public class AccessControlUtil
extends java.lang.Object
Constructor and Description |
---|
AccessControlUtil() |
Modifier and Type | Method and Description |
---|---|
static boolean |
addEntry(javax.jcr.security.AccessControlList acl,
java.security.Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow)
Same as
addEntry(AccessControlList, Principal, Privilege[], boolean, Map) using
some implementation specific restrictions. |
static boolean |
addEntry(javax.jcr.security.AccessControlList acl,
java.security.Principal principal,
javax.jcr.security.Privilege[] privileges,
boolean isAllow,
java.util.Map restrictions)
Adds an access control entry to the acl consisting of the specified
principal , the specified privileges , the
isAllow flag and an optional map containing additional
restrictions. |
static javax.jcr.security.AccessControlManager |
getAccessControlManager(javax.jcr.Session session)
Returns the
AccessControlManager for the given
session . |
static java.lang.String |
getPath(javax.jcr.security.AccessControlList acl)
Returns the path of the node
AccessControlList acl
has been created for. |
static org.apache.jackrabbit.api.security.principal.PrincipalManager |
getPrincipalManager(javax.jcr.Session session)
Returns the
PrincipalManager for the given
session . |
static org.apache.jackrabbit.api.security.user.UserManager |
getUserManager(javax.jcr.Session session)
Returns the
UserManager for the given
session . |
static boolean |
isAllow(javax.jcr.security.AccessControlEntry ace)
Returns true if the AccessControlEntry represents 'allowed' rights or false
it it represents 'denied' rights.
|
static boolean |
isEmpty(javax.jcr.security.AccessControlList acl)
Returns
true if AccessControlList acl
does not yet define any entries. |
static void |
replaceAccessControlEntry(javax.jcr.Session session,
java.lang.String resourcePath,
java.security.Principal principal,
java.lang.String[] grantedPrivilegeNames,
java.lang.String[] deniedPrivilegeNames,
java.lang.String[] removedPrivilegeNames)
Deprecated.
|
static void |
replaceAccessControlEntry(javax.jcr.Session session,
java.lang.String resourcePath,
java.security.Principal principal,
java.lang.String[] grantedPrivilegeNames,
java.lang.String[] deniedPrivilegeNames,
java.lang.String[] removedPrivilegeNames,
java.lang.String order)
Replaces existing access control entries in the ACL for the specified
principal and resourcePath . |
static int |
size(javax.jcr.security.AccessControlList acl)
Returns the number of acl entries or 0 if the acl is empty.
|
public static javax.jcr.security.AccessControlManager getAccessControlManager(javax.jcr.Session session) throws javax.jcr.UnsupportedRepositoryOperationException, javax.jcr.RepositoryException
AccessControlManager
for the given
session
. If the session does not have a
getAccessControlManager
method, a
UnsupportedRepositoryOperationException
is thrown. Otherwise
the AccessControlManager
is returned or if the call fails,
the respective exception is thrown.session
- The JCR Session whose AccessControlManager
is
to be returned. If the session is a pooled session, the
session underlying the pooled session is actually used.AccessControlManager
of the sessionjavax.jcr.UnsupportedRepositoryOperationException
- If the session has no
getAccessControlManager
method or the exception
thrown by the method.javax.jcr.RepositoryException
- Forwarded from the
getAccessControlManager
method call.public static org.apache.jackrabbit.api.security.user.UserManager getUserManager(javax.jcr.Session session) throws javax.jcr.AccessDeniedException, javax.jcr.UnsupportedRepositoryOperationException, javax.jcr.RepositoryException
UserManager
for the given
session
. If the session does not have a
getUserManager
method, a
UnsupportedRepositoryOperationException
is thrown. Otherwise
the UserManager
is returned or if the call fails,
the respective exception is thrown.session
- The JCR Session whose UserManager
is
to be returned. If the session is not a JackrabbitSession
uses reflection to retrive the manager from the repository.UserManager
of the session.javax.jcr.AccessDeniedException
- If this session is not allowed
to access user data.javax.jcr.UnsupportedRepositoryOperationException
- If the session has no
getUserManager
method or the exception
thrown by the method.javax.jcr.RepositoryException
- Forwarded from the
getUserManager
method call.public static org.apache.jackrabbit.api.security.principal.PrincipalManager getPrincipalManager(javax.jcr.Session session) throws javax.jcr.AccessDeniedException, javax.jcr.UnsupportedRepositoryOperationException, javax.jcr.RepositoryException
PrincipalManager
for the given
session
. If the session does not have a
PrincipalManager
method, a
UnsupportedRepositoryOperationException
is thrown. Otherwise
the PrincipalManager
is returned or if the call fails,
the respective exception is thrown.session
- The JCR Session whose PrincipalManager
is
to be returned. If the session is not a JackrabbitSession
uses reflection to retrive the manager from the repository.PrincipalManager
of the session.javax.jcr.AccessDeniedException
javax.jcr.UnsupportedRepositoryOperationException
- If the session has no
PrincipalManager
method or the exception
thrown by the method.javax.jcr.RepositoryException
- Forwarded from the
PrincipalManager
method call.public static java.lang.String getPath(javax.jcr.security.AccessControlList acl) throws javax.jcr.RepositoryException
AccessControlList
acl
has been created for.javax.jcr.RepositoryException
public static boolean isEmpty(javax.jcr.security.AccessControlList acl) throws javax.jcr.RepositoryException
true
if AccessControlList
acl
does not yet define any entries.javax.jcr.RepositoryException
public static int size(javax.jcr.security.AccessControlList acl) throws javax.jcr.RepositoryException
javax.jcr.RepositoryException
public static boolean addEntry(javax.jcr.security.AccessControlList acl, java.security.Principal principal, javax.jcr.security.Privilege[] privileges, boolean isAllow) throws javax.jcr.security.AccessControlException, javax.jcr.RepositoryException
addEntry(AccessControlList, Principal, Privilege[], boolean, Map)
using
some implementation specific restrictions.javax.jcr.security.AccessControlException
javax.jcr.RepositoryException
public static boolean addEntry(javax.jcr.security.AccessControlList acl, java.security.Principal principal, javax.jcr.security.Privilege[] privileges, boolean isAllow, java.util.Map restrictions) throws javax.jcr.UnsupportedRepositoryOperationException, javax.jcr.RepositoryException
principal
, the specified privileges
, the
isAllow
flag and an optional map containing additional
restrictions.
This method returns true
if this policy was modified,
false
otherwise.javax.jcr.UnsupportedRepositoryOperationException
javax.jcr.RepositoryException
@Deprecated public static void replaceAccessControlEntry(javax.jcr.Session session, java.lang.String resourcePath, java.security.Principal principal, java.lang.String[] grantedPrivilegeNames, java.lang.String[] deniedPrivilegeNames, java.lang.String[] removedPrivilegeNames) throws javax.jcr.RepositoryException
replaceAccessControlEntry(Session, String, Principal, String[], String[], String[], String)
instead.principal
and resourcePath
. Any existing granted
or denied privileges which do not conflict with the specified privileges
are maintained. Where conflicts exist, existing privileges are dropped.
The end result will be at most two ACEs for the principal: one for grants
and one for denies. Aggregate privileges are disaggregated before checking
for conflicts.session
- resourcePath
- principal
- grantedPrivilegeNames
- deniedPrivilegeNames
- removedPrivilegeNames
- privileges which, if they exist, should be
removed for this principal and resourcejavax.jcr.RepositoryException
public static void replaceAccessControlEntry(javax.jcr.Session session, java.lang.String resourcePath, java.security.Principal principal, java.lang.String[] grantedPrivilegeNames, java.lang.String[] deniedPrivilegeNames, java.lang.String[] removedPrivilegeNames, java.lang.String order) throws javax.jcr.RepositoryException
principal
and resourcePath
. Any existing granted
or denied privileges which do not conflict with the specified privileges
are maintained. Where conflicts exist, existing privileges are dropped.
The end result will be at most two ACEs for the principal: one for grants
and one for denies. Aggregate privileges are disaggregated before checking
for conflicts.session
- resourcePath
- principal
- grantedPrivilegeNames
- deniedPrivilegeNames
- removedPrivilegeNames
- privileges which, if they exist, should be
removed for this principal and resourceorder
- where the access control entry should go in the list.
Value should be one of these:
null | If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. |
first | Place the target ACE as the first amongst its siblings |
last | Place the target ACE as the last amongst its siblings |
before xyz | Place the target ACE immediately before the sibling whose name is xyz |
after xyz | Place the target ACE immediately after the sibling whose name is xyz |
numeric | Place the target ACE at the specified numeric index |
javax.jcr.RepositoryException
public static boolean isAllow(javax.jcr.security.AccessControlEntry ace) throws javax.jcr.RepositoryException
javax.jcr.RepositoryException
Copyright © 2018 The Apache Software Foundation. All rights reserved.