Class AccessControlAction

  • All Implemented Interfaces:
    AuthorizableAction

    public class AccessControlAction
    extends AbstractAuthorizableAction
    The AccessControlAction allows to setup permissions upon creation of a new authorizable; namely the privileges the new authorizable should be granted on it's own 'home directory' being represented by the new node associated with that new authorizable.

    The following to configuration parameters are available with this implementation:

    • groupPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new group on the group node
    • userPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new user on the user node.

    Example configuration:

        groupPrivilegeNames : ["jcr:read"]
        userPrivilegeNames  : ["jcr:read,rep:write"]
     

    This configuration could for example lead to the following content structure upon user or group creation. Note however that the resulting structure depends on the actual access control management being in place:

         UserManager umgr = ((JackrabbitSession) session).getUserManager();
         User user = umgr.createUser("testUser", "t");
    
         + t                           rep:AuthorizableFolder
           + te                        rep:AuthorizableFolder
             + testUser                rep:User, mix:AccessControllable
               + rep:policy            rep:ACL
                 + allow               rep:GrantACE
                   - rep:principalName = "testUser"
                   - rep:privileges    = ["jcr:read","rep:write"]
               - rep:password
               - rep:principalName     = "testUser"
     
         UserManager umgr = ((JackrabbitSession) session).getUserManager();
         Group group = umgr.createGroup("testGroup");
    
         + t                           rep:AuthorizableFolder
           + te                        rep:AuthorizableFolder
             + testGroup               rep:Group, mix:AccessControllable
               + rep:policy            rep:ACL
                 + allow               rep:GrantACE
                   - rep:principalName = "testGroup"
                   - rep:privileges    = ["jcr:read"]
               - rep:principalName     = "testGroup"
     
    • Field Detail

      • USER_PRIVILEGE_NAMES

        public static final java.lang.String USER_PRIVILEGE_NAMES
        See Also:
        Constant Field Values
      • GROUP_PRIVILEGE_NAMES

        public static final java.lang.String GROUP_PRIVILEGE_NAMES
        See Also:
        Constant Field Values
    • Constructor Detail

      • AccessControlAction

        public AccessControlAction()
    • Method Detail

      • onCreate

        public void onCreate​(@NotNull
                             @NotNull Group group,
                             @NotNull
                             @NotNull Root root,
                             @NotNull
                             @NotNull NamePathMapper namePathMapper)
                      throws javax.jcr.RepositoryException
        Description copied from class: AbstractAuthorizableAction
        Doesn't perform any action.
        Specified by:
        onCreate in interface AuthorizableAction
        Overrides:
        onCreate in class AbstractAuthorizableAction
        Parameters:
        group - The new group that has not yet been persisted; e.g. the associated tree is still 'NEW'.
        root - The root associated with the user manager.
        Throws:
        javax.jcr.RepositoryException - If an error occurs.
      • onCreate

        public void onCreate​(@NotNull
                             @NotNull User user,
                             @Nullable
                             @Nullable java.lang.String password,
                             @NotNull
                             @NotNull Root root,
                             @NotNull
                             @NotNull NamePathMapper namePathMapper)
                      throws javax.jcr.RepositoryException
        Description copied from class: AbstractAuthorizableAction
        Doesn't perform any action.
        Specified by:
        onCreate in interface AuthorizableAction
        Overrides:
        onCreate in class AbstractAuthorizableAction
        Parameters:
        user - The new user that has not yet been persisted; e.g. the associated tree is still 'NEW'.
        password - The password that was specified upon user creation.
        root - The root associated with the user manager.
        Throws:
        javax.jcr.RepositoryException - If an error occurs.