1 /* 2 * JBoss DNA (http://www.jboss.org/dna) 3 * See the COPYRIGHT.txt file distributed with this work for information 4 * regarding copyright ownership. Some portions may be licensed 5 * to Red Hat, Inc. under one or more contributor license agreements. 6 * See the AUTHORS.txt file in the distribution for a full listing of 7 * individual contributors. 8 * 9 * JBoss DNA is free software. Unless otherwise indicated, all code in JBoss DNA 10 * is licensed to you under the terms of the GNU Lesser General Public License as 11 * published by the Free Software Foundation; either version 2.1 of 12 * the License, or (at your option) any later version. 13 * 14 * JBoss DNA is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public 20 * License along with this software; if not, write to the Free 21 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 22 * 02110-1301 USA, or see the FSF site: http://www.fsf.org. 23 */ 24 package org.modeshape.jcr; 25 26 import java.security.AccessControlContext; 27 import javax.jcr.Credentials; 28 import javax.jcr.Repository; 29 import javax.security.auth.Subject; 30 31 /** 32 * ModeShape currently defines three roles: {@link #READONLY readonly}, {@link #READWRITE readwrite}, and {@link #ADMIN admin}. If 33 * the {@link Credentials}; passed into {@link Repository#login(Credentials)} (or the {@link Subject} from the 34 * {@link AccessControlContext}, if one of the no-credential <code>login(...)</code> methods are used) have any of these roles, 35 * the session will have the corresponding access to all workspaces within the repository. 36 * <p> 37 * The mapping from the roles to the actions that they allow is provided below, for any values of <code>path</code>. 38 * </p> 39 * <h3>Role / Action Mapping</h3> 40 * <table border="1" cellspacing="0" cellpadding="2"> 41 * <tr> 42 * <td><b>Action Name</b></td> 43 * <td><b>readonly</b></td> 44 * <td><b>readwrite</b></td> 45 * <td><b>admin</b></td> 46 * </tr> 47 * </thead> 48 * <tr> 49 * <td>read</td> 50 * <td>Allows</td> 51 * <td>Allows</td> 52 * <td>Allows</td> 53 * </tr> 54 * <tr> 55 * <td>add_node</td> 56 * <td></td> 57 * <td>Allows</td> 58 * <td>Allows</td> 59 * </tr> 60 * <tr> 61 * <td>set_property</td> 62 * <td></td> 63 * <td>Allows</td> 64 * <td>Allows</td> 65 * </tr> 66 * <tr> 67 * <td>remove</td> 68 * <td></td> 69 * <td>Allows</td> 70 * <td>Allows</td> 71 * </tr> 72 * <tr> 73 * <td>register_namespace</td> 74 * <td></td> 75 * <td></td> 76 * <td>Allows</td> 77 * </tr> 78 * <tr> 79 * <td>register_type</td> 80 * <td></td> 81 * <td></td> 82 * <td>Allows</td> 83 * </tr> 84 * <tr> 85 * <td>unlock_any</td> 86 * <td></td> 87 * <td></td> 88 * <td>Allows</td> 89 * </tr> 90 * <tr> 91 * <td>create_workspace</td> 92 * <td></td> 93 * <td></td> 94 * <td>Allows</td> 95 * </tr> 96 * <tr> 97 * <td>delete_workspace</td> 98 * <td></td> 99 * <td></td> 100 * <td>Allows</td> 101 * </tr> 102 * </table> 103 * </p> 104 */ 105 public interface ModeShapeRoles { 106 107 /** 108 * Constant containing the "readonly" role name. 109 */ 110 public static final String READONLY = "readonly"; 111 /** 112 * Constant containing the "readwrite" role name. 113 */ 114 public static final String READWRITE = "readwrite"; 115 /** 116 * Constant containing the "admin" role name. 117 */ 118 public static final String ADMIN = "admin"; 119 120 }