Examples of org.apache.jackrabbit.api.security.principal.PrincipalManager

• org.apache.jackrabbit.api.security.principal.PrincipalManager
  This interface defines the principal manager which is the clients view on all principals known to the repository. Each principal manager is bound to a session and is restricted by the respective access control. The principal manager in addition provides basic search facilities.

  A {@link Principal} is an object used to connect to any kind of security mechanism. Example for this are the {@link javax.security.auth.spi.LoginModule login modules} that use principalsto process the login procedure.
  A principal can be a member of a {@link Group}. A group is a principal itself and can therefore be a member of a group again.

  Please note the following security considerations that need to be respected when implementing the PrincipalManager: All principals returned by this manager as well as {@link Group#members()} must respect access restrictionsthat may be present for the Session this manager has been built for. The same applies for {@link #getGroupMembership(Principal)}.

            throw new RepositoryException("No applicable policy found.");
        }
    }

    private ACL createPolicy(@Nullable String path) {
        final PrincipalManager pm = getPrincipalManager(root);
        final RestrictionProvider rp = getRestrictionProvider();
        return new ACL(path, getNamePathMapper()) {
            @Override
            PrincipalManager getPrincipalManager() {
                return pm;

        root.commit();

        Root testRoot = getTestRoot();
        testRoot.refresh();
        JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
        PrincipalManager testPrincipalMgr = getPrincipalManager(testRoot);

        List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
        for (Principal principal : principals) {
            if (testPrincipalMgr.hasPrincipal(principal.getName())) {
                // testRoot can't read access control content -> doesn't see
                // the existing policies and creates a new applicable policy.
                AccessControlPolicy[] policies = testAcMgr.getPolicies(principal);
                assertNotNull(policies);
                assertEquals(0, policies.length);

    public PrincipalIterator getPrincipals() throws RepositoryException {
        Collection coll = new ArrayList();
        // the first element is the main principal of this user.
        coll.add(getPrincipal());
        // in addition add all referees.
        PrincipalManager prMgr = getSession().getPrincipalManager();
        for (Iterator it = getRefereeValues().iterator(); it.hasNext();) {
            String refName = ((Value) it.next()).getString();
            Principal princ = null;
            if (prMgr.hasPrincipal(refName)) {
                try {
                    princ = prMgr.getPrincipal(refName);
                } catch (NoSuchPrincipalException e) {
                    // should not get here
                }
            }
            if (princ == null) {

     * @throws RepositoryException
     */
    static void collectEntries(NodeImpl aclNode, Map princToEntries)
            throws RepositoryException {
        SessionImpl sImpl = (SessionImpl) aclNode.getSession();
        PrincipalManager principalMgr = sImpl.getPrincipalManager();
        AccessControlManager acMgr = sImpl.getAccessControlManager();

        NodeIterator itr = aclNode.getNodes();
        while (itr.hasNext()) {
            NodeImpl aceNode = (NodeImpl) itr.nextNode();
            String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
            // only process aceNode if 'principalName' is contained in the given set
            if (princToEntries.containsKey(principalName)) {
                Principal princ = null;
                if (principalMgr.hasPrincipal(principalName)) {
                    try {
                        princ = principalMgr.getPrincipal(principalName);
                    } catch (NoSuchPrincipalException e) {
                        // should not get here
                    }
                }
                if (princ == null) {

        return princPath.toString();
    }

    private Principal getPrincipal(String pathToACNode) throws RepositoryException {
        String name = getPrincipalName(pathToACNode);
        PrincipalManager pMgr = session.getPrincipalManager();
        if (pMgr.hasPrincipal(name)) {
            return pMgr.getPrincipal(name);
        } else {
            return null;
        }
    }

        return "/ab/c/d";
    }

    protected JackrabbitAccessControlList createEmptyTemplate(String path) throws RepositoryException {
        SessionImpl sImpl = (SessionImpl) superuser;
        PrincipalManager princicipalMgr = sImpl.getPrincipalManager();
        PrivilegeRegistry privilegeRegistry = new PrivilegeRegistry(sImpl);
        return new ACLTemplate(path, princicipalMgr, privilegeRegistry, sImpl.getValueFactory());
    }

            }
        }
    }

    public void testMultiplePrincipals() throws RepositoryException, NotExecutableException {
        PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
        Principal everyone = pMgr.getEveryone();
        Principal grPrincipal = null;
        PrincipalIterator it = pMgr.findPrincipals("", PrincipalManager.SEARCH_TYPE_GROUP);
        while (it.hasNext()) {
            Group gr = (Group) it.nextPrincipal();
            if (!everyone.equals(gr)) {
                grPrincipal = gr;
            }

    public PrincipalIterator getImpersonators() throws RepositoryException {
        Set<String> impersonators = getImpersonatorNames();
        if (impersonators.isEmpty()) {
            return PrincipalIteratorAdapter.EMPTY;
        } else {
            final PrincipalManager pMgr = user.getSession().getPrincipalManager();

            Set<Principal> s = new HashSet<Principal>();
            for (String pName : impersonators) {
                Principal p = pMgr.getPrincipal(pName);
                if (p == null) {
                    log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
                    p = new PrincipalImpl(pName);
                }
                s.add(p);

            String rootPath = session.getRootNode().getPath();
            AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath);
            if (acls.length > 0) {
                ACLTemplate acl = (ACLTemplate) acls[0];

                PrincipalManager pMgr = session.getPrincipalManager();
                AccessControlManager acMgr = session.getAccessControlManager();

                String pName = SecurityConstants.ADMINISTRATORS_NAME;
                if (pMgr.hasPrincipal(pName)) {
                    Principal administrators = pMgr.getPrincipal(pName);
                    log.debug("... Privilege.ALL for administrators.");
                    Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_ALL)};
                    acl.addAccessControlEntry(administrators, privs);
                } else {
                    log.info("Administrators principal group is missing -> omitting initialization of default permissions.");
                }

                Principal everyone = pMgr.getEveryone();
                log.debug("... Privilege.READ for everyone.");
                Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)};
                acl.addAccessControlEntry(everyone, privs);

                editor.setPolicy(rootPath, acl);

    }

    @Override
    protected JackrabbitAccessControlList createEmptyTemplate(String path) throws RepositoryException {
        SessionImpl sImpl = (SessionImpl) superuser;
        PrincipalManager princicipalMgr = sImpl.getPrincipalManager();
        PrivilegeRegistry privilegeRegistry = new PrivilegeRegistry(sImpl);
        return new ACLTemplate(path, princicipalMgr, privilegeRegistry, sImpl.getValueFactory(), sImpl);
    }