Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.jackrabbit.core.security
Class DefaultAccessManager

java.lang.Object
  extended by org.apache.jackrabbit.core.security.AbstractAccessControlManager
      extended by org.apache.jackrabbit.core.security.DefaultAccessManager
All Implemented Interfaces:
AccessControlManager, AccessManager, JackrabbitAccessControlManager
public class DefaultAccessManager
extends AbstractAccessControlManager
implements AccessManager

The DefaultAccessManager controls access by evaluating access control policies for the Subject attached to the Session this manager has been built for.

Please note the following exceptional situations:
This manager allows all privileges for a particular item if

It allows to access all available workspaces if

How access control policies are matched to a particular item is defined by the AccessControlProvider set to this AccessManager.

See Also:
AccessManager, AccessControlManager

Field Summary
 
Fields inherited from interface org.apache.jackrabbit.core.security.AccessManager
READ, REMOVE, WRITE
 
Constructor Summary
DefaultAccessManager()
           
 
Method Summary
 boolean canAccess(java.lang.String workspaceName)
          Determines whether the subject of the current context is granted access to the given workspace.
 boolean canRead(Path itemPath)
          Determines whether the item at the specified absolute path can be read.
protected  void checkInitialized()
          Check if this manager has been properly initialized.
 void checkPermission(ItemId id, int permissions)
          Determines whether the specified permissions are granted on the item with the specified id (i.e.
protected  void checkPrivileges(java.lang.String absPath, int privileges)
          Check if the specified privileges are granted at absPath.
protected  void checkValidNodePath(java.lang.String absPath)
          Build a qualified path from the specified absPath and test if it is really absolute and points to an existing node.
 void close()
          Close this access manager.
 AccessControlPolicy[] getApplicablePolicies(java.security.Principal principal)
          Returns the editable policies for the specified principal.
 AccessControlPolicyIterator getApplicablePolicies(java.lang.String absPath)
          Returns an empty iterator.
 AccessControlPolicy[] getEffectivePolicies(java.lang.String absPath)
          Returns the AccessControlPolicy objects that currently are in effect at the node at absPath.
 AccessControlPolicy[] getPolicies(java.lang.String absPath)
          Returns null.
protected  PrivilegeRegistry getPrivilegeRegistry()
           
 Privilege[] getPrivileges(java.lang.String absPath)
          Returns the privileges the session has for absolute path absPath, which must be an existing node.
 boolean hasPrivileges(java.lang.String absPath, Privilege[] privileges)
          Returns whether the session has the specified privileges for absolute path absPath, which must be an existing node.
 void init(AMContext amContext)
          Initialize this access manager.
 void init(AMContext amContext, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager)
          Initialize this access manager.
 boolean isGranted(ItemId id, int actions)
          Determines whether the specified permissions are granted on the item with the specified id (i.e.
 boolean isGranted(Path absPath, int permissions)
          Determines whether the specified permissions are granted on the item with the specified absPath (i.e.
 boolean isGranted(Path parentPath, Name childName, int permissions)
          Determines whether the specified permissions are granted on an item represented by the combination of the given parentPath and childName (i.e.
 void removePolicy(java.lang.String absPath, AccessControlPolicy policy)
          Always throws AccessControlException
 void setPolicy(java.lang.String absPath, AccessControlPolicy policy)
          Always throws AccessControlException
 
Methods inherited from class org.apache.jackrabbit.core.security.AbstractAccessControlManager
getSupportedPrivileges, privilegeFromName
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultAccessManager

public DefaultAccessManager()
Method Detail

init

public void init(AMContext amContext)
          throws javax.jcr.AccessDeniedException,
                 java.lang.Exception
Description copied from interface: AccessManager
Initialize this access manager. An AccessDeniedException will be thrown if the subject of the given context is not granted access to the specified workspace.

Specified by:
init in interface AccessManager
Parameters:
amContext - access manager context
Throws:
javax.jcr.AccessDeniedException - if the subject is not granted access to the specified workspace.
java.lang.Exception - if another error occurs
See Also:
AccessManager.init(AMContext)

init

public void init(AMContext amContext,
                 AccessControlProvider acProvider,
                 WorkspaceAccessManager wspAccessManager)
          throws javax.jcr.AccessDeniedException,
                 java.lang.Exception
Description copied from interface: AccessManager
Initialize this access manager. An AccessDeniedException will be thrown if the subject of the given context is not granted access to the specified workspace.

Specified by:
init in interface AccessManager
Parameters:
amContext - access manager context
Throws:
javax.jcr.AccessDeniedException - if the subject is not granted access to the specified workspace.
java.lang.Exception - if another error occurs
See Also:
AccessManager.init(AMContext, AccessControlProvider, WorkspaceAccessManager)

close

public void close()
           throws java.lang.Exception
Description copied from interface: AccessManager
Close this access manager. After having closed an access manager, further operations on this object are treated as illegal and throw

Specified by:
close in interface AccessManager
Throws:
java.lang.Exception - if an error occurs
See Also:
AccessManager.close()

checkPermission

public void checkPermission(ItemId id,
                            int permissions)
                     throws javax.jcr.AccessDeniedException,
                            javax.jcr.ItemNotFoundException,
                            javax.jcr.RepositoryException
Description copied from interface: AccessManager
Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).

Specified by:
checkPermission in interface AccessManager
Parameters:
id - the id of the target item
permissions - A combination of one or more of the following constants encoded as a bitmask value:
  • READ
  • WRITE
  • REMOVE
Throws:
javax.jcr.AccessDeniedException - if permission is denied
javax.jcr.ItemNotFoundException - if the target item does not exist
javax.jcr.RepositoryException - it an error occurs
See Also:
AccessManager.checkPermission(ItemId, int)

isGranted

public boolean isGranted(ItemId id,
                         int actions)
                  throws javax.jcr.ItemNotFoundException,
                         javax.jcr.RepositoryException
Description copied from interface: AccessManager
Determines whether the specified permissions are granted on the item with the specified id (i.e. the target item).

Specified by:
isGranted in interface AccessManager
Parameters:
id - the id of the target item
actions - A combination of one or more of the following constants encoded as a bitmask value:
  • READ
  • WRITE
  • REMOVE
Returns:
true if permission is granted; otherwise false
Throws:
javax.jcr.ItemNotFoundException - if the target item does not exist
javax.jcr.RepositoryException - if another error occurs
See Also:
AccessManager.isGranted(ItemId, int)

isGranted

public boolean isGranted(Path absPath,
                         int permissions)
                  throws javax.jcr.RepositoryException
Description copied from interface: AccessManager
Determines whether the specified permissions are granted on the item with the specified absPath (i.e. the target item, that may or may not yet exist).

Specified by:
isGranted in interface AccessManager
Parameters:
absPath - the absolute path to test
permissions - A combination of one or more of the following constants encoded as a bitmask value:
Returns:
true if the specified permissions are granted; otherwise false.
Throws:
javax.jcr.RepositoryException - if an error occurs.
See Also:
AccessManager.isGranted(Path, int)

isGranted

public boolean isGranted(Path parentPath,
                         Name childName,
                         int permissions)
                  throws javax.jcr.RepositoryException
Description copied from interface: AccessManager
Determines whether the specified permissions are granted on an item represented by the combination of the given parentPath and childName (i.e. the target item, that may or may not yet exist).

Specified by:
isGranted in interface AccessManager
Parameters:
parentPath - Path to an existing parent node.
childName - Name of the child item that may or may not exist yet.
permissions - A combination of one or more of the following constants encoded as a bitmask value:
Returns:
true if the specified permissions are granted; otherwise false.
Throws:
javax.jcr.RepositoryException - if an error occurs.
See Also:
AccessManager.isGranted(Path, Name, int)

canRead

public boolean canRead(Path itemPath)
                throws javax.jcr.RepositoryException
Description copied from interface: AccessManager
Determines whether the item at the specified absolute path can be read.

Specified by:
canRead in interface AccessManager
Returns:
true if the item can be read; otherwise false.
Throws:
javax.jcr.RepositoryException - if an error occurs.
See Also:
AccessManager.canRead(Path)

canAccess

public boolean canAccess(java.lang.String workspaceName)
                  throws javax.jcr.RepositoryException
Description copied from interface: AccessManager
Determines whether the subject of the current context is granted access to the given workspace. Note that an implementation is free to test for the existance of a workspace with the specified name. In this case the expected return value is false, if no such workspace exists.

Specified by:
canAccess in interface AccessManager
Parameters:
workspaceName - name of workspace
Returns:
true if the subject of the current context is granted access to the given workspace; otherwise false.
Throws:
javax.jcr.RepositoryException - if an error occurs.
See Also:
AccessManager.canAccess(String)

hasPrivileges

public boolean hasPrivileges(java.lang.String absPath,
                             Privilege[] privileges)
                      throws javax.jcr.PathNotFoundException,
                             javax.jcr.RepositoryException
Description copied from interface: AccessControlManager
Returns whether the session has the specified privileges for absolute path absPath, which must be an existing node.

Testing an aggregate privilege is equivalent to testing each non aggregate privilege among the set returned by calling Privilege.getAggregatePrivileges() for that privilege.

The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

A RepositoryException is thrown if another error occurs.

Specified by:
hasPrivileges in interface AccessControlManager
Parameters:
absPath - an absolute path.
privileges - an array of Privileges.
Returns:
true if the session has the specified privileges; false otherwise.
Throws:
javax.jcr.PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.
javax.jcr.RepositoryException - if another error occurs.
See Also:
AccessControlManager.hasPrivileges(String, Privilege[])

getPrivileges

public Privilege[] getPrivileges(java.lang.String absPath)
                          throws javax.jcr.PathNotFoundException,
                                 javax.jcr.RepositoryException
Description copied from interface: AccessControlManager
Returns the privileges the session has for absolute path absPath, which must be an existing node.

The returned privileges are those for which AccessControlManager.hasPrivileges(java.lang.String, org.apache.jackrabbit.api.jsr283.security.Privilege[]) would return true.

The results reported by the this method reflect the net effect of the currently applied control mechanisms. It does not reflect unsaved access control policies or unsaved access control entries. Changes to access control status caused by these mechanisms only take effect on Session.save() and are only then reflected in the results of the privilege test methods.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

A RepositoryException is thrown if another error occurs.

Specified by:
getPrivileges in interface AccessControlManager
Parameters:
absPath - an absolute path.
Returns:
an array of Privileges.
Throws:
javax.jcr.PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.
javax.jcr.RepositoryException - if another error occurs.
See Also:
AccessControlManager.getPrivileges(String)

getPolicies

public AccessControlPolicy[] getPolicies(java.lang.String absPath)
                                  throws javax.jcr.PathNotFoundException,
                                         javax.jcr.AccessDeniedException,
                                         javax.jcr.RepositoryException
Description copied from class: AbstractAccessControlManager
Returns null.

Specified by:
getPolicies in interface AccessControlManager
Overrides:
getPolicies in class AbstractAccessControlManager
Parameters:
absPath - an absolute path.
Returns:
always returns null.
Throws:
javax.jcr.PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.
javax.jcr.AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
javax.jcr.RepositoryException - if another error occurs.
See Also:
AccessControlManager.getPolicies(String)

getEffectivePolicies

public AccessControlPolicy[] getEffectivePolicies(java.lang.String absPath)
                                           throws javax.jcr.PathNotFoundException,
                                                  javax.jcr.AccessDeniedException,
                                                  javax.jcr.RepositoryException
Description copied from interface: AccessControlManager
Returns the AccessControlPolicy objects that currently are in effect at the node at absPath. This may be policies set through this API or some implementation specific (default) policies.

A PathNotFoundException is thrown if no node at absPath exists or the session does not have privilege to retrieve the node.

An AccessDeniedException is thrown if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.

A RepositoryException is thrown if another error occurs.

Specified by:
getEffectivePolicies in interface AccessControlManager
Parameters:
absPath - an absolute path.
Returns:
an array of AccessControlPolicy objects.
Throws:
javax.jcr.PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.
javax.jcr.AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
javax.jcr.RepositoryException - if another error occurs.
See Also:
AccessControlManager.getEffectivePolicies(String)

getApplicablePolicies

public AccessControlPolicyIterator getApplicablePolicies(java.lang.String absPath)
                                                  throws javax.jcr.PathNotFoundException,
                                                         javax.jcr.AccessDeniedException,
                                                         javax.jcr.RepositoryException
Description copied from class: AbstractAccessControlManager
Returns an empty iterator.

Specified by:
getApplicablePolicies in interface AccessControlManager
Overrides:
getApplicablePolicies in class AbstractAccessControlManager
Parameters:
absPath - an absolute path.
Returns:
always returns an empty iterator.
Throws:
javax.jcr.PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.
javax.jcr.AccessDeniedException - if the session lacks READ_ACCESS_CONTROL privilege for the absPath node.
javax.jcr.RepositoryException - if another error occurs.
See Also:
AccessControlManager.getApplicablePolicies(String)

setPolicy

public void setPolicy(java.lang.String absPath,
                      AccessControlPolicy policy)
               throws javax.jcr.PathNotFoundException,
                      AccessControlException,
                      javax.jcr.AccessDeniedException,
                      javax.jcr.RepositoryException
Description copied from class: AbstractAccessControlManager
Always throws AccessControlException

Specified by:
setPolicy in interface AccessControlManager
Overrides:
setPolicy in class AbstractAccessControlManager
Parameters:
absPath - an absolute path.
policy - the AccessControlPolicy to be applied.
Throws:
javax.jcr.PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.
AccessControlException - if the policy is not applicable.
javax.jcr.AccessDeniedException - if the session lacks MODIFY_ACCESS_CONTROL privilege for the absPath node.
javax.jcr.lock.LockException - if a lock applies at the node at absPath and this implementation performs this validation immediately instead of waiting until save.
javax.jcr.version.VersionException - if the node at absPath is versionable and checked-in or is non-versionable but its nearest versionable ancestor is checked-in and this implementation performs this validation immediately instead of waiting until save.
javax.jcr.RepositoryException - if another error occurs.
See Also:
AccessControlManager.setPolicy(String, AccessControlPolicy)

removePolicy

public void removePolicy(java.lang.String absPath,
                         AccessControlPolicy policy)
                  throws javax.jcr.PathNotFoundException,
                         AccessControlException,
                         javax.jcr.AccessDeniedException,
                         javax.jcr.RepositoryException
Description copied from class: AbstractAccessControlManager
Always throws AccessControlException

Specified by:
removePolicy in interface AccessControlManager
Overrides:
removePolicy in class AbstractAccessControlManager
Parameters:
absPath - an absolute path.
policy - the policy to be removed.
Throws:
javax.jcr.PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.
AccessControlException - if no policy exists.
javax.jcr.AccessDeniedException - if the session lacks MODIFY_ACCESS_CONTROL privilege for the absPath node.
javax.jcr.lock.LockException - if a lock applies at the node at absPath and this implementation performs this validation immediately instead of waiting until save.
javax.jcr.version.VersionException - if the node at absPath is versionable and checked-in or is non-versionable but its nearest versionable ancestor is checked-in and this implementation performs this validation immediately instead of waiting until save.
javax.jcr.RepositoryException - if another error occurs.
See Also:
AccessControlManager.removePolicy(String, AccessControlPolicy)

getApplicablePolicies

public AccessControlPolicy[] getApplicablePolicies(java.security.Principal principal)
                                            throws javax.jcr.AccessDeniedException,
                                                   AccessControlException,
                                                   javax.jcr.UnsupportedRepositoryOperationException,
                                                   javax.jcr.RepositoryException
Description copied from class: AbstractAccessControlManager
Returns the editable policies for the specified principal.

Specified by:
getApplicablePolicies in interface JackrabbitAccessControlManager
Overrides:
getApplicablePolicies in class AbstractAccessControlManager
Returns:
array of policies for the specified principal. Note that the policy object returned must reveal the path of the node where they can be applied later on.
Throws:
javax.jcr.AccessDeniedException - if the session lacks MODIFY_ACCESS_CONTROL privilege.
AccessControlException - if the specified principal does not exist or if same other access control related exception occurs.
javax.jcr.UnsupportedRepositoryOperationException - if editing the policy is not supported.
javax.jcr.RepositoryException - if another error occurs.
See Also:
JackrabbitAccessControlManager.getApplicablePolicies(Principal)

checkInitialized

protected void checkInitialized()
Description copied from class: AbstractAccessControlManager
Check if this manager has been properly initialized.

Specified by:
checkInitialized in class AbstractAccessControlManager
See Also:
AbstractAccessControlManager.checkInitialized()

checkValidNodePath

protected void checkValidNodePath(java.lang.String absPath)
                           throws javax.jcr.PathNotFoundException,
                                  javax.jcr.RepositoryException
Description copied from class: AbstractAccessControlManager
Build a qualified path from the specified absPath and test if it is really absolute and points to an existing node.

Specified by:
checkValidNodePath in class AbstractAccessControlManager
Throws:
javax.jcr.PathNotFoundException - if no node at absPath exists or the session does not have privilege to retrieve the node.
javax.jcr.RepositoryException - If the given absPath is not absolute or if some other error occurs.
See Also:
AbstractAccessControlManager.checkValidNodePath(String)

checkPrivileges

protected void checkPrivileges(java.lang.String absPath,
                               int privileges)
                        throws javax.jcr.AccessDeniedException,
                               javax.jcr.RepositoryException
Description copied from class: AbstractAccessControlManager
Check if the specified privileges are granted at absPath.

Specified by:
checkPrivileges in class AbstractAccessControlManager
Throws:
javax.jcr.AccessDeniedException - if the session does not have the specified privileges.
javax.jcr.PathNotFoundException - if no node exists at absPath of if the session does not have the privilege to READ it.
javax.jcr.RepositoryException
See Also:
AbstractAccessControlManager.checkPrivileges(String, int)

getPrivilegeRegistry

protected PrivilegeRegistry getPrivilegeRegistry()
                                          throws javax.jcr.RepositoryException
Specified by:
getPrivilegeRegistry in class AbstractAccessControlManager
Returns:
the privilege registry
Throws:
javax.jcr.RepositoryException
See Also:
AbstractAccessControlManager.getPrivilegeRegistry()
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2011 Apache Software Foundation. All Rights Reserved.