org.apache.jackrabbit.oak.spi.security.user.action

Class AccessControlAction

java.lang.Object

org.apache.jackrabbit.oak.spi.security.user.action.AbstractAuthorizableAction

org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction

All Implemented Interfaces:

AuthorizableAction

public class AccessControlAction
extends AbstractAuthorizableAction

The AccessControlAction allows to setup permissions upon creation of a new authorizable; namely the privileges the new authorizable should be granted on it's own 'home directory' being represented by the new node associated with that new authorizable.

The following to configuration parameters are available with this implementation:

• groupPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new group on the group node
• userPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new user on the user node.

Example configuration:

    groupPrivilegeNames : ["jcr:read"]
    userPrivilegeNames  : ["jcr:read,rep:write"]
 

This configuration could for example lead to the following content structure upon user or group creation. Note however that the resulting structure depends on the actual access control management being in place:

     UserManager umgr = ((JackrabbitSession) session).getUserManager();
     User user = umgr.createUser("testUser", "t");

     + t                           rep:AuthorizableFolder
       + te                        rep:AuthorizableFolder
         + testUser                rep:User, mix:AccessControllable
           + rep:policy            rep:ACL
             + allow               rep:GrantACE
               - rep:principalName = "testUser"
               - rep:privileges    = ["jcr:read","rep:write"]
           - rep:password
           - rep:principalName     = "testUser"
 

     UserManager umgr = ((JackrabbitSession) session).getUserManager();
     Group group = umgr.createGroup("testGroup");

     + t                           rep:AuthorizableFolder
       + te                        rep:AuthorizableFolder
         + testGroup               rep:Group, mix:AccessControllable
           + rep:policy            rep:ACL
             + allow               rep:GrantACE
               - rep:principalName = "testGroup"
               - rep:privileges    = ["jcr:read"]
           - rep:principalName     = "testGroup"
 

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	GROUP_PRIVILEGE_NAMES
static java.lang.String	USER_PRIVILEGE_NAMES

Constructor Summary

Constructors

Constructor and Description
AccessControlAction()

Method Summary

Modifier and Type	Method and Description
void	init(SecurityProvider securityProvider, ConfigurationParameters config) Doesn't perform any action.
void	onCreate(Group group, Root root, NamePathMapper namePathMapper) Doesn't perform any action.
void	onCreate(User user, java.lang.String password, Root root, NamePathMapper namePathMapper) Doesn't perform any action.

Methods inherited from class org.apache.jackrabbit.oak.spi.security.user.action.AbstractAuthorizableAction

onPasswordChange, onRemove

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

USER_PRIVILEGE_NAMES

public static final java.lang.String USER_PRIVILEGE_NAMES

See Also:

Constant Field Values

GROUP_PRIVILEGE_NAMES

public static final java.lang.String GROUP_PRIVILEGE_NAMES

See Also:

Constant Field Values

Constructor Detail

AccessControlAction

public AccessControlAction()

Method Detail

init

public void init(SecurityProvider securityProvider,
                 ConfigurationParameters config)

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

init in interface AuthorizableAction

Overrides:

init in class AbstractAuthorizableAction

onCreate

public void onCreate(Group group,
                     Root root,
                     NamePathMapper namePathMapper)
              throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onCreate in interface AuthorizableAction

Overrides:

onCreate in class AbstractAuthorizableAction

Parameters:

group - The new group that has not yet been persisted; e.g. the associated tree is still 'NEW'.

root - The root associated with the user manager.

Throws:

RepositoryException

onCreate

public void onCreate(User user,
                     java.lang.String password,
                     Root root,
                     NamePathMapper namePathMapper)
              throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onCreate in interface AuthorizableAction

Overrides:

onCreate in class AbstractAuthorizableAction

Parameters:

user - The new user that has not yet been persisted; e.g. the associated tree is still 'NEW'.

password - The password that was specified upon user creation.

root - The root associated with the user manager.

Throws:

RepositoryException - If an error occurs.