public interface RepositorySecurityManager
HippoSession bound manager for accessing, and optionally managing, repository based security configuration.
The provided read-only and thread-safe providers are shared across all RepositorySecurityManager instances
(e.g. across multiple HippoSessions).
The provided managers are all dedicated and bound to this RepositorySecurityManager instance and use
(each) a dedicated system session for perform changes. These managers are NOT thread-safe and only to
be used on-behalf of their HippoSession (user).
| Modifier and Type | Method and Description |
|---|---|
ChangePasswordManager |
getChangePasswordManager()
The ChangePasswordManager allows the {link HippoSession} user to change its password
|
DomainsManager |
getDomainsManager()
Provides administrative (crud) domain management; currently limited to only
AuthRoles of an existing domain. |
RolesManager |
getRolesManager()
Provides administrative (crud) roles management.
|
RolesProvider |
getRolesProvider()
Provides a read-only and thread-safe provider for accessing repository Role definitions
|
UserRolesManager |
getUserRolesManager()
Provides administrative (crud) userroles management.
|
UserRolesProvider |
getUserRolesProvider()
Provides a read-only and thread-safe provider for accessing repository User Role definitions
|
RolesProvider getRolesProvider()
UserRolesProvider getUserRolesProvider()
ChangePasswordManager getChangePasswordManager() throws javax.jcr.AccessDeniedException, javax.jcr.RepositoryException
javax.jcr.AccessDeniedException - for a HippoSession.isSystemSession(), a User.isSystemUser() or a
User.isExternal().javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrongRolesManager getRolesManager() throws javax.jcr.AccessDeniedException, javax.jcr.RepositoryException
Accessing the RolesManager requires the HippoSession to be in userrole
SecurityConstants.USERROLE_SECURITY_VIEWER otherwise an AccessDeniedException will be raised.
The HippoSession will be attached to a dedicated internal system session for performing the requested administrative tasks. The HippoSession itself is (only) used for (possibly) additional authorization checks, depending on the requested administrative task, and for (audit) logging purposes.
All of the managers provided by this RepositorySecurityManager share the same internal system session for its HippoSession, which is automatically logged out when the HippoSession logs out.
javax.jcr.AccessDeniedException - if the HippoSession isn't granted the userrole
SecurityConstants.USERROLE_SECURITY_APPLICATION_ADMINjavax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrongUserRolesManager getUserRolesManager() throws javax.jcr.AccessDeniedException, javax.jcr.RepositoryException
Accessing the UserRolesManager requires the HippoSession to be in userrole
SecurityConstants.USERROLE_SECURITY_VIEWER otherwise an AccessDeniedException will be raised.
The HippoSession will be attached to a dedicated internal system session for performing the requested administrative tasks. The HippoSession itself is (only) used for (possibly) additional authorization checks, depending on the requested administrative task, and for (audit) logging purposes.
All of the managers provided by this RepositorySecurityManager share the same internal system session for its HippoSession, which is automatically logged out when the HippoSession logs out.
javax.jcr.AccessDeniedException - if the provided HippoSession isn't granted the userrole
SecurityConstants.USERROLE_SECURITY_APPLICATION_ADMINjavax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrongDomainsManager getDomainsManager() throws javax.jcr.AccessDeniedException, javax.jcr.RepositoryException
AuthRoles of an existing domain.
Accessing the DomainsManager requires the HippoSession to be in userRole
SecurityConstants.USERROLE_SECURITY_VIEWER otherwise an AccessDeniedException will be raised.
Note that this manager only provides and allows operations on DomainAuths in a valid location!
A domain location is valid if:
Likewise, access and operations on AuthRoles is only provided for authroles directly under a valid
domain location.
All modifying operations require the underlying HippoSession to have userRole
SecurityConstants.USERROLE_SECURITY_APPLICATION_ADMIN
The HippoSession will be attached to a dedicated internal system session for performing the requested administrative tasks. The HippoSession itself is (only) used for (possibly) additional authorization checks, depending on the requested administrative task, and for (audit) logging purposes.
All of the managers provided by this RepositorySecurityManager share the same internal system session for its HippoSession, which is automatically logged out when the HippoSession logs out.
javax.jcr.AccessDeniedException - if the provided HippoSession isn't granted the userrole
SecurityConstants.USERROLE_SECURITY_VIEWERjavax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrongCopyright © 2007–2019 Hippo B.V. (http://www.onehippo.com). All rights reserved.