public final class ExpectAces extends Object implements net.adamcin.oakpal.api.ProgressCheckFactory
config
options:
principal
String
) REQUIRED (or principals
): The expected principal name (userId or groupId) associated with
all the ace criteria. Takes precendence over principals
unless set to the empty string.principals
String[]
) REQUIRED (or principal
): The expected principal names (userId or groupId) associated
with all the ace criteria. This is essentially shorthand for cases where the same aces policies apply to multiple
principals.expectedAces
String[]
) A list of expected ACE criteria including type, privileges, and path, as well as restriction
constraints. See below for syntax.notExpectedAces
String[]
) A list of non-expected ACE criteria including type, privileges, and path, as well as restriction
constraints. See below for syntax.afterPackageIdRules
Rule[]
) An optional list of patterns describing the scope of package IDs that should trigger evaluation
of ACLs after extraction. By default, the expectations will be evaluated after every package is installed.ignoreNestedPackages
afterPackageIdRules
. Set this to
true to only evaluate after extracting and again after scanning a matching root package.severity
rep:policy nodes are imported differently from normal DocView content. Instead of having a predictable path, they are potentially merged and renamed depending on existing rep:GrantACE or rep:DenyACE children of the rep:policy. Therefore, we have a special check that evaluates the presence of expected rules based on their attributes, instead of their own paths within a package.
Finer-grained Access Control Handling Policies like MERGE and MERGE_PRESERVE operate along lines defined by the principal identified by a particular ACE. Therefore, this check requires that you specific a specific principal to expect aces for.
The syntax for expectedAces and notExpectedAces is similar to that used by ACS AEM Commons for OSGi config definitions. type=allow;privileges=jcr:read,rep:write;path=/content/foo;rep:glob=/jcr:content/*
REQUIRED
/rep:repoPolicy
.OPTIONAL
principal
parameter for this particular ACENote - restrictions with comma-separated values are evaluated as multivalued when the restriction definition so indicates. Otherwise the comma-separated values are treated as an opaque string.
Modifier and Type | Class and Description |
---|---|
static interface |
ExpectAces.JsonKeys |
Modifier and Type | Field and Description |
---|---|
static String |
ACE_PARAM_PATH
Deprecated.
|
static String |
ACE_PARAM_PRIVILEGES
Deprecated.
|
static String |
ACE_PARAM_TYPE
Deprecated.
|
static String |
CONFIG_AFTER_PACKAGE_ID_RULES
Deprecated.
|
static String |
CONFIG_EXPECTED_ACES
Deprecated.
|
static String |
CONFIG_NOT_EXPECTED_ACES
Deprecated.
|
static String |
CONFIG_PRINCIPAL
Deprecated.
|
static String |
CONFIG_PRINCIPALS
Deprecated.
|
static String |
DELIM_LIST |
static String |
DELIM_PARAM |
static String |
DELIM_VALUE |
Constructor and Description |
---|
ExpectAces() |
Modifier and Type | Method and Description |
---|---|
static @NotNull ExpectAces.JsonKeys |
keys() |
net.adamcin.oakpal.api.ProgressCheck |
newInstance(javax.json.JsonObject config) |
@Deprecated public static final String CONFIG_PRINCIPAL
@Deprecated public static final String CONFIG_PRINCIPALS
@Deprecated public static final String CONFIG_EXPECTED_ACES
@Deprecated public static final String CONFIG_NOT_EXPECTED_ACES
@Deprecated public static final String CONFIG_AFTER_PACKAGE_ID_RULES
@Deprecated public static final String ACE_PARAM_TYPE
@Deprecated public static final String ACE_PARAM_PRIVILEGES
@Deprecated public static final String ACE_PARAM_PATH
public static final String DELIM_PARAM
public static final String DELIM_VALUE
public static final String DELIM_LIST
@NotNull public static @NotNull ExpectAces.JsonKeys keys()
Copyright © 2017–2020. All rights reserved.