,
java.lang.String resourcePath,
java.security.Principal principal,
java.lang.String[] grantedPrivilegeNames,
java.lang.String[] deniedPrivilegeNames,
java.lang.String[] removedPrivilegeNames)
throws javax.jcr.RepositoryException
replaceAccessControlEntry(Session, String, Principal, String[], String[], String[], String) instead.principal and resourcePath. Any existing granted
or denied privileges which do not conflict with the specified privileges
are maintained. Where conflicts exist, existing privileges are dropped.
The end result will be at most two ACEs for the principal: one for grants
and one for denies. Aggregate privileges are disaggregated before checking
for conflicts.session - resourcePath - principal - grantedPrivilegeNames - deniedPrivilegeNames - removedPrivilegeNames - privileges which, if they exist, should be
removed for this principal and resourcejavax.jcr.RepositoryExceptionpublic static void replaceAccessControlEntry(javax.jcr.Session session,
java.lang.String resourcePath,
java.security.Principal principal,
java.lang.String[] grantedPrivilegeNames,
java.lang.String[] deniedPrivilegeNames,
java.lang.String[] removedPrivilegeNames,
java.lang.String order)
throws javax.jcr.RepositoryException
principal and resourcePath. Any existing granted
or denied privileges which do not conflict with the specified privileges
are maintained. Where conflicts exist, existing privileges are dropped.
The end result will be at most two ACEs for the principal: one for grants
and one for denies. Aggregate privileges are disaggregated before checking
for conflicts.session - resourcePath - principal - grantedPrivilegeNames - deniedPrivilegeNames - removedPrivilegeNames - privileges which, if they exist, should be
removed for this principal and resourceorder - where the access control entry should go in the list.
Value should be one of these:
| null | If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. |
| first | Place the target ACE as the first amongst its siblings |
| last | Place the target ACE as the last amongst its siblings |
| before xyz | Place the target ACE immediately before the sibling whose name is xyz |
| after xyz | Place the target ACE immediately after the sibling whose name is xyz |
| numeric | Place the target ACE at the specified numeric index |
javax.jcr.RepositoryExceptionpublic static boolean isAllow(javax.jcr.security.AccessControlEntry ace)
throws javax.jcr.RepositoryException
javax.jcr.RepositoryExceptionCopyright © 2018 The Apache Software Foundation. All rights reserved.