Examples of org.apache.jackrabbit.api.jsr283.security.AccessControlException

• org.apache.jackrabbit.api.jsr283.security.AccessControlException
  Exception thrown by access control related methods of AccessControlManager. @since JCR 2.0

        this.acRootPath = session.getJCRPath(acRootPath);
    }

    ACLTemplate getACL(Principal principal) throws RepositoryException {
        if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
            throw new AccessControlException("Unknown principal.");
        }
        String nPath = getPathToAcNode(principal);
        ACLTemplate acl = null;
        if (session.nodeExists(nPath)) {
            AccessControlPolicy[] plcs = getPolicies(nPath);

            NodeImpl acNode = getAcNode(nodePath);
            if (acNode == null) {
                // check validity and create the ac node
                Principal p = getPrincipal(nodePath);
                if (p == null) {
                    throw new AccessControlException("Access control modification not allowed at " + nodePath);
                }
                acNode = createAcNode(nodePath);
                return new AccessControlPolicy[] {createTemplate(acNode)};
            } // else: acl has already been set before -> use getPolicies instead
        }

    /**
     * @see AccessControlEditor#editAccessControlPolicies(Principal)
     */
    public JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws RepositoryException {
        if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
            throw new AccessControlException("Cannot edit access control: " + principal.getName() +" isn't a known principal.");
        }
        String nPath = getPathToAcNode(principal);
        NodeImpl acNode;
        if (!session.nodeExists(nPath)) {
            acNode = createAcNode(nPath);

                return;
            }
        }
        // node either not access-controlled or the passed policy didn't apply
        // to the node at 'nodePath' -> throw exception. no policy was removed
        throw new AccessControlException("Policy " + policy + " does not apply to " + nodePath);
    }

     */
    private void checkProtectsNode(String nodePath) throws RepositoryException {
        if (session.nodeExists(nodePath)) {
            NodeImpl n = (NodeImpl) session.getNode(nodePath);
            if (n.isNodeType(NT_REP_ACL) || n.isNodeType(NT_REP_ACE)) {
                throw new AccessControlException("Node " + nodePath + " defines ACL or ACE.");
            }
        }
    }

     * @throws AccessControlException
     */
    private void checkValidPolicy(String nodePath, AccessControlPolicy policy)
            throws AccessControlException {
        if (policy == null || !(policy instanceof ACLTemplate)) {
            throw new AccessControlException("Attempt to set/remove invalid policy " + policy);
        }
        ACLTemplate acl = (ACLTemplate) policy;
        if (!nodePath.equals(acl.getPath())) {
            throw new AccessControlException("Policy " + policy + " is not applicable or does not apply to the node at " + nodePath);
        }
    }

     */
    private JackrabbitAccessControlPolicy createTemplate(NodeImpl acNode) throws RepositoryException {
        if (!acNode.isNodeType(NT_REP_PRINCIPAL_ACCESS_CONTROL)) {
            String msg = "Unable to edit Access Control at "+ acNode.getPath()+ ". Expected node of type rep:PrinicipalAccessControl, was " + acNode.getPrimaryNodeType().getName();
            log.debug(msg);
            throw new AccessControlException(msg);
        }

        Principal principal = getPrincipal(acNode.getPath());
        if (principal == null) {
            // use fall back in order to be able to get/remove the policy

        } // else: no-node at all or no acl-node present.
    }

    AccessControlEntry createEntry(Principal princ, Privilege[] privileges, boolean allow, Map restrictions) throws RepositoryException {
        if (!principal.equals(princ)) {
            throw new AccessControlException("Invalid principal. Expected: " + principal);
        }
        if (!allow && principal instanceof Group) {
            throw new AccessControlException("For group principals permissions can only be added but not denied.");
        }

        Set rNames = restrictions.keySet();
        if (!rNames.contains(jcrNodePathName)) {
            throw new AccessControlException("Missing mandatory restriction: " + jcrNodePathName);
        }

        // make sure the nodePath restriction is of type PATH
        Value v = (Value) restrictions.get(jcrNodePathName);
        if (v.getType() != PropertyType.PATH) {

     * @see AccessControlList#removeAccessControlEntry(AccessControlEntry)
     */
    public void removeAccessControlEntry(AccessControlEntry ace)
            throws AccessControlException, RepositoryException {
        if (!(ace instanceof Entry)) {
            throw new AccessControlException("Invalid AccessControlEntry implementation " + ace.getClass().getName() + ".");
        }
        if (!entries.remove(ace)) {
            throw new AccessControlException("Cannot remove AccessControlEntry " + ace);
        }
    }

                    uMgr = new UserManagerImpl(s, adminId);
                    sImpl.addListener(uMgr);
                }
                return uMgr;
            } catch (NoSuchWorkspaceException e) {
                throw new AccessControlException("Cannot build UserManager for " + session.getUserID(), e);
            }
        } else {
            throw new RepositoryException("Internal error: SessionImpl expected.");
        }
    }