Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.jackrabbit.commons.jackrabbit.authorization
Class AccessControlUtils

java.lang.Object
  extended by org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils

public class AccessControlUtils
extends Object

This class provides common access control related utilities.

Constructor Summary
AccessControlUtils()
           
 
Method Summary
static boolean addAccessControlEntry(Session session, String absPath, Principal principal, Privilege[] privileges, boolean isAllow)
          A utility method to add a new access control entry.
static boolean addAccessControlEntry(Session session, String absPath, Principal principal, String[] privilegeNames, boolean isAllow)
          A utility method to add a new access control entry.
Please note, that calling Session.save()() is required in order to persist the changes.
static boolean allow(Node node, String principalName, String... privileges)
          Allow certain privileges on a given node for a given principal.
static boolean clear(Node node)
          Removes the access control list at a given node.
static boolean clear(Node node, String principalName)
          Removes all ACL entries for a principal on a given node.
static boolean clear(Session session, String absPath)
          Removes the access control list at the specified absolute path.
static boolean clear(Session session, String absPath, String principalName)
          Removes all ACL entries for a principal at a given absolute path.
static boolean deny(Node node, String principalName, String... privileges)
          Deny certain privileges on a node for a given principal.
static boolean denyAllToEveryone(Session session, String absPath)
          Utility to deny jcr:all privilege to the everyone group principal.
static org.apache.jackrabbit.api.security.JackrabbitAccessControlList getAccessControlList(AccessControlManager accessControlManager, String absPath)
          Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path.
Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.
static org.apache.jackrabbit.api.security.JackrabbitAccessControlList getAccessControlList(Session session, String absPath)
          Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path.
Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.
static Principal getEveryonePrincipal(Session session)
          Shortcut for calling PrincipalManager#getEveryone().
static Principal getPrincipal(Session session, String principalName)
          Retrieves the principal with the specified principalName.
static boolean grantAllToEveryone(Session session, String absPath)
          Utility to grant jcr:all privilege to the everyone group principal.
static String[] namesFromPrivileges(Privilege... privileges)
          Retrieves the names of the specified privileges.
static Privilege[] privilegesFromNames(AccessControlManager accessControlManager, String... privilegeNames)
          Retrieves the Privileges from the specified privilege names.
static Privilege[] privilegesFromNames(Session session, String... privilegeNames)
          Retrieves the Privileges from the specified privilege names.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AccessControlUtils

public AccessControlUtils()
Method Detail

privilegesFromNames

public static Privilege[] privilegesFromNames(Session session,
                                              String... privilegeNames)
                                       throws RepositoryException
Retrieves the Privileges from the specified privilege names.

Parameters:
session - The editing session.
privilegeNames - The privilege names.
Returns:
An array of privileges.
Throws:
RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.

privilegesFromNames

public static Privilege[] privilegesFromNames(AccessControlManager accessControlManager,
                                              String... privilegeNames)
                                       throws RepositoryException
Retrieves the Privileges from the specified privilege names.

Parameters:
accessControlManager - The access control manager.
privilegeNames - The privilege names.
Returns:
An array of privileges.
Throws:
RepositoryException - If an error occurs or if privilegeNames contains an unknown/invalid privilege name.

namesFromPrivileges

public static String[] namesFromPrivileges(Privilege... privileges)
Retrieves the names of the specified privileges.

Parameters:
privileges - One or more privileges.
Returns:
The names of the specified privileges.

getAccessControlList

public static org.apache.jackrabbit.api.security.JackrabbitAccessControlList getAccessControlList(Session session,
                                                                                                  String absPath)
                                                                                           throws RepositoryException
Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path.
Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.

Parameters:
session - The editing session.
absPath - The absolute path of the target node.
Returns:
A modifiable access control list or null if there is none.
Throws:
RepositoryException - If an error occurs.

getAccessControlList

public static org.apache.jackrabbit.api.security.JackrabbitAccessControlList getAccessControlList(AccessControlManager accessControlManager,
                                                                                                  String absPath)
                                                                                           throws RepositoryException
Utility that combines AccessControlManager.getApplicablePolicies(String) and AccessControlManager.getPolicies(String) to retrieve a modifiable JackrabbitAccessControlList for the given path.
Note that the policy must be reapplied and the changes must be saved in order to make the AC modifications take effect.

Parameters:
accessControlManager - The AccessControlManager .
absPath - The absolute path of the target node.
Returns:
A modifiable access control list or null if there is none.
Throws:
RepositoryException - If an error occurs.

addAccessControlEntry

public static boolean addAccessControlEntry(Session session,
                                            String absPath,
                                            Principal principal,
                                            String[] privilegeNames,
                                            boolean isAllow)
                                     throws RepositoryException
A utility method to add a new access control entry.
Please note, that calling Session.save()() is required in order to persist the changes.

Parameters:
session - The editing session.
absPath - The absolute path of the target node.
principal - The principal to grant/deny privileges to.
privilegeNames - The names of the privileges to grant or deny.
isAllow - true to grant; false otherwise.
Returns:
true if the node's ACL was modified and the session has pending changes.
Throws:
RepositoryException - If an error occurs.

addAccessControlEntry

public static boolean addAccessControlEntry(Session session,
                                            String absPath,
                                            Principal principal,
                                            Privilege[] privileges,
                                            boolean isAllow)
                                     throws RepositoryException
A utility method to add a new access control entry. Please note, that a call to Session.save()() is required in order to persist the changes.

Parameters:
session - The editing session
absPath - The absolute path of the target node.
principal - The principal to grant/deny privileges to.
privileges - The privileges to grant or deny
isAllow - true to grant; false otherwise;
Returns:
true if the node's ACL was modified and the session has pending changes.
Throws:
RepositoryException - If an error occurs.

grantAllToEveryone

public static boolean grantAllToEveryone(Session session,
                                         String absPath)
                                  throws RepositoryException
Utility to grant jcr:all privilege to the everyone group principal. Please note, that Session.save()() is required in order to persist the changes.

Parameters:
session - The editing session.
absPath - The absolute path of the target node
Returns:
true if the node's access control list was modified; false otherwise;
Throws:
RepositoryException - If an error occurs.

denyAllToEveryone

public static boolean denyAllToEveryone(Session session,
                                        String absPath)
                                 throws RepositoryException
Utility to deny jcr:all privilege to the everyone group principal. Please note, that Session.save()() is required in order to persist the changes.

Parameters:
session - The editing session.
absPath - The absolute path of the target node
Returns:
true if the node's access control list was modified; false otherwise;
Throws:
RepositoryException - If an error occurs.

allow

public static boolean allow(Node node,
                            String principalName,
                            String... privileges)
                     throws RepositoryException
Allow certain privileges on a given node for a given principal.

To activate the ACL change, session.save() must be called.

Parameters:
node - node to set the resource-based ACL entry on; underlying session is used to write the ACL
principalName - Name of the principal for which the ACL entry should apply
privileges - list of privileges to set by name (see Privilege)
Returns:
true if the node's ACL was modified and the session has pending changes.
Throws:
RepositoryException - If an unexpected repository error occurs

deny

public static boolean deny(Node node,
                           String principalName,
                           String... privileges)
                    throws RepositoryException
Deny certain privileges on a node for a given principal.

To activate the ACL change, session.save() must be called.

Parameters:
node - node to set the resource-based ACL entry on; underlying session is used to write the ACL
principalName - Name of the principal for which the ACL entry should apply
privileges - list of privileges to set by name (see Privilege)
Returns:
true if the node's ACL was modified and the session has pending changes.
Throws:
RepositoryException - If an unexpected repository error occurs

clear

public static boolean clear(Session session,
                            String absPath,
                            String principalName)
                     throws RepositoryException
Removes all ACL entries for a principal at a given absolute path. If the specified principalName is null the policy will be removed altogether.

Modifications only take effect upon Session.save().

Parameters:
session - The editing session.
absPath - Absolute path of an existing node from which to remove ACL entries (or the policy)
principalName - Name of the principal whose entries should be removed; use null to clear the policy.
Returns:
true if the policy has been modified; false otherwise.
Throws:
RepositoryException - If an unexpected repository error occurs

clear

public static boolean clear(Node node,
                            String principalName)
                     throws RepositoryException
Removes all ACL entries for a principal on a given node.

Modification to the policy only take effect upon Session.save() must be called.

Parameters:
node - node from which to remove ACL entries; underlying session is used to write the changes
principalName - Name of the principal whose entries should be removed; use null to clear the policy altogether.
Returns:
true if the node's ACL was modified, false otherwise.
Throws:
RepositoryException - If an unexpected repository error occurs

clear

public static boolean clear(Node node)
                     throws RepositoryException
Removes the access control list at a given node.

To persist the modifications, Session.save() must be called.

Parameters:
node - node from which to remove the ACL; underlying session is used to write the changes
Returns:
true if the node's ACL was removed, false otherwise.
Throws:
RepositoryException - If an unexpected repository error occurs

clear

public static boolean clear(Session session,
                            String absPath)
                     throws RepositoryException
Removes the access control list at the specified absolute path.

To persist the modification, session.save() must be called.

Parameters:
session - The editing session.
absPath - An absolute path of a valid node accessible to the editing session from which to remove the ACL.
Returns:
true if the node's ACL got removed, false otherwise.
Throws:
RepositoryException - If an unexpected repository error occurs

getPrincipal

public static Principal getPrincipal(Session session,
                                     String principalName)
                              throws RepositoryException
Retrieves the principal with the specified principalName. Shortcut for calling PrincipalManager#getPrincipal(String).

Parameters:
session - The editing session which must be a JackrabbitSession.
principalName - The name of the principal.
Returns:
The principal with the specified name or null if no such principal exists.
Throws:
RepositoryException - If an error occurs or if the session is not a JackrabbitSession.

getEveryonePrincipal

public static Principal getEveryonePrincipal(Session session)
                                      throws RepositoryException
Shortcut for calling PrincipalManager#getEveryone().

Parameters:
session - The editing session which must be a JackrabbitSession.
Returns:
The group principal presenting everyone.
Throws:
RepositoryException - If an error occurs or if the session is not a JackrabbitSession.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.