Package org.apache.jackrabbit.core.security.authorization.acl

Class PentahoACLProvider

  • All Implemented Interfaces:
    org.apache.jackrabbit.core.security.authorization.AccessControlConstants, org.apache.jackrabbit.core.security.authorization.AccessControlProvider, org.apache.jackrabbit.core.security.authorization.AccessControlUtils
    public class PentahoACLProvider
extends org.apache.jackrabbit.core.security.authorization.acl.ACLProvider
    Customization of ACLProvider.
    Author:
    mlowery

    • Field Summary

      • Fields inherited from class org.apache.jackrabbit.core.security.authorization.acl.ACLProvider

        PARAM_ALLOW_UNKNOWN_PRINCIPALS

      • Fields inherited from class org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider

        observationMgr, PARAM_OMIT_DEFAULT_PERMISSIONS, privilegeManager, session

      • Fields inherited from interface org.apache.jackrabbit.core.security.authorization.AccessControlConstants

        N_ACCESSCONTROL, N_POLICY, N_REPO_POLICY, NT_REP_ACCESS_CONTROL, NT_REP_ACCESS_CONTROLLABLE, NT_REP_ACE, NT_REP_ACL, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_PRINCIPAL_ACCESS_CONTROL, NT_REP_REPO_ACCESS_CONTROLLABLE, P_GLOB, P_PRINCIPAL_NAME, P_PRIVILEGES

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean canAccessRoot​(Set<Principal> principals)
      Overridden to: Use custom CompiledPermissions.
      org.apache.jackrabbit.core.security.authorization.CompiledPermissions compilePermissions​(Set<Principal> principals)
      Overridden to: Return custom CompiledPermissions.
      protected org.apache.jackrabbit.core.security.authorization.acl.EntryCollector createEntryCollector​(org.apache.jackrabbit.core.SessionImpl systemSession)
      Overridden to: Return custom EntryCollector.
      protected PentahoCompiledPermissionsImpl getCompiledPermissions​(Set<Principal> principals)  
      void init​(javax.jcr.Session systemSession, Map conf)
      Overridden to: Store configuration for later passing to PentahoEntryCollector. Add JCR_READ_ACCESS_CONTROL to root ACL.
      protected void registerEntryCollectorWithObservationManager​(javax.jcr.Session systemSession)  
      protected boolean requireRootAclUpdate​(org.apache.jackrabbit.core.security.authorization.acl.ACLEditor editor)
      Returns true if the root acl needs updating (if the JCR_READ_ACCESS_CONTROL privilege is missing from the 'everyone' principle) and false otherwise.
      protected void updateRootAcl​(org.apache.jackrabbit.core.SessionImpl systemSession, org.apache.jackrabbit.core.security.authorization.acl.ACLEditor editor)
      Adds ACE so that everyone can read access control.

      • Methods inherited from class org.apache.jackrabbit.core.security.authorization.acl.ACLProvider

        close, getEditor, getEffectivePolicies, getEffectivePolicies

      • Methods inherited from class org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider

        checkInitialized, getAdminPermissions, getPrivilegeManagerImpl, getReadOnlyPermissions, isAcItem, isAcItem, isAdminOrSystem, isLive, isReadOnly

    • Constructor Detail

      • PentahoACLProvider

        public PentahoACLProvider()

    • Method Detail

      • init

        public void init​(javax.jcr.Session systemSession,
                 Map conf)
          throws javax.jcr.RepositoryException
        Overridden to:
        • Store configuration for later passing to PentahoEntryCollector.
        • Add JCR_READ_ACCESS_CONTROL to root ACL. This is harmless and avoids more customization.
        Specified by:
        init in interface org.apache.jackrabbit.core.security.authorization.AccessControlProvider
        Overrides:
        init in class org.apache.jackrabbit.core.security.authorization.acl.ACLProvider
        Throws:
        javax.jcr.RepositoryException

      • registerEntryCollectorWithObservationManager

        protected void registerEntryCollectorWithObservationManager​(javax.jcr.Session systemSession)
                                                     throws javax.jcr.RepositoryException
        Throws:
        javax.jcr.RepositoryException

      • updateRootAcl

        protected void updateRootAcl​(org.apache.jackrabbit.core.SessionImpl systemSession,
                             org.apache.jackrabbit.core.security.authorization.acl.ACLEditor editor)
                      throws javax.jcr.RepositoryException
        Adds ACE so that everyone can read access control. This allows Jackrabbit's default collectAcls to work without change. Otherwise, you have to be an admin to call acMgr.getEffectivePolicies.
        Throws:
        javax.jcr.RepositoryException

      • requireRootAclUpdate

        protected boolean requireRootAclUpdate​(org.apache.jackrabbit.core.security.authorization.acl.ACLEditor editor)
                                throws javax.jcr.RepositoryException
        Returns true if the root acl needs updating (if the JCR_READ_ACCESS_CONTROL privilege is missing from the 'everyone' principle) and false otherwise.
        Throws:
        javax.jcr.RepositoryException

      • createEntryCollector

        protected org.apache.jackrabbit.core.security.authorization.acl.EntryCollector createEntryCollector​(org.apache.jackrabbit.core.SessionImpl systemSession)
                                                                                             throws javax.jcr.RepositoryException
        Overridden to:
        • Return custom EntryCollector.
        • Later access to the EntryCollector
        Overrides:
        createEntryCollector in class org.apache.jackrabbit.core.security.authorization.acl.ACLProvider
        Throws:
        javax.jcr.RepositoryException

      • compilePermissions

        public org.apache.jackrabbit.core.security.authorization.CompiledPermissions compilePermissions​(Set<Principal> principals)
                                                                                         throws javax.jcr.RepositoryException
        Overridden to:
        • Return custom CompiledPermissions.
        Specified by:
        compilePermissions in interface org.apache.jackrabbit.core.security.authorization.AccessControlProvider
        Overrides:
        compilePermissions in class org.apache.jackrabbit.core.security.authorization.acl.ACLProvider
        Throws:
        javax.jcr.RepositoryException
        See Also:
        PentahoCompiledPermissionsImpl

      • canAccessRoot

        public boolean canAccessRoot​(Set<Principal> principals)
                      throws javax.jcr.RepositoryException
        Overridden to:
        • Use custom CompiledPermissions.
        Specified by:
        canAccessRoot in interface org.apache.jackrabbit.core.security.authorization.AccessControlProvider
        Overrides:
        canAccessRoot in class org.apache.jackrabbit.core.security.authorization.acl.ACLProvider
        Throws:
        javax.jcr.RepositoryException
        See Also:
        PentahoCompiledPermissionsImpl