Angela Schreiber created OAK-10130: -------------------------------------- Summary: Add API to retrieve effective policies for a set of principals for a given path Key: OAK-10130 URL: https://issues.apache.org/jira/browse/OAK-10130 Project: Jackrabbit Oak Issue Type: New Feature Components: authorization-cug, authorization-principalbased, core, jackrabbit-api, security Reporter: Angela Schreiber Assignee: Angela Schreiber
JCR and Jackrabbit API currently provide the following methods to retrieve effective policies: h4. javax.jcr.security.AccessControlManager {code} AccessControlPolicy[] getEffectivePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException; {code} h4. org.apache.jackrabbit.api.security.JackrabbitAccessControlManager {code} AccessControlPolicy[] getEffectivePolicies(@NotNull Set<Principal> principals) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException; {code} h4. The missing piece What is not possible today however is retrieving the effective policies for a given set of principals that take effect on a particular path. While consumers of the method provided {{JackrabbitAccessControlManager}} might be able to guess where the policies take effect and thus filter the accordingly, this should not be taken for granted and it would be better if there was an API to retrieve the filtered set as the implementations of {{JackrabbitAccessControlManager}} are able to determine the effect (instead of guessing).... in particular when restrictions are present. I would there suggest to introduce in {{JackrabbitAccessControlManager}} something like {code} Iterator<AccessControlPolicy> getEffectivePolicies(@NotNull Set<Principal> principals, @Nullable String absPath) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException; {code} cc: [~cschneider] who highlighted the issue to me while investigating an issue with Sling Content Distribution. -- This message was sent by Atlassian Jira (v8.20.10#820010)