Package org.silverpeas.core.jcr.security
Class JCRAccessController
- java.lang.Object
-
- org.silverpeas.core.jcr.security.JCRAccessController
-
public class JCRAccessController extends Object
The access controller aims to check the authenticated user has the rights to access either for modification or for read the items in the JCR. An item can be either a node or a property of a node. An access controller should be created for each authenticated user. This class centralizes the rules applied in Silverpeas to control such access rights or permissions for a given user and for whatever implementation of the JCR behind the scene. It expects the control has already and actually been done by one of theAccessController
s in Silverpeas before accessing the items in the JCR; this controller applying just a simple control to ensure the correctness of the permissions on the accessed item of the JCR with this peculiar rule for properties: the permissions on a property of a node is granted if and only if they are granted on the node itself, and this for whatever property of the node.In the JCR, the access rights for each user or for each group of users are stored within the JCR itself. So the default control of the accesses in the implementations of the JCR are built with this characteristic in mind. As for the authentication, in order to avoid deduplication of such a control between Silverpeas and the JCR, the access control in the JCR has to be delegated to Silverpeas; hence this class. The Silverpeas wrapper over the implementation of the JCR in use should either extend this class or instantiate it to perform access controls for the underlying JCR implementation.
- Author:
- mmoquillon
-
-
Constructor Summary
Constructors Constructor Description JCRAccessController(User user, AccessContext context)
Construct a new access controller for the given user and with the specified context.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AccessContext
getAccessContext()
Gets the context under which the user accesses the JCR.User
getUser()
Gets the user for which this controller checks the access.boolean
isGranted(JCRNode<?> node, long permissions)
Is the specified permissions are granted on the given node to the underlying user?
-
-
-
Constructor Detail
-
JCRAccessController
public JCRAccessController(User user, AccessContext context)
Construct a new access controller for the given user and with the specified context.- Parameters:
user
- the user accessing the JCR.context
- the context for which the user accesses the JCR.
-
-
Method Detail
-
isGranted
public boolean isGranted(JCRNode<?> node, long permissions)
Is the specified permissions are granted on the given node to the underlying user? To control the access rights of the user on the properties of a node, this method has to be used with, as parameter, the node having the property on which the permissions have to be checked. Indeed, the permissions on the properties of a node are granted to the user if the same permissions are also granted to user on the node itself.- Parameters:
node
- the node accessed by the user.permissions
- the permissions as a bitmask value to check on the node.- Returns:
- true if the permissions are granted on the node to the user, false otherwise.
-
getUser
public User getUser()
Gets the user for which this controller checks the access.- Returns:
- the user covered by this access controller.
-
getAccessContext
public AccessContext getAccessContext()
Gets the context under which the user accesses the JCR.- Returns:
- the context of the user access.
-
-