|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AccessControlManager
The AccessControlManager
object is accessed via Session.getAccessControlManager()
. It provides methods for:
Method Summary | |
---|---|
AccessControlPolicyIterator |
getApplicablePolicies(java.lang.String absPath)
Returns the access control policies that are capable of being applied to the node at absPath . |
AccessControlPolicy[] |
getEffectivePolicies(java.lang.String absPath)
Returns the AccessControlPolicy objects that currently are
in effect at the node at absPath . |
AccessControlPolicy[] |
getPolicies(java.lang.String absPath)
Returns the AccessControlPolicy objects that have been set
to the node at absPath or an empty array if no policy has
been set. |
Privilege[] |
getPrivileges(java.lang.String absPath)
Returns the privileges the session has for absolute path absPath, which must be an existing node. |
Privilege[] |
getSupportedPrivileges(java.lang.String absPath)
Returns the privileges supported for absolute path absPath ,
which must be an existing node. |
boolean |
hasPrivileges(java.lang.String absPath,
Privilege[] privileges)
Returns whether the session has the specified privileges for absolute path absPath , which must be an existing node. |
Privilege |
privilegeFromName(java.lang.String privilegeName)
Returns the privilege with the specified privilegeName . |
void |
removePolicy(java.lang.String absPath,
AccessControlPolicy policy)
Removes the specified AccessControlPolicy from the node at
absPath . |
void |
setPolicy(java.lang.String absPath,
AccessControlPolicy policy)
Binds the policy to the node at absPath . |
Method Detail |
---|
Privilege[] getSupportedPrivileges(java.lang.String absPath) throws PathNotFoundException, RepositoryException
absPath
,
which must be an existing node.
This method does not return the privileges held by the session. Instead, it returns the privileges that the repository supports.
absPath
- an absolute path.
Privilege
s.
PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.
RepositoryException
- if another error occurs.Privilege privilegeFromName(java.lang.String privilegeName) throws AccessControlException, RepositoryException
privilegeName
.
Since the privilege name is a JCR name, it may be passed in either
qualified or expanded form (see specification for details on JCR names).
privilegeName
- the name of an existing privilege.
Privilege
with the specified
privilegeName
.
AccessControlException
- if no privilege with the specified name
exists.
RepositoryException
- if another error occurs.boolean hasPrivileges(java.lang.String absPath, Privilege[] privileges) throws PathNotFoundException, RepositoryException
absPath
, which must be an existing node.
Testing an aggregate privilege is equivalent to testing each non
aggregate privilege among the set returned by calling
Privilege.getAggregatePrivileges()
for that privilege.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of
the privilege test methods.
absPath
- an absolute path.privileges
- an array of Privilege
s.
true
if the session has the specified privileges;
false
otherwise.
PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficent access to retrieve a node at that
location.
RepositoryException
- if another error occurs.Privilege[] getPrivileges(java.lang.String absPath) throws PathNotFoundException, RepositoryException
The returned privileges are those for which hasPrivileges(java.lang.String, javax.jcr.security.Privilege[])
would
return true
.
The results reported by the this method reflect the net effect of
the currently applied control mechanisms. It does not reflect unsaved
access control policies or unsaved access control entries. Changes to
access control status caused by these mechanisms only take effect on
Session.save()
and are only then reflected in the results of
the privilege test methods.
absPath
- an absolute path.
Privilege
s.
PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.
RepositoryException
- if another error occurs.AccessControlPolicy[] getPolicies(java.lang.String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException
AccessControlPolicy
objects that have been set
to the node at absPath
or an empty array if no policy has
been set. This method reflects the binding state, including transient
policy modifications.
Use getEffectivePolicies(String)
in order to determine the
policy that effectively applies at absPath
.
absPath
- an absolute path.
AccessControlPolicy
objects or an empty
array if no policy has been set.
PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.
AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
RepositoryException
- if another error occurs.AccessControlPolicy[] getEffectivePolicies(java.lang.String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException
AccessControlPolicy
objects that currently are
in effect at the node at absPath
. This may be policies set
through this API or some implementation specific (default) policies.
absPath
- an absolute path.
AccessControlPolicy
objects.
PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.
AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
RepositoryException
- if another error occurs.AccessControlPolicyIterator getApplicablePolicies(java.lang.String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException
absPath
.
absPath
- an absolute path.
AccessControlPolicyIterator
over the applicable
access control policies or an empty iterator if no policies are
applicable.
PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.
AccessDeniedException
- if the session lacks
READ_ACCESS_CONTROL
privilege for the absPath
node.
RepositoryException
- if another error occurs.void setPolicy(java.lang.String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException
policy
to the node at absPath
.
The behavior of the call acm.setPolicy(absPath, policy)
differs depending on how the policy
object was originally
acquired.
If policy
was acquired through acm.getApplicablePolicies(absPath)
then that policy
object
is added to the node at absPath
.
On the other hand, if policy
was acquired through acm.getPolicies(absPath)
then that policy
object (usually after being altered) replaces its former version on the
node at absPath
.
This is session-write method and therefore the access control policy is
only dispatched on save
and will only take effect upon
persist.
A VersionException
will be thrown either immediately, on
dispatch or on persists, if the node at absPath
is read-only
due to a checked-in node. Implementations may differ on when this
validation is performed.
A LockException
will be thrown either immediately, on
dispatch or on persists, if a lock prevents the operation.
Implementations may differ on when this validation is performed.
absPath
- an absolute path.policy
- the AccessControlPolicy
to be applied.
PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.
AccessControlException
- if the policy is not applicable.
AccessDeniedException
- if the session lacks
MODIFY_ACCESS_CONTROL
privilege for the absPath
node.
LockException
- if a lock applies at the node at
absPath
and this implementation performs this validation
immediately.
VersionException
- if the node at absPath
is read-only
due to a checked-in node and this implementation performs this validation
immediately.
RepositoryException
- if another error occurs.void removePolicy(java.lang.String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException
AccessControlPolicy
from the node at
absPath
.
An AccessControlPolicy
can only be removed if it was bound
to the specified node through this API before. The effect of the removal
only takes place upon Session.save()
. Note, that an
implementation default or any other effective AccessControlPolicy
that has not been applied to the node before may never be removed using
this method.
A PathNotFoundException
is thrown if no node at
absPath
exists or the session does not have privilege to
retrieve the node.
An AccessControlException
is thrown if the policy to remove
does not exist at the node at absPath
.
An AccessDeniedException
is thrown if the session lacks
MODIFY_ACCESS_CONTROL
privilege for the absPath
node.
An LockException
is thrown either immediately, on dispatch
or on persists, if the node at absPath
is locked.
Implementations may differ on when this validation is performed.
An VersionException
is thrown either immediately, on
dispatch or on persists, if the node at absPath
is read-only
due to a checked-in node.Implementations may differ on when this
validation is performed.
A RepositoryException
is thrown if another error occurs.
absPath
- an absolute path.policy
- the policy to be removed.
PathNotFoundException
- if no node at absPath
exists
or the session does not have sufficient access to retrieve a node at that
location.
AccessControlException
- if no policy exists.
AccessDeniedException
- if the session lacks
MODIFY_ACCESS_CONTROL
privilege for the absPath
node.
LockException
- if a lock applies at the node at
absPath
and this implementation performs this validation
immediately instead of waiting until save
.
VersionException
- if the node at absPath
is
versionable and checked-in or is non-versionable but its nearest
versionable ancestor is checked-in and this implementation performs this
validation immediately instead of waiting until save
.
RepositoryException
- if another error occurs.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |