org.apache.jackrabbit.api.security.JackrabbitAccessControlManager Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.api.security;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.PathNotFoundException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import java.security.Principal;
import java.util.Set;
import org.osgi.annotation.versioning.ProviderType;
/**
* JackrabbitAccessControlManager provides extensions to the
* AccessControlManager interface.
*/
@ProviderType
public interface JackrabbitAccessControlManager extends AccessControlManager {
/**
* Returns the applicable policies for the specified principal
* or an empty array if no additional policies can be applied.
*
* @param principal A principal known to the editing session.
* @return array of policies for the specified principal. Note
* that the policy object returned must reveal the path of the node where
* they can be applied later on using {@link AccessControlManager#setPolicy(String, javax.jcr.security.AccessControlPolicy)}.
* @throws AccessDeniedException if the session lacks
* MODIFY_ACCESS_CONTROL privilege.
* @throws AccessControlException if the specified principal does not exist
* or if another access control related exception occurs.
* @throws UnsupportedRepositoryOperationException if editing access control
* policies by principal is not supported.
* @throws RepositoryException if another error occurs.
* @see JackrabbitAccessControlPolicy#getPath()
*/
JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException;
/**
* Returns the AccessControlPolicy objects that have been set
* for the given principal or an empty array if no policy has
* been set. This method reflects the binding state, including transient
* policy modifications.
*
* @param principal A valid principal.
* @return The policies defined for the given principal or an empty array.
* @throws AccessDeniedException if the session lacks
* READ_ACCESS_CONTROL privilege.
* @throws AccessControlException if the specified principal does not exist
* or if another access control related exception occurs.
* @throws UnsupportedRepositoryOperationException if editing access control
* policies by principal is not supported.
* @throws RepositoryException If another error occurs.
*/
JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException;
/**
* Returns the AccessControlPolicy objects that are in effect
* for the given Principals. This may be policies set through
* this API or some implementation specific (default) policies.
*
* @param principals A set of valid principals.
* @return The policies defined for the given principal or an empty array.
* @throws AccessDeniedException if the session lacks
* READ_ACCESS_CONTROL privilege.
* @throws AccessControlException if the specified principal does not exist
* or if another access control related exception occurs.
* @throws UnsupportedRepositoryOperationException if editing access control
* policies by principal is not supported.
* @throws RepositoryException If another error occurs.
*/
AccessControlPolicy[] getEffectivePolicies(Set principals) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException;
/**
* Returns whether the given set of Principals has the specified
* privileges for absolute path absPath, which must be an
* existing node.
*
* Testing an aggregate privilege is equivalent to testing each non
* aggregate privilege among the set returned by calling
* Privilege.getAggregatePrivileges() for that privilege.
*
* The results reported by the this method reflect the net effect of
* the currently applied control mechanisms. It does not reflect unsaved
* access control policies or unsaved access control entries. Changes to
* access control status caused by these mechanisms only take effect on
* Session.save() and are only then reflected in the results of
* the privilege test methods.
*
* Since this method allows to view the privileges of principals other
* than included in the editing session, this method must throw
* AccessDeniedException if the session lacks
* READ_ACCESS_CONTROL privilege for the absPath
* node.
*
* @param absPath an absolute path.
* @param principals a set of Principals for which is the
* given privileges are tested.
* @param privileges an array of Privileges.
* @return true if the session has the specified privileges;
* false otherwise.
* @throws javax.jcr.PathNotFoundException if no node at absPath exists
* or the session does not have sufficient access to retrieve a node at that location.
* @throws AccessDeniedException if the session lacks
* READ_ACCESS_CONTROL privilege for the absPath node.
* @throws RepositoryException if another error occurs.
*/
public boolean hasPrivileges(String absPath, Set principals, Privilege[] privileges)
throws PathNotFoundException, AccessDeniedException, RepositoryException;
/**
* Returns the privileges the given set of Principals has for
* absolute path absPath, which must be an existing node.
*
* The returned privileges are those for which {@link #hasPrivileges} would
* return true.
*
* The results reported by the this method reflect the net effect of
* the currently applied control mechanisms. It does not reflect unsaved
* access control policies or unsaved access control entries. Changes to
* access control status caused by these mechanisms only take effect on
* Session.save() and are only then reflected in the results of
* the privilege test methods.
*
* Since this method allows to view the privileges of principals other
* than included in the editing session, this method must throw
* AccessDeniedException if the session lacks
* READ_ACCESS_CONTROL privilege for the absPath
* node.
*
* Note that this method does not resolve any group membership, as this is
* the job of the user manager. nor does it augment the set with the
* "everyone" principal.
*
* @param absPath an absolute path.
* @param principals a set of Principals for which is the
* privileges are retrieved.
* @return an array of Privileges.
* @throws PathNotFoundException if no node at absPath exists
* or the session does not have sufficient access to retrieve a node at that
* location.
* @throws AccessDeniedException if the session lacks READ_ACCESS_CONTROL
* privilege for the absPath node.
* @throws RepositoryException if another error occurs.
*/
public Privilege[] getPrivileges(String absPath, Set principals)
throws PathNotFoundException, AccessDeniedException, RepositoryException;
}