eXo JCR is a complete implementation of the standard JSR 170 - Content Repository for Java TM Technology API, including Level 1, Level 2 and Additional Features specified in the JCR Specification.
The JCR specification (JSR 170) does not have many requirements
about Access Control. It only requires the implementation of the
Session.checkPermission(String absPath, String actions)
method. This
method checks if a current session has permissions to perform some actions
on absPath:
absPath: The string representation of a JCR absolute path.
actions: eXo JCR interprets this string as a comma separated the list of individual action names, such as 4 types defined in JSR 170:
add_node: Permission to add a node.
set_property: Permission to set a property.
remove: Permission to remove an item (node or property).
read: Permission to retrieve a node or read a property value.
For example:
session.checkPermission("/Groups/organization",
"add_node,set_property")
will check if the session allows adding a
child node to "organization" and modifying its properties. If one of
the two permissions is denied, an AccessDeniedException
is
thrown.
session.checkPermission("/Groups/organization/exo:name",
"read,set_property")
will check if the session allows reading and
changing the "exo:name
" property of the "organization
" node.
session.checkPermission("/Groups/organization/exo:name",
"remove")
will check if the session allows removing the "exo:name
"
property or node.