org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImpl.class Maven / Gradle / Ivy
???? 3?
??
?? ??
?? ?? ?? ?? ??
???
?
?? ????? ????? ? ??
??? ??
?? ?
??
???
??? ?
???????A
?????? b???
?
??
??
?? ?
??
?? b??
?
?
?
9 =
=
?
?
?
A
?
A
??
? !
R?
P"#
?$
P%&'
P(
P)
P*
E+
E,- . b/ ?0 b1
?2 b3
E?4
?5678
k9
k:; ?<
k=>
?@
kA
PB
kCDEFG
x?H
xI
xJ
wK
AL
?M
P$N
?OP ?Q
?RS
AT
?U
??
?VW
?X
YZ
Y[\]^ ??
?_ b`a bcd
?e
?f ? ? ?
?ghi
?j
?k blm bn op bq or
st
su
sv bwx
?yz{|
?}
9~
??
????
A?
??D?
??
????
??
?
???
xK??? ??
x?
?????
?????? ?? ?????? ?
??
???????
??????
???? AcePredicate InnerClasses?
ReadPolicy Entry PrincipalACL NodeACL log Lorg/slf4j/Logger; bitsProvider HLorg/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsProvider; ntMgr DLorg/apache/jackrabbit/oak/plugins/nodetype/ReadOnlyNodeTypeManager; principalManager ?Lorg/apache/jackrabbit/api/security/principal/PrincipalManager; restrictionProvider VLorg/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider; configParams @Lorg/apache/jackrabbit/oak/spi/security/ConfigurationParameters; readPaths Ljava/util/Set; Signature #Ljava/util/Set; ?(Lorg/apache/jackrabbit/oak/api/Root;Lorg/apache/jackrabbit/oak/namepath/NamePathMapper;Lorg/apache/jackrabbit/oak/spi/security/SecurityProvider;)V Code LineNumberTable LocalVariableTable this YLorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl; root $Lorg/apache/jackrabbit/oak/api/Root; namePathMapper 3Lorg/apache/jackrabbit/oak/namepath/NamePathMapper; securityProvider 9Lorg/apache/jackrabbit/oak/spi/security/SecurityProvider; "RuntimeVisibleParameterAnnotations Ljavax/annotation/Nonnull; getPolicies =(Ljava/lang/String;)[Ljavax/jcr/security/AccessControlPolicy; absPath Ljava/lang/String; oakPath tree $Lorg/apache/jackrabbit/oak/api/Tree; policy (Ljavax/jcr/security/AccessControlPolicy; policies Ljava/util/List; LocalVariableTypeTable :Ljava/util/List;
StackMapTable??0??
Exceptions RuntimeVisibleAnnotations Ljavax/annotation/Nullable; getEffectivePolicies t plc
parentPath r effective? getApplicablePolicies D(Ljava/lang/String;)Ljavax/jcr/security/AccessControlPolicyIterator; mixinName aclTree setPolicy =(Ljava/lang/String;Ljavax/jcr/security/AccessControlPolicy;)V setPrincipalBasedAcl i(Lorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl$PrincipalACL;)V name arr$ [Ljava/lang/String; len$ I i$ path acl DLorg/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL; restrictions Ljava/util/Map; ace HLorg/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACE; Ljava/util/Iterator; principalAcl fLorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl$PrincipalACL; plcs )[Ljavax/jcr/security/AccessControlPolicy; existing toAdd toRemove 4Ljava/util/Map; ZLjava/util/List;??2 setNodeBasedAcl }(Ljava/lang/String;Lorg/apache/jackrabbit/oak/api/Tree;Lorg/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL;)V aceTree nodeName ntName aceNode )Lorg/apache/jackrabbit/oak/util/NodeUtil; i entries _Ljava/util/Set; removePolicy child children :Ljava/util/Iterator; ^(Ljava/security/Principal;)[Lorg/apache/jackrabbit/api/security/JackrabbitAccessControlPolicy; principal Ljava/security/Principal; BLorg/apache/jackrabbit/api/security/JackrabbitAccessControlPolicy;?S :(Ljava/util/Set;)[Ljavax/jcr/security/AccessControlPolicy; acePath aclName accessControlledTree @Lorg/apache/jackrabbit/api/security/JackrabbitAccessControlList; row )Lorg/apache/jackrabbit/oak/api/ResultRow;
principals aceResult &Lorg/apache/jackrabbit/oak/api/Result; paths *Ljava/util/Set; QLjava/util/Set;??^ U(Ljava/util/Set;)[Ljavax/jcr/security/AccessControlPolicy; defines =(Ljava/lang/String;Ljavax/jcr/security/AccessControlPolicy;)Z e Ljavax/jcr/RepositoryException; accessControlPolicyh
getAclTree \(Ljava/lang/String;Lorg/apache/jackrabbit/oak/api/Tree;)Lorg/apache/jackrabbit/oak/api/Tree;
policyTree Ljavax/annotation/CheckForNull;
createAclTree pb :Lorg/apache/jackrabbit/oak/plugins/memory/PropertyBuilder; mixins -Lorg/apache/jackrabbit/oak/api/PropertyState;?? createACL y(Ljava/lang/String;Lorg/apache/jackrabbit/oak/api/Tree;Z)Lorg/apache/jackrabbit/api/security/JackrabbitAccessControlList; isEffectivePolicy Z ?(Ljava/lang/String;Lorg/apache/jackrabbit/oak/api/Tree;ZLcom/google/common/base/Predicate;)Lorg/apache/jackrabbit/api/security/JackrabbitAccessControlList; predicate "Lcom/google/common/base/Predicate; lLcom/google/common/base/Predicate;?? ?(Ljava/lang/String;Lorg/apache/jackrabbit/oak/api/Tree;ZLcom/google/common/base/Predicate;)Lorg/apache/jackrabbit/api/security/JackrabbitAccessControlList; createPrincipalACL m(Ljava/lang/String;Ljava/security/Principal;)Lorg/apache/jackrabbit/api/security/JackrabbitAccessControlList; aclPath
restrProvider?? createACE ?(Ljava/lang/String;Lorg/apache/jackrabbit/oak/api/Tree;Lorg/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider;)Lorg/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACE; isAllow privNames Ljava/lang/Iterable; (Ljava/lang/Iterable;
searchAces [(Ljava/util/Set;Lorg/apache/jackrabbit/oak/api/Root;)Lorg/apache/jackrabbit/oak/api/Result; queryEngine +Lorg/apache/jackrabbit/oak/api/QueryEngine; msg Ljava/text/ParseException; stmt Ljava/lang/StringBuilder;G? v(Ljava/util/Set;Lorg/apache/jackrabbit/oak/api/Root;)Lorg/apache/jackrabbit/oak/api/Result; getPrincipal ?(Lorg/apache/jackrabbit/oak/api/Tree;)Ljava/security/Principal;
principalName getNodePath \(Lorg/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACE;)Ljava/lang/String; principalBasedAce v Ljavax/jcr/Value;?
access$700 ?(Lorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl;)Lorg/apache/jackrabbit/oak/namepath/NamePathMapper; x0
access$800 ?(Lorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl;)Lorg/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider;
access$900 ?(Lorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl;)Lorg/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration; access$1000 ?(Lorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl;)Lorg/apache/jackrabbit/api/security/principal/PrincipalManager; access$1100 ?(Lorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl;)Lorg/apache/jackrabbit/oak/spi/security/ConfigurationParameters; access$1200 ()Lorg/slf4j/Logger; access$1300 access$1400 ?(Lorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl;)Lorg/apache/jackrabbit/api/security/authorization/PrivilegeManager; access$1500 ?(Lorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl;)Lorg/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsProvider; access$1600 access$1700 access$1800 ()V
SourceFile AccessControlManagerImpl.java???? ? ??? ? ? ? ? ? ? ? ? ? ? Forg/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsProvider ????? ? ? Gorg/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration???????????? ????
java/util/Set ? ??????? java/util/ArrayList ??????????? &javax/jcr/security/AccessControlPolicy?????????????? ??????????xy????? CColliding policy child without node being access controllable ({}).????? ? _org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl$NodeACL ? +Node {} cannot be made access controllable. Iorg/apache/jackrabbit/commons/iterator/AccessControlPolicyIteratorAdapter
?
- dorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl$PrincipalACL./ Borg/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLMN[?? Forg/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACE?? java/util/HashMap rep:nodePath? !?"#?$%&??'()* )Missing ACL at {}; cannot remove entry {}+,-. "org/apache/jackrabbit/oak/api/Tree/?|y012345 rep:GrantACE rep:DenyACE 'org/apache/jackrabbit/oak/util/NodeUtil ?678 rep:principalName9?:; rep:privileges<=>?@AB?C?DE )javax/jcr/security/AccessControlException java/lang/StringBuilder "Unable to retrieve policy node at FGH? ?IJK?? No policy to remove at LM ?org/apache/jackrabbit/api/security/principal/ItemBasedPrincipal???? @org/apache/jackrabbit/api/security/JackrabbitAccessControlPolicy ?NOP?? Yorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl$1 ?QRSTUV?W. 'org/apache/jackrabbit/oak/api/ResultRow9?X? 8Isolated access control entry -> ignore query result at +I rep:repoPolicy dorg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl$AcePredicate ?Y??Zs javax/jcr/RepositoryException Invalid absolute path: [?\]^? jcr:mixinTypes_`abcdefcghijklmdn rep:ACLop?q? Oorg/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL ?r ?s Yorg/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider ?tu? ?vwxyz{|}~? java/lang/Iterable ]org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl$Entry???? ?? /jcr:root //element(*, rep:ACE )[ java/security/Principal or F???? =' ' ''?? order by jcr:path?? xpath??:?:?? java/text/ParseException *Error while collecting effective policies.?? ???? java/lang/String??? Unknown principal >org/apache/jackrabbit/oak/spi/security/principal/PrincipalImpl ?I *Missing mandatory restriction rep:nodePath??? Worg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl??? _org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager Norg/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/PolicyOwner borg/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl$ReadPolicy java/util/List "org/apache/jackrabbit/oak/api/Root java/util/Iterator
java/util/Map $org/apache/jackrabbit/oak/api/Result +org/apache/jackrabbit/oak/api/PropertyState javax/jcr/AccessDeniedException com/google/common/base/Predicate >org/apache/jackrabbit/api/security/JackrabbitAccessControlList Torg/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider javax/jcr/Value getPrivilegeManager E()Lorg/apache/jackrabbit/api/security/authorization/PrivilegeManager; getNamePathMapper 5()Lorg/apache/jackrabbit/oak/namepath/NamePathMapper; getConfig S()Lorg/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration; '(Lorg/apache/jackrabbit/oak/api/Root;)V Borg/apache/jackrabbit/oak/plugins/nodetype/ReadOnlyNodeTypeManager getInstance ?(Lorg/apache/jackrabbit/oak/api/Root;Lorg/apache/jackrabbit/oak/namepath/NamePathMapper;)Lorg/apache/jackrabbit/oak/plugins/nodetype/ReadOnlyNodeTypeManager; 7org/apache/jackrabbit/oak/spi/security/SecurityProvider getConfiguration %(Ljava/lang/Class;)Ljava/lang/Object; getPrincipalManager ?(Lorg/apache/jackrabbit/oak/api/Root;Lorg/apache/jackrabbit/oak/namepath/NamePathMapper;)Lorg/apache/jackrabbit/api/security/principal/PrincipalManager; Oorg/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration getRestrictionProvider X()Lorg/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider;
getParameters B()Lorg/apache/jackrabbit/oak/spi/security/ConfigurationParameters; Sorg/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants DEFAULT_READ_PATHS >org/apache/jackrabbit/oak/spi/security/ConfigurationParameters getConfigValue 8(Ljava/lang/String;Ljava/lang/Object;)Ljava/lang/Object;
getOakPath &(Ljava/lang/String;)Ljava/lang/String; getTree :(Ljava/lang/String;JZ)Lorg/apache/jackrabbit/oak/api/Tree; (I)V add (Ljava/lang/Object;)Z contains
access$000 /()Ljavax/jcr/security/NamedAccessControlPolicy; size ()I toArray (([Ljava/lang/Object;)[Ljava/lang/Object; getRoot &()Lorg/apache/jackrabbit/oak/api/Root; getContentSession 0()Lorg/apache/jackrabbit/oak/api/ContentSession; ,org/apache/jackrabbit/oak/api/ContentSession
getLatestRoot getPath ()Ljava/lang/String; 8(Ljava/lang/String;)Lorg/apache/jackrabbit/oak/api/Tree; org/apache/jackrabbit/util/Text getRelativeParent '(Ljava/lang/String;I)Ljava/lang/String; isEmpty ()Z +org/apache/jackrabbit/oak/commons/PathUtils denotesRoot (Ljava/lang/String;)Z Corg/apache/jackrabbit/oak/security/authorization/accesscontrol/Util
getAclName hasChild org/slf4j/Logger warn '(Ljava/lang/String;Ljava/lang/Object;)V getMixinName
isNodeType 9(Lorg/apache/jackrabbit/oak/api/Tree;Ljava/lang/String;)Z getEffectiveNodeType d(Lorg/apache/jackrabbit/oak/api/Tree;)Lorg/apache/jackrabbit/oak/plugins/nodetype/EffectiveNodeType;