Skip to main content

Content Selectors

Content selectors give access to specific content or namespace from a repository rather than the entire repository. The content is selected using search expressions written in CSEL (Content Selector Expression Language). CSEL is a light version of JEXL used to script queries along specific paths and coordinates available to your repository manager formats.

Content selectors define what content users are allowed to access. You define a selector name with a search expression to match all components that start with the designated component path.

After creating the content selector, it must be added to a privilege to scope it to a specific repository. This privilege is used to provide access to that namespace for a role, group, or user.

Content Selector > Privilege > Role > Group > User

See Manage Selector Permissions for using content selectors in Privileges.

Content selector best practices

  • Content selectors are best used for managing write access to team namespaces within a repository.

  • Content selectors do not revoke access provided by other privileges or selectors. To exclude read and write access to specific content, the best practice is to move the content to a privately hosted repository and limit permissions to that repository.

  • Group repository permissions will override more specific read permissions for included repositories.

  • Docker format requires some special considerations when creating content selectors.

    See Content Selectors and Docker

Content selectors in highly available deployments

There are variations in how content selectors work depending on the environment. For HA deployments using PostgreSQL, you cannot use regular expressions in content selectors. For non-HA environments, you can use regular expressions in your content selectors.

Review the Content Selector Reference below for examples of HA and non-HA selectors.

Deployments

Supported Regular Expressions

PostgreSQL as HA

does not support regular expressions for searching

PostgreSQL without HA

use PostgreSQL regular expressions

See the PostgreSQL documentation

OrientDB and H2

use JEXL regular expressions

Creating a Content Selector

  1. Select Content Selectors located in the Repository, from the Administration menu

  2. Select Create selector to open the dialog

  3. Enter a Name and Description for the content selector

  4. Use the Search expression field to build your query using CSEL syntax

Preview Repository

Preview the results of the search expression by selecting the preview results button. The preview will only display 10 results to limit any performance impact.

  1. Select a repository or grouping of repositories from the Preview Repository dropdown

  2. Select the Preview button

    1. Use the Filter to check for a specific result

    2. Use the Name column to sort the results

  3. Select Save to create the content selector

Content Selector Reference

Below are the attributes for content selectors that define path and format as values. The asset’s path must begin with a leading slash.

Attribute

Allowed Values

path

The path of your repository content with a leading slash

format

The format of the content for which you query (including the format is not required)

Content selector operators for HA Deployments

Operator

Description

Example

==

Matches text exactly

format == "raw"

=^

Starts with text

path =^ "/org/apache/commons/"

and

Match all expressions

format == "maven2" and path =^ "/org/apache/commons"

or

Match any expression

format == "maven2" or format == "npm"

(expr)

Group multiple expressions

format == "npm" or (format == "maven2" and path =^ "/org/apache/commons")

Content selector operators for Non-HA Deployment

Operator

Description

Example

==

Matches text exactly

format == "raw"

=~

Matches a Java regular expression pattern

path =~ "^/org/apache/commons/.*"

=^

Starts with text

path =^ "/com/example/"

and

Match all expressions

format == "maven2" and path =~ "^/org/apache/commons/.*"

or

Match any expression

format == "maven2" or format == "npm"

(expr)

Group multiple expressions

format == "npm" or (format == "maven2" and path =~ "^/org/apache/commons/.*")

\-

Escaping dashes in version ranges

path =~ "[0-9a-zA-Z\-_]"

Permissions for Tree Browsing

Read access selectors should include access to tree browsing in the Repository Manager UI. The content selectors need to include permissions for the parent directories of the artifacts.

Tree browsing for Highly Available (HA) environments

(format == "maven2" and (path =^ "/" OR path =^ "/org/" OR path =^ "/org/apache/" OR path =^ "/org/apache/commons/"))

Regular expression example including the parent directory:

format == "maven2" and path =~ "/|/org/|/org/apache/|/org/apache/commons/.*"

Alternatively, if you don't mind users being able to see any directory name (just not the contents), use the following.

format== "maven2" and path =~".*/|/org/apache/commons.*"