Package javax.jcr.security

Interface Privilege

  • public interface Privilege
    A privilege represents the capability of performing a particular set of operations on items in the JCR repository. Each privilege is identified by a JCR name. JCR defines a set of standard privileges in the jcr namespace. Implementations may add additional privileges in namespaces other than jcr.

    A privilege may be an aggregate privilege. Aggregate privileges are sets of other privileges. Granting, denying, or testing an aggregate privilege is equivalent to individually granting, denying, or testing each privilege it contains. The privileges contained by an aggregate privilege may themselves be aggregate privileges if the resulting privilege graph is acyclic.

    A privilege may be an abstract privilege. Abstract privileges cannot themselves be granted or denied, but can be composed into aggregate privileges which are granted or denied.

    A privilege can be both aggregate and abstract.

    Since:
    JCR 2.0

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String JCR_ADD_CHILD_NODES
      A constant representing jcr:addChildNodes (in expanded form), the privilege to create child nodes of a node.
      static java.lang.String JCR_ALL
      A constant representing jcr:all (in expanded form), an aggregate privilege that contains all predefined privileges.
      static java.lang.String JCR_LIFECYCLE_MANAGEMENT
      A constant representing jcr:lifecycleManagement (in expanded form), the privilege to perform lifecycle operations on a node.
      static java.lang.String JCR_LOCK_MANAGEMENT
      A constant representing jcr:lockManagement (in expanded form), the privilege to lock and unlock a node.
      static java.lang.String JCR_MODIFY_ACCESS_CONTROL
      A constant representing jcr:modifyAccessControl (in expanded form), the privilege to modify the access control policies of a node.
      static java.lang.String JCR_MODIFY_PROPERTIES
      A constant representing jcr:modifyProperties (in expanded form), the privilege to create, modify and remove the properties of a node.
      static java.lang.String JCR_NODE_TYPE_MANAGEMENT
      A constant representing jcr:nodeTypeManagement (in expanded form), the privilege to add and remove mixin node types and change the primary node type of a node.
      static java.lang.String JCR_READ
      A constant representing jcr:read (in expanded form), the privilege to retrieve a node and get its properties and their values.
      static java.lang.String JCR_READ_ACCESS_CONTROL
      A constant representing jcr:readAccessControl (in expanded form), the privilege to get the access control policy of a node.
      static java.lang.String JCR_REMOVE_CHILD_NODES
      A constant representing jcr:removeChildNodes (in expanded form), the privilege to remove child nodes of a node.
      static java.lang.String JCR_REMOVE_NODE
      A constant representing jcr:removeNode (in expanded form), the privilege to remove a node.
      static java.lang.String JCR_RETENTION_MANAGEMENT
      A constant representing jcr:retentionManagement (in expanded form), the privilege to perform retention management operations on a node.
      static java.lang.String JCR_VERSION_MANAGEMENT
      A constant representing jcr:versionManagement (in expanded form), the privilege to perform versioning operations on a node.
      static java.lang.String JCR_WRITE
      A constant representing jcr:write (in expanded form), an aggregate privilege that contains: jcr:modifyProperties jcr:addChildNodes jcr:removeNode jcr:removeChildNodes

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      Privilege[] getAggregatePrivileges()
      If this privilege is an aggregate privilege, returns the privileges it contains, the privileges contained by any aggregate privileges among those, and so on (the transitive closure of privileges contained by this privilege).
      Privilege[] getDeclaredAggregatePrivileges()
      If this privilege is an aggregate privilege, returns the privileges directly contained by the aggregate privilege.
      java.lang.String getName()
      Returns the name of this privilege.
      boolean isAbstract()
      Returns whether this privilege is an abstract privilege.
      boolean isAggregate()
      Returns whether this privilege is an aggregate privilege.

    • Field Detail

      • JCR_READ

        static final java.lang.String JCR_READ
        A constant representing jcr:read (in expanded form), the privilege to retrieve a node and get its properties and their values.
        See Also:
        Constant Field Values

      • JCR_MODIFY_PROPERTIES

        static final java.lang.String JCR_MODIFY_PROPERTIES
        A constant representing jcr:modifyProperties (in expanded form), the privilege to create, modify and remove the properties of a node.
        See Also:
        Constant Field Values

      • JCR_ADD_CHILD_NODES

        static final java.lang.String JCR_ADD_CHILD_NODES
        A constant representing jcr:addChildNodes (in expanded form), the privilege to create child nodes of a node.
        See Also:
        Constant Field Values

      • JCR_REMOVE_NODE

        static final java.lang.String JCR_REMOVE_NODE
        A constant representing jcr:removeNode (in expanded form), the privilege to remove a node.

        In order to actually remove a node requires jcr:removeNode on that node and jcr:removeChildNodes on the parent node.

        The distinction is provided in order to reflect implementations that internally model "remove" as a "delete" instead of a "unlink". A repository that uses the "delete" model can have jcr:removeChildNodes in every access control policy, so that removal is effectively controlled by jcr:removeNode.

        See Also:
        Constant Field Values

      • JCR_REMOVE_CHILD_NODES

        static final java.lang.String JCR_REMOVE_CHILD_NODES
        A constant representing jcr:removeChildNodes (in expanded form), the privilege to remove child nodes of a node. In order to actually remove a node requires jcr:removeNode on that node and jcr:removeChildNodes on the parent node.

        The distinction is provided in order to reflect implementations that internally model "remove" as a "unlink" instead of a "delete". A repository that uses the "unlink" model can have jcr:removeNode in every access control policy, so that removal is effectively controlled by jcr:removeChildNodes.

        See Also:
        Constant Field Values

      • JCR_WRITE

        static final java.lang.String JCR_WRITE
        A constant representing jcr:write (in expanded form), an aggregate privilege that contains:
        • jcr:modifyProperties
        • jcr:addChildNodes
        • jcr:removeNode
        • jcr:removeChildNodes
        See Also:
        Constant Field Values

      • JCR_READ_ACCESS_CONTROL

        static final java.lang.String JCR_READ_ACCESS_CONTROL
        A constant representing jcr:readAccessControl (in expanded form), the privilege to get the access control policy of a node.
        See Also:
        Constant Field Values

      • JCR_MODIFY_ACCESS_CONTROL

        static final java.lang.String JCR_MODIFY_ACCESS_CONTROL
        A constant representing jcr:modifyAccessControl (in expanded form), the privilege to modify the access control policies of a node.
        See Also:
        Constant Field Values

      • JCR_LOCK_MANAGEMENT

        static final java.lang.String JCR_LOCK_MANAGEMENT
        A constant representing jcr:lockManagement (in expanded form), the privilege to lock and unlock a node.
        See Also:
        Constant Field Values

      • JCR_VERSION_MANAGEMENT

        static final java.lang.String JCR_VERSION_MANAGEMENT
        A constant representing jcr:versionManagement (in expanded form), the privilege to perform versioning operations on a node.
        See Also:
        Constant Field Values

      • JCR_NODE_TYPE_MANAGEMENT

        static final java.lang.String JCR_NODE_TYPE_MANAGEMENT
        A constant representing jcr:nodeTypeManagement (in expanded form), the privilege to add and remove mixin node types and change the primary node type of a node.
        See Also:
        Constant Field Values

      • JCR_RETENTION_MANAGEMENT

        static final java.lang.String JCR_RETENTION_MANAGEMENT
        A constant representing jcr:retentionManagement (in expanded form), the privilege to perform retention management operations on a node.
        See Also:
        Constant Field Values

      • JCR_LIFECYCLE_MANAGEMENT

        static final java.lang.String JCR_LIFECYCLE_MANAGEMENT
        A constant representing jcr:lifecycleManagement (in expanded form), the privilege to perform lifecycle operations on a node.
        See Also:
        Constant Field Values

      • JCR_ALL

        static final java.lang.String JCR_ALL
        A constant representing jcr:all (in expanded form), an aggregate privilege that contains all predefined privileges.
        • jcr:read
        • jcr:write
        • jcr:readAccessControl
        • jcr:modifyAccessControl
        • jcr:lockManagement
        • jcr:versionManagement
        • jcr:nodeTypeManagement
        • jcr:retentionManagement
        • jcr:lifecycleManagement
        It should, in addition, include all implementation-defined privileges.
        See Also:
        Constant Field Values

    • Method Detail

      • getName

        java.lang.String getName()
        Returns the name of this privilege.

        Since the privilege name is a JCR name, it must be returned in qualified form, according to the prevailing namespace-to-prefix mapping in the current Session (see the specification for details on JCR names).

        Returns:
        the name of this privilege.

      • isAbstract

        boolean isAbstract()
        Returns whether this privilege is an abstract privilege.
        Returns:
        true if this privilege is an abstract privilege; false otherwise.

      • isAggregate

        boolean isAggregate()
        Returns whether this privilege is an aggregate privilege.
        Returns:
        true if this privilege is an aggregate privilege; false otherwise.

      • getDeclaredAggregatePrivileges

        Privilege[] getDeclaredAggregatePrivileges()
        If this privilege is an aggregate privilege, returns the privileges directly contained by the aggregate privilege. Otherwise returns an empty array.
        Returns:
        an array of Privileges

      • getAggregatePrivileges

        Privilege[] getAggregatePrivileges()
        If this privilege is an aggregate privilege, returns the privileges it contains, the privileges contained by any aggregate privileges among those, and so on (the transitive closure of privileges contained by this privilege). Otherwise returns an empty array.
        Returns:
        an array of Privileges