com.adobe.granite.security.user.util

Class AuthorizableJSONWriter

java.lang.Object

com.adobe.granite.security.user.util.AuthorizableJSONWriter

All Implemented Interfaces:

PropConstants

public class AuthorizableJSONWriter
extends java.lang.Object
implements PropConstants

AuthorizableJSONWriter is a utility to write a JSON serialization of users and groups.

Default Serialization

The default serialization of a given authorizable includes the following information:

• PropConstants.TYPE: with value "group" or "user" depending on the type of authorizable.
• PropConstants.AUTHORIZABLE_ID: the authorizable ID.
• PropConstants.DISPLAY_NAME: the default display name.
• PropConstants.HOME: The path to the home directory.
• PropConstants.IS_IMPERSONATED: this property is only included if the serialized authorizable is the same as the one associated with the editing session. The flag is 'true' if the session has been obtained through impersonation.

Output Properties

In order to include additional information into the serialization a set of output properties can be specified. Currently the following additional properties are supported:

• PropConstants.PRINCIPAL: The principal name.
• PropConstants.MEMBER_OF: Includes the serialization of the groups this authorizable is member of (as visible to the editing session).
• memberOfTotal: The total number of groups this authorizable is member of. Note, that -1 may be returned if a limit has been specified and the total amount of members exceeds the specified limit
• PropConstants.DECLARED_MEMBER_OF: Includes the serialization of those groups this authorizable is declared member of (as visible to the editing session).
• declaredMemberOfTotal: The number of those groups. Note, that -1 may be returned if a limit has been specified and the total amount of declared membership entries exceeds the specified limit.
• PropConstants.IMAGE: The image information.
• PropConstants.MODIFICATION: Modification information.
• PropConstants.REPLICATION: Replication data.
• PropConstants.WILDCARD: Includes all of the above properties plus the user and group specific properties listed below (except the *Total properties).
• Any other property stored with an authorizable. The property to be included must be referred with a relative path. E.g. 'profile/givenName' would be used to retrieve a property 'givenName' that was stored in the profile subnode. The wildcard '*' is used to include all user specific properties of a subnode e.g. 'profile/*'. Note however, that this will not include protected JCR specific properties. The serialization of the these properties is hierarchical exposing intermediate nodes as JSON objects.

In addition the following user specific properties can be specified:

• PropConstants.IMPERSONATORS: The serialization of those users that can impersonate the target user (as visible to the editing session).
• impersonatorsTotal: The total amount of impersonators. Note, that -1 may be returned if a limit has been specified and the total amount of impersonators exceeds the specified limit.
• PropConstants.DISABLED: The disabled text in case this user is disabled.

And there are a couple of group specific properties:

• PropConstants.MEMBERS: The serialization of the members of this group (as visible to the editing session).
• membersTotal: The total number of members. Note, that -1 may be returned if a limit has been specified and the total number exceeds the limit.
• PropConstants.DECLARED_MEMBERS: The serialization of the declared members of this group (as visible to the editing session).
• declaredMembersTotal: The total number of declared members. Note, that -1 is returned if a limit has been specified and the total number exceeds the limit.

Limit the number of serialized authorizables

For those properties that include serialization of additional authorizables it is possible to set a limit, which is the maximum amount of authorizables that should be serialized with the specified output property. This can be achieved by calling setLimit(String, long) where the 'key' is the name of the output property.

Compatibility Notes

This class replaces CQ AuthorizableJSONWriter.
Please note the following differences in usage:

 - outputprop-keys should be relative paths
 - removed old backwards compatibility lookup from user-prop to profile
 - jcr:created and jcr:createdBy must be listed explicitly
 - rep:userId omitted as this properties no longer exists and is identical to "authorizableId"
 - the "id" key has been renamed to "authorizableId"
 - the "groupName" key has been omitted as it seems wrong to have "name"
   and "id" and in addition a "groupName" which essential was the "id".
 - basic option removed as this is covered by outputprops being empty.
 - the cq specific 'table' view has been removed
 

Field Summary

Fields inherited from interface com.adobe.granite.security.user.util.PropConstants

AUTHORIZABLE_ID, AUTHORIZABLES, CNT, DECLARED_MEMBER_OF, DECLARED_MEMBERS, DISABLED, DISPLAY_NAME, HOME, IMAGE, IMPERSONATORS, IS_IMPERSONATED, MEMBER_OF, MEMBERS, MODIFICATION, OFFSET, PRINCIPAL, REPLICATION, TYPE, TYPE_GROUP, TYPE_USER, WILDCARD

Constructor Summary

Constructors

Constructor and Description
AuthorizableJSONWriter(UserPropertiesManager userPropertiesMgr, ResourceResolver resourceResolver, Session session, java.util.Set<java.lang.String> outputProps, XSSFilter xss)

Method Summary

Modifier and Type	Method and Description
void	setFilterPredicates(java.lang.String[] filters) Creates a predicate list based of the given filters array containing only the non blank filters and merges all of them in a single resulting authorizable predicate.
void	setLimit(java.lang.String key, long limit) Sets the limit for the number of authorizables included in the object with the specified key.
void	write(JSONWriter writer, Authorizable authorizable) Write the data of the specified authorizable to the given writer.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizableJSONWriter

public AuthorizableJSONWriter(UserPropertiesManager userPropertiesMgr,
                              ResourceResolver resourceResolver,
                              Session session,
                              java.util.Set<java.lang.String> outputProps,
                              XSSFilter xss)

Parameters:

userPropertiesMgr - the manager to access the profile.

resourceResolver - the resource resolver

session - the session

outputProps - the output properties

xss - the XSS protection service

Method Detail

setLimit

public void setLimit(java.lang.String key,
                     long limit)

Sets the limit for the number of authorizables included in the object with the specified key.

Parameters:

key - The key as present in the output props.

limit - The maximal number of entries to be created for the given key.

setFilterPredicates

public void setFilterPredicates(java.lang.String[] filters)

Creates a predicate list based of the given filters array containing only the non blank filters and merges all of them in a single resulting authorizable predicate. The resultingAuthorizablePredicate will validate an authorizable if any of the predicates from the list are valid.

Parameters:

filters - an array of given filters to use for creating a predicate list and a resulting predicate from that list

write

public void write(JSONWriter writer,
                  Authorizable authorizable)
           throws JSONException

Write the data of the specified authorizable to the given writer.

Parameters:

writer - The JSONWriter to be used.

authorizable - The target authorizable.

Throws:

JSONException - If an exception occurs.