Class JCRAccessController


  • public class JCRAccessController
    extends Object
    The access controller aims to check the authenticated user has the rights to access either for modification or for read the items in the JCR. An item can be either a node or a property of a node. An access controller should be created for each authenticated user. This class centralizes the rules applied in Silverpeas to control such access rights or permissions for a given user and for whatever implementation of the JCR behind the scene. It expects the control has already and actually been done by one of the AccessControllers in Silverpeas before accessing the items in the JCR; this controller applying just a simple control to ensure the correctness of the permissions on the accessed item of the JCR with this peculiar rule for properties: the permissions on a property of a node is granted if and only if they are granted on the node itself, and this for whatever property of the node.

    In the JCR, the access rights for each user or for each group of users are stored within the JCR itself. So the default control of the accesses in the implementations of the JCR are built with this characteristic in mind. As for the authentication, in order to avoid deduplication of such a control between Silverpeas and the JCR, the access control in the JCR has to be delegated to Silverpeas; hence this class. The Silverpeas wrapper over the implementation of the JCR in use should either extend this class or instantiate it to perform access controls for the underlying JCR implementation.

    Author:
    mmoquillon
    • Constructor Detail

      • JCRAccessController

        public JCRAccessController​(User user,
                                   AccessContext context)
        Construct a new access controller for the given user and with the specified context.
        Parameters:
        user - the user accessing the JCR.
        context - the context for which the user accesses the JCR.
    • Method Detail

      • isGranted

        public boolean isGranted​(JCRNode<?> node,
                                 long permissions)
        Is the specified permissions are granted on the given node to the underlying user? To control the access rights of the user on the properties of a node, this method has to be used with, as parameter, the node having the property on which the permissions have to be checked. Indeed, the permissions on the properties of a node are granted to the user if the same permissions are also granted to user on the node itself.
        Parameters:
        node - the node accessed by the user.
        permissions - the permissions as a bitmask value to check on the node.
        Returns:
        true if the permissions are granted on the node to the user, false otherwise.
      • getUser

        public User getUser()
        Gets the user for which this controller checks the access.
        Returns:
        the user covered by this access controller.
      • getAccessContext

        public AccessContext getAccessContext()
        Gets the context under which the user accesses the JCR.
        Returns:
        the context of the user access.