org.apache.sling.jcr.jackrabbit.accessmanager.post

Class ModifyAceServlet

java.lang.Object

javax.servlet.GenericServlet

org.apache.sling.api.servlets.SlingSafeMethodsServlet

org.apache.sling.api.servlets.SlingAllMethodsServlet

org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessPostServlet

org.apache.sling.jcr.jackrabbit.accessmanager.post.ModifyAceServlet

All Implemented Interfaces:

java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig, ModifyAce

public class ModifyAceServlet
extends AbstractAccessPostServlet
implements ModifyAce

Sling Post Servlet implementation for modifying the ACEs for a principal on a JCR resource.

Rest Service Description

Modify a principal's ACEs for the node identified as a resource by the request URL >resource<.modifyAce.html

Transport Details:

Methods

• POST

Post Parameters

principalId

The principal of the ACEs to modify in the ACL specified by the path.

privilege@*

One or more privileges, either granted or denied or none, which will be applied to (or removed from) the node ACL. Any permissions that are present in an existing ACE for the principal but not in the request are left untouched.

restriction@*

One or more restrictions which will be applied to the ACE

restriction@*@Delete

One or more restrictions which will be removed from the ACE

Response

200

Success.

404

The resource was not found.

500

Failure. HTML explains the failure.

Notes

The principalId is assumed to refer directly to an Authorizable, that comes direct from the UserManager. This can be a group or a user, but if its a group, denied permissions will not be added to the group. The group will only contain granted privileges.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
ModifyAceServlet()

Method Summary

Modifier and Type	Method and Description
protected void	bindPostResponseCreator(PostResponseCreator creator, java.util.Map<java.lang.String,java.lang.Object> properties) Overridden since the @Reference annotation is not inherited from the super method
protected void	bindRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider rp)
protected void	handleOperation(SlingHttpServletRequest request, PostResponse response, java.util.List<Modification> changes) Extending Servlet should implement this operation to do the work
void	modifyAce(javax.jcr.Session jcrSession, java.lang.String resourcePath, java.lang.String principalId, java.util.Map<java.lang.String,java.lang.String> privileges, java.lang.String order) Add or modify the access control entry for the specified user or group.
void	modifyAce(javax.jcr.Session jcrSession, java.lang.String resourcePath, java.lang.String principalId, java.util.Map<java.lang.String,java.lang.String> privileges, java.lang.String order, boolean autoSave) Add or modify the access control entry for the specified user or group.
void	modifyAce(javax.jcr.Session jcrSession, java.lang.String resourcePath, java.lang.String principalId, java.util.Map<java.lang.String,java.lang.String> privileges, java.lang.String order, java.util.Map<java.lang.String,javax.jcr.Value> restrictions, java.util.Map<java.lang.String,javax.jcr.Value[]> mvRestrictions, java.util.Set<java.lang.String> removeRestrictionNames) Add or modify the access control entry for the specified user or group.
void	modifyAce(javax.jcr.Session jcrSession, java.lang.String resourcePath, java.lang.String principalId, java.util.Map<java.lang.String,java.lang.String> privileges, java.lang.String order, java.util.Map<java.lang.String,javax.jcr.Value> restrictions, java.util.Map<java.lang.String,javax.jcr.Value[]> mvRestrictions, java.util.Set<java.lang.String> removeRestrictionNames, boolean autoSave) Add or modify the access control entry for the specified user or group.
protected void	modifyAce(javax.jcr.Session jcrSession, java.lang.String resourcePath, java.lang.String principalId, java.util.Map<java.lang.String,java.lang.String> privileges, java.lang.String order, java.util.Map<java.lang.String,javax.jcr.Value> restrictions, java.util.Map<java.lang.String,javax.jcr.Value[]> mvRestrictions, java.util.Set<java.lang.String> removeRestrictionNames, boolean autoSave, java.util.List<Modification> changes)
protected void	unbindPostResponseCreator(PostResponseCreator creator, java.util.Map<java.lang.String,java.lang.Object> properties) Unbind a post response creator
protected void	unbindRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider rp)

Methods inherited from class org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessPostServlet

createHtmlResponse, doPost, externalizePath, getAccessControlList, getAccessControlListOrNull, getItemPath, getRedirectUrl, getRedirectUrl, handleOperation, isSetStatus

Methods inherited from class org.apache.sling.api.servlets.SlingAllMethodsServlet

doDelete, doPut, getAllowedRequestMethods, isMethodValid, mayService

Methods inherited from class org.apache.sling.api.servlets.SlingSafeMethodsServlet

doGeneric, doGet, doHead, doOptions, doTrace, getServletInfo, handleMethodNotImplemented, service, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletName, init, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ModifyAceServlet

public ModifyAceServlet()

Method Detail

bindRestrictionProvider

protected void bindRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider rp)

unbindRestrictionProvider

protected void unbindRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider rp)

bindPostResponseCreator

protected void bindPostResponseCreator(PostResponseCreator creator,
                                       java.util.Map<java.lang.String,java.lang.Object> properties)

Overridden since the @Reference annotation is not inherited from the super method

Overrides:

bindPostResponseCreator in class AbstractAccessPostServlet

Parameters:

creator - the response creator service reference

properties - the component properties for the service reference

unbindPostResponseCreator

protected void unbindPostResponseCreator(PostResponseCreator creator,
                                         java.util.Map<java.lang.String,java.lang.Object> properties)

Description copied from class: AbstractAccessPostServlet

Unbind a post response creator

Overrides:

unbindPostResponseCreator in class AbstractAccessPostServlet

Parameters:

creator - the response creator service reference

properties - the component properties for the service reference

handleOperation

protected void handleOperation(SlingHttpServletRequest request,
                               PostResponse response,
                               java.util.List<Modification> changes)
                        throws javax.jcr.RepositoryException

Description copied from class: AbstractAccessPostServlet

Extending Servlet should implement this operation to do the work

Specified by:

handleOperation in class AbstractAccessPostServlet

Parameters:

request - the sling http request to process

response - the response

changes - the changes to report

Throws:

javax.jcr.RepositoryException - if any errors applying the changes

modifyAce

public void modifyAce(javax.jcr.Session jcrSession,
                      java.lang.String resourcePath,
                      java.lang.String principalId,
                      java.util.Map<java.lang.String,java.lang.String> privileges,
                      java.lang.String order,
                      boolean autoSave)
               throws javax.jcr.RepositoryException

Description copied from interface: ModifyAce

Add or modify the access control entry for the specified user or group.

Specified by:

modifyAce in interface ModifyAce

Parameters:

jcrSession - the JCR session of the user updating the user

resourcePath - The absolute path of the resource to apply the ACE to (required)

principalId - The name of the user/group to provision (required)

privileges - Map of privileges to apply. (optional)

order - where the access control entry should go in the list.

The value should be one of these:

null	If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position.
first	Place the target ACE as the first amongst its siblings
last	Place the target ACE as the last amongst its siblings
before xyz	Place the target ACE immediately before the sibling whose name is xyz
after xyz	Place the target ACE immediately after the sibling whose name is xyz
numeric	Place the target ACE at the specified numeric index

autoSave - true to automatically save changes to the JCR session, false otherwise

Throws:

javax.jcr.RepositoryException - if any errors applying the changes

modifyAce

public void modifyAce(javax.jcr.Session jcrSession,
                      java.lang.String resourcePath,
                      java.lang.String principalId,
                      java.util.Map<java.lang.String,java.lang.String> privileges,
                      java.lang.String order)
               throws javax.jcr.RepositoryException

Description copied from interface: ModifyAce

Add or modify the access control entry for the specified user or group. This is equivalent to ModifyAce.modifyAce(Session, String, String, Map, String, boolean) with the autoSave parameter value equal to true.

Specified by:

modifyAce in interface ModifyAce

Parameters:

jcrSession - the JCR session of the user updating the user

resourcePath - The absolute path of the resource to apply the ACE to (required)

principalId - The name of the user/group to provision (required)

privileges - Map of privileges to apply. (optional)

order - where the access control entry should go in the list.

The value should be one of these:

null	If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position.
first	Place the target ACE as the first amongst its siblings
last	Place the target ACE as the last amongst its siblings
before xyz	Place the target ACE immediately before the sibling whose name is xyz
after xyz	Place the target ACE immediately after the sibling whose name is xyz
numeric	Place the target ACE at the specified numeric index

Throws:

javax.jcr.RepositoryException - if any errors applying the changes

modifyAce

public void modifyAce(javax.jcr.Session jcrSession,
                      java.lang.String resourcePath,
                      java.lang.String principalId,
                      java.util.Map<java.lang.String,java.lang.String> privileges,
                      java.lang.String order,
                      java.util.Map<java.lang.String,javax.jcr.Value> restrictions,
                      java.util.Map<java.lang.String,javax.jcr.Value[]> mvRestrictions,
                      java.util.Set<java.lang.String> removeRestrictionNames)
               throws javax.jcr.RepositoryException

Description copied from interface: ModifyAce

Add or modify the access control entry for the specified user or group. This is equivalent to ModifyAce.modifyAce(Session, String, String, Map, String, Map, Map, Set, boolean) with the autoSave parameter value equal to true.

Specified by:

modifyAce in interface ModifyAce

Parameters:

jcrSession - the JCR session of the user updating the user

resourcePath - The absolute path of the resource to apply the ACE to (required)

principalId - The name of the user/group to provision (required)

privileges - Map of privileges to apply. (optional)

order - where the access control entry should go in the list.

The value should be one of these:

null	If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position.
first	Place the target ACE as the first amongst its siblings
last	Place the target ACE as the last amongst its siblings
before xyz	Place the target ACE immediately before the sibling whose name is xyz
after xyz	Place the target ACE immediately after the sibling whose name is xyz
numeric	Place the target ACE at the specified numeric index

restrictions - Map of single-value restrictions to apply. (optional)

mvRestrictions - Map of multi-value restrictions to apply. (optional)

removeRestrictionNames - Set of existing restriction names to remove (optional)

Throws:

javax.jcr.RepositoryException - if any errors applying the changes

modifyAce

public void modifyAce(javax.jcr.Session jcrSession,
                      java.lang.String resourcePath,
                      java.lang.String principalId,
                      java.util.Map<java.lang.String,java.lang.String> privileges,
                      java.lang.String order,
                      java.util.Map<java.lang.String,javax.jcr.Value> restrictions,
                      java.util.Map<java.lang.String,javax.jcr.Value[]> mvRestrictions,
                      java.util.Set<java.lang.String> removeRestrictionNames,
                      boolean autoSave)
               throws javax.jcr.RepositoryException

Description copied from interface: ModifyAce

Add or modify the access control entry for the specified user or group.

Specified by:

modifyAce in interface ModifyAce

Parameters:

jcrSession - the JCR session of the user updating the user

resourcePath - The absolute path of the resource to apply the ACE to (required)

principalId - The name of the user/group to provision (required)

privileges - Map of privileges to apply. (optional)

order - where the access control entry should go in the list.

The value should be one of these:

null	If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position.
first	Place the target ACE as the first amongst its siblings
last	Place the target ACE as the last amongst its siblings
before xyz	Place the target ACE immediately before the sibling whose name is xyz
after xyz	Place the target ACE immediately after the sibling whose name is xyz
numeric	Place the target ACE at the specified numeric index

restrictions - Map of single-value restrictions to apply. (optional)

mvRestrictions - Map of multi-value restrictions to apply. (optional)

removeRestrictionNames - Set of existing restriction names to remove (optional)

autoSave - true to automatically save changes to the JCR session, false otherwise

Throws:

javax.jcr.RepositoryException - if any errors applying the changes

modifyAce

protected void modifyAce(javax.jcr.Session jcrSession,
                         java.lang.String resourcePath,
                         java.lang.String principalId,
                         java.util.Map<java.lang.String,java.lang.String> privileges,
                         java.lang.String order,
                         java.util.Map<java.lang.String,javax.jcr.Value> restrictions,
                         java.util.Map<java.lang.String,javax.jcr.Value[]> mvRestrictions,
                         java.util.Set<java.lang.String> removeRestrictionNames,
                         boolean autoSave,
                         java.util.List<Modification> changes)
                  throws javax.jcr.RepositoryException

Throws:

javax.jcr.RepositoryException