JahiaAccessManager (Jahia Server Implementation 8.0.0.0 API)

java.lang.Object
- org.apache.jackrabbit.core.security.AbstractAccessControlManager
- - org.apache.jackrabbit.core.security.JahiaAccessManager

All Implemented Interfaces:

javax.jcr.security.AccessControlManager, org.apache.jackrabbit.api.security.JackrabbitAccessControlManager, org.apache.jackrabbit.core.security.AccessManager
```
public class JahiaAccessManager
extends org.apache.jackrabbit.core.security.AbstractAccessControlManager
implements org.apache.jackrabbit.core.security.AccessManager, javax.jcr.security.AccessControlManager
```
Current ACL policy :
- If there is a grant ACE defined for the user matching the permission, grant access - If there is a deny ACE defined for the user matching the permission, deny access - Go to parent node, repeat - Then, start again from the leaf - If there are at least one grant ACEs defined for groups the user belongs to, grant access - Go to the parent node, repeat - Deny access

Author:

toto

Field Summary

Fields
Modifier and Type	Field and Description
`protected org.apache.jackrabbit.core.HierarchyManager`	`hierMgr` hierarchy manager used for ACL-based access control model
`protected org.jahia.jaas.JahiaPrincipal`	`jahiaPrincipal`
`protected org.apache.jackrabbit.spi.commons.conversion.NamePathResolver`	`resolver`
`protected Subject`	`subject` Subject whose access rights this AccessManager should reflect
`protected String`	`workspaceName`

Fields inherited from interface org.apache.jackrabbit.core.security.AccessManager
READ, REMOVE, WRITE

Constructor Summary

Constructors
Constructor and Description

JahiaAccessManager()
Empty constructor

Constructors
Constructor and Description
`JahiaAccessManager()` Empty constructor

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`boolean`	`canAccess(String workspaceName)`
`boolean`	`canRead(org.apache.jackrabbit.spi.Path path, org.apache.jackrabbit.core.id.ItemId itemId)`
`protected void`	`checkInitialized()`
`void`	`checkPermission(org.apache.jackrabbit.core.id.ItemId id, int actions)`
`void`	`checkPermission(org.apache.jackrabbit.spi.Path path, int permissions)`
`protected void`	`checkPermission(String absPath, int permission)`
`void`	`checkRepositoryPermission(int permissions)`
`protected void`	`checkValidNodePath(org.apache.jackrabbit.spi.Path p)`
`protected void`	`checkValidNodePath(String absPath)`
`void`	`close()`
`static void`	`flushMatchingPermissions()`
`static void`	`flushPrivilegesInRoles()` Flush the cache of privileges set by role
`javax.jcr.security.AccessControlPolicy[]`	`getEffectivePolicies(Set<Principal> principals)`
`javax.jcr.security.AccessControlPolicy[]`	`getEffectivePolicies(String absPath)`
`Set<javax.jcr.security.Privilege>`	`getPermissionsInRole(String role)`
`protected org.apache.jackrabbit.api.security.authorization.PrivilegeManager`	`getPrivilegeManager()`
`static String`	`getPrivilegeName(String privilegeName, String workspace)`
`javax.jcr.security.Privilege[]`	`getPrivileges(String absPath)`
`javax.jcr.security.Privilege[]`	`getPrivileges(String absPath, Set<Principal> principals)`
`Set<String>`	`getRoles(String absPath)`
`JahiaSystemSession`	`getSecuritySession()`
`boolean`	`hasPrivileges(org.apache.jackrabbit.spi.Path absPath, javax.jcr.security.Privilege[] privileges)`
`boolean`	`hasPrivileges(String absPath, javax.jcr.security.Privilege[] privileges)`
`boolean`	`hasPrivileges(String absPath, Set<Principal> principals, javax.jcr.security.Privilege[] privileges)`
`void`	`init(org.apache.jackrabbit.core.security.AMContext amContext)`
`void`	`init(org.apache.jackrabbit.core.security.AMContext amContext, org.apache.jackrabbit.core.security.authorization.AccessControlProvider acProvider, org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager wspAccessManager)`
`void`	`init(org.apache.jackrabbit.core.security.AMContext context, org.apache.jackrabbit.core.security.authorization.AccessControlProvider acProvider, org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager wspAccessManager, org.apache.jackrabbit.core.RepositoryContext repositoryContext, org.apache.jackrabbit.core.config.WorkspaceConfig workspaceConfig)` Deprecated. Use `init(AMContext, RepositoryContext, WorkspaceConfig)` instead
`void`	`init(org.apache.jackrabbit.core.security.AMContext context, org.apache.jackrabbit.core.RepositoryContext repositoryContext, org.apache.jackrabbit.core.config.WorkspaceConfig workspaceConfig)`
`boolean`	`isAdmin(String siteKey)`
`boolean`	`isGranted(org.apache.jackrabbit.core.id.ItemId id, int actions)`
`boolean`	`isGranted(org.apache.jackrabbit.spi.Path absPath, int permissions)`
`boolean`	`isGranted(org.apache.jackrabbit.spi.Path parentPath, org.apache.jackrabbit.spi.Name childName, int permissions)`
`boolean`	`isGranted(org.apache.jackrabbit.spi.Path absPath, Set<String> permissions)`
`boolean`	`isSystemPrincipal()`
`boolean`	`matchPermission(Set<String> permissions, String role)`
`void`	`setAliased(boolean aliased)`
`static void`	`setDeniedPaths(Collection<String> denied)`

Methods inherited from class org.apache.jackrabbit.core.security.AbstractAccessControlManager
getApplicablePolicies, getApplicablePolicies, getPolicies, getPolicies, getSupportedPrivileges, privilegeFromName, removePolicy, setPolicy

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.jcr.security.AccessControlManager
getApplicablePolicies, getPolicies, getSupportedPrivileges, privilegeFromName, removePolicy, setPolicy

Field Detail

subject
```
protected Subject subject
```
Subject whose access rights this AccessManager should reflect

hierMgr
```
protected org.apache.jackrabbit.core.HierarchyManager hierMgr
```
hierarchy manager used for ACL-based access control model

resolver

protected org.apache.jackrabbit.spi.commons.conversion.NamePathResolver resolver

workspaceName
```
protected String workspaceName
```

jahiaPrincipal

protected org.jahia.jaas.JahiaPrincipal jahiaPrincipal

Constructor Detail
- JahiaAccessManager
```
public JahiaAccessManager()
```
  Empty constructor

Method Detail

getPrivilegeName

public static String getPrivilegeName(String privilegeName,
                                      String workspace)

setDeniedPaths

public static void setDeniedPaths(Collection<String> denied)

init

public void init(org.apache.jackrabbit.core.security.AMContext amContext)
          throws javax.jcr.AccessDeniedException,
                 Exception

Specified by:: init in interface org.apache.jackrabbit.core.security.AccessManager
Throws:: javax.jcr.AccessDeniedException; Exception

init

public void init(org.apache.jackrabbit.core.security.AMContext amContext,
                 org.apache.jackrabbit.core.security.authorization.AccessControlProvider acProvider,
                 org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager wspAccessManager)
          throws javax.jcr.AccessDeniedException,
                 Exception

Specified by:: init in interface org.apache.jackrabbit.core.security.AccessManager
Throws:: javax.jcr.AccessDeniedException; Exception

getSecuritySession

public JahiaSystemSession getSecuritySession()
                                      throws javax.jcr.RepositoryException

Throws:: javax.jcr.RepositoryException

isSystemPrincipal
```
public boolean isSystemPrincipal()
```

init

@Deprecated
public void init(org.apache.jackrabbit.core.security.AMContext context,
                             org.apache.jackrabbit.core.security.authorization.AccessControlProvider acProvider,
                             org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager wspAccessManager,
                             org.apache.jackrabbit.core.RepositoryContext repositoryContext,
                             org.apache.jackrabbit.core.config.WorkspaceConfig workspaceConfig)
                      throws javax.jcr.AccessDeniedException,
                             Exception

Deprecated. Use init(AMContext, RepositoryContext, WorkspaceConfig) instead

Throws:: javax.jcr.AccessDeniedException; Exception

init

public void init(org.apache.jackrabbit.core.security.AMContext context,
                 org.apache.jackrabbit.core.RepositoryContext repositoryContext,
                 org.apache.jackrabbit.core.config.WorkspaceConfig workspaceConfig)
          throws javax.jcr.AccessDeniedException,
                 Exception

Throws:: javax.jcr.AccessDeniedException; Exception

close
```
public void close()
           throws Exception
```
Specified by:

close in interface org.apache.jackrabbit.core.security.AccessManager

Throws:

Exception

checkPermission

public void checkPermission(org.apache.jackrabbit.core.id.ItemId id,
                            int actions)
                     throws javax.jcr.AccessDeniedException,
                            javax.jcr.ItemNotFoundException,
                            javax.jcr.RepositoryException

Specified by:: checkPermission in interface org.apache.jackrabbit.core.security.AccessManager
Throws:: javax.jcr.AccessDeniedException; javax.jcr.ItemNotFoundException; javax.jcr.RepositoryException

checkPermission

public void checkPermission(org.apache.jackrabbit.spi.Path path,
                            int permissions)
                     throws javax.jcr.AccessDeniedException,
                            javax.jcr.RepositoryException

Specified by:: checkPermission in interface org.apache.jackrabbit.core.security.AccessManager
Throws:: javax.jcr.AccessDeniedException; javax.jcr.RepositoryException

checkPermission

protected void checkPermission(String absPath,
                               int permission)
                        throws javax.jcr.AccessDeniedException,
                               javax.jcr.PathNotFoundException,
                               javax.jcr.RepositoryException

Specified by:: checkPermission in class org.apache.jackrabbit.core.security.AbstractAccessControlManager
Throws:: javax.jcr.AccessDeniedException; javax.jcr.PathNotFoundException; javax.jcr.RepositoryException

hasPrivileges

public boolean hasPrivileges(String absPath,
                             Set<Principal> principals,
                             javax.jcr.security.Privilege[] privileges)
                      throws javax.jcr.PathNotFoundException,
                             javax.jcr.AccessDeniedException,
                             javax.jcr.RepositoryException

Specified by:: hasPrivileges in interface org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
Throws:: javax.jcr.PathNotFoundException; javax.jcr.AccessDeniedException; javax.jcr.RepositoryException

checkInitialized
```
protected void checkInitialized()
                         throws IllegalStateException
```
Specified by:

checkInitialized in class org.apache.jackrabbit.core.security.AbstractAccessControlManager

Throws:

IllegalStateException

getPrivilegeManager

protected org.apache.jackrabbit.api.security.authorization.PrivilegeManager getPrivilegeManager()
                                                                                         throws javax.jcr.RepositoryException

Specified by:: getPrivilegeManager in class org.apache.jackrabbit.core.security.AbstractAccessControlManager
Throws:: javax.jcr.RepositoryException

checkRepositoryPermission

public void checkRepositoryPermission(int permissions)
                               throws javax.jcr.AccessDeniedException,
                                      javax.jcr.RepositoryException

Specified by:: checkRepositoryPermission in interface org.apache.jackrabbit.core.security.AccessManager
Throws:: javax.jcr.AccessDeniedException; javax.jcr.RepositoryException

checkValidNodePath
```
protected void checkValidNodePath(String absPath)
                           throws javax.jcr.PathNotFoundException,
                                  javax.jcr.RepositoryException
```
Specified by:

checkValidNodePath in class org.apache.jackrabbit.core.security.AbstractAccessControlManager

Throws:

javax.jcr.PathNotFoundException

javax.jcr.RepositoryException

See Also:

AbstractAccessControlManager.checkValidNodePath(String)

checkValidNodePath

protected void checkValidNodePath(org.apache.jackrabbit.spi.Path p)
                           throws javax.jcr.RepositoryException

Throws:: javax.jcr.RepositoryException

getEffectivePolicies

public javax.jcr.security.AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals)
                                                              throws javax.jcr.AccessDeniedException,
                                                                     javax.jcr.security.AccessControlException,
                                                                     javax.jcr.UnsupportedRepositoryOperationException,
                                                                     javax.jcr.RepositoryException

Specified by:: getEffectivePolicies in interface org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
Throws:: javax.jcr.AccessDeniedException; javax.jcr.security.AccessControlException; javax.jcr.UnsupportedRepositoryOperationException; javax.jcr.RepositoryException

getPrivileges

public javax.jcr.security.Privilege[] getPrivileges(String absPath,
                                                    Set<Principal> principals)
                                             throws javax.jcr.PathNotFoundException,
                                                    javax.jcr.AccessDeniedException,
                                                    javax.jcr.RepositoryException

Specified by:: getPrivileges in interface org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
Throws:: javax.jcr.PathNotFoundException; javax.jcr.AccessDeniedException; javax.jcr.RepositoryException

isGranted

public boolean isGranted(org.apache.jackrabbit.core.id.ItemId id,
                         int actions)
                  throws javax.jcr.ItemNotFoundException,
                         javax.jcr.RepositoryException

Specified by:: isGranted in interface org.apache.jackrabbit.core.security.AccessManager
Throws:: javax.jcr.ItemNotFoundException; javax.jcr.RepositoryException

isGranted

public boolean isGranted(org.apache.jackrabbit.spi.Path absPath,
                         int permissions)
                  throws javax.jcr.RepositoryException

Specified by:: isGranted in interface org.apache.jackrabbit.core.security.AccessManager
Throws:: javax.jcr.RepositoryException

isGranted

public boolean isGranted(org.apache.jackrabbit.spi.Path absPath,
                         Set<String> permissions)
                  throws javax.jcr.RepositoryException

Throws:: javax.jcr.RepositoryException

isGranted

public boolean isGranted(org.apache.jackrabbit.spi.Path parentPath,
                         org.apache.jackrabbit.spi.Name childName,
                         int permissions)
                  throws javax.jcr.RepositoryException

Specified by:: isGranted in interface org.apache.jackrabbit.core.security.AccessManager
Throws:: javax.jcr.RepositoryException

canRead

public boolean canRead(org.apache.jackrabbit.spi.Path path,
                       org.apache.jackrabbit.core.id.ItemId itemId)
                throws javax.jcr.RepositoryException

Specified by:: canRead in interface org.apache.jackrabbit.core.security.AccessManager
Throws:: javax.jcr.RepositoryException

canAccess
```
public boolean canAccess(String workspaceName)
                  throws javax.jcr.RepositoryException
```
Specified by:

canAccess in interface org.apache.jackrabbit.core.security.AccessManager

Throws:

javax.jcr.RepositoryException

getPermissionsInRole

public Set<javax.jcr.security.Privilege> getPermissionsInRole(String role)
                                                       throws javax.jcr.RepositoryException

Throws:: javax.jcr.RepositoryException

matchPermission

public boolean matchPermission(Set<String> permissions,
                               String role)
                        throws javax.jcr.RepositoryException

Throws:: javax.jcr.RepositoryException

hasPrivileges

public boolean hasPrivileges(String absPath,
                             javax.jcr.security.Privilege[] privileges)
                      throws javax.jcr.PathNotFoundException,
                             javax.jcr.RepositoryException

Specified by:: hasPrivileges in interface javax.jcr.security.AccessControlManager
Throws:: javax.jcr.PathNotFoundException; javax.jcr.RepositoryException

hasPrivileges

public boolean hasPrivileges(org.apache.jackrabbit.spi.Path absPath,
                             javax.jcr.security.Privilege[] privileges)
                      throws javax.jcr.PathNotFoundException,
                             javax.jcr.RepositoryException

Throws:: javax.jcr.PathNotFoundException; javax.jcr.RepositoryException

getPrivileges

public javax.jcr.security.Privilege[] getPrivileges(String absPath)
                                             throws javax.jcr.PathNotFoundException,
                                                    javax.jcr.RepositoryException

Specified by:: getPrivileges in interface javax.jcr.security.AccessControlManager
Throws:: javax.jcr.PathNotFoundException; javax.jcr.RepositoryException

getEffectivePolicies

public javax.jcr.security.AccessControlPolicy[] getEffectivePolicies(String absPath)
                                                              throws javax.jcr.PathNotFoundException,
                                                                     javax.jcr.AccessDeniedException,
                                                                     javax.jcr.RepositoryException

Specified by:: getEffectivePolicies in interface javax.jcr.security.AccessControlManager
Throws:: javax.jcr.PathNotFoundException; javax.jcr.AccessDeniedException; javax.jcr.RepositoryException

setAliased

public void setAliased(boolean aliased)

isAdmin

public boolean isAdmin(String siteKey)

getRoles

public Set<String> getRoles(String absPath)
                     throws javax.jcr.PathNotFoundException,
                            javax.jcr.RepositoryException

Throws:: javax.jcr.PathNotFoundException; javax.jcr.RepositoryException

flushPrivilegesInRoles
```
public static void flushPrivilegesInRoles()
```
Flush the cache of privileges set by role

flushMatchingPermissions

public static void flushMatchingPermissions()

Class JahiaAccessManager

Field Summary

Fields inherited from interface org.apache.jackrabbit.core.security.AccessManager

Constructor Summary

Method Summary

Methods inherited from class org.apache.jackrabbit.core.security.AbstractAccessControlManager

Methods inherited from class java.lang.Object

Methods inherited from interface javax.jcr.security.AccessControlManager

Field Detail

subject

hierMgr

resolver

workspaceName

jahiaPrincipal

Constructor Detail

JahiaAccessManager

Method Detail

getPrivilegeName

setDeniedPaths

init

init

getSecuritySession

isSystemPrincipal

init

init

close

checkPermission

checkPermission

checkPermission

hasPrivileges

checkInitialized

getPrivilegeManager

checkRepositoryPermission

checkValidNodePath

checkValidNodePath

getEffectivePolicies

getPrivileges

isGranted

isGranted

isGranted

isGranted

canRead

canAccess

getPermissionsInRole

matchPermission

hasPrivileges

hasPrivileges

getPrivileges

getEffectivePolicies

setAliased

isAdmin

getRoles

flushPrivilegesInRoles

flushMatchingPermissions