Usually it is not required for a application to check the privileges/permissions of a given session (or set of principals) as this evaluation can be left to the repository.
For rare cases where the application needs to understand if a given session is actually allowed to perform a given action, it is recommend to use Session.hasPermission(String, String) or JackrabbitSession.hasPermission(String, String...)
In order to test permissions that are not reflected in the action constants defined on Session or JackrabbitSession, the default implementation also allows to pass the names of the Oak internal permission.
Alternatively, AccessControlManager.hasPrivileges(String, Privilege[]) can be used.
The subtle differences between the permission-testing Session and the evaluation of privileges on AccessControlManager are listed below.
Where
See section Permissions for a comprehensive list and the mapping from actions to permissions.
Where
For testing purpose the Jackrabbit extension further allows to verify the privileges granted to a given combination of principals, which may or may not reflect the actual principal-set assigned to a given Subject. These calls (see below) however requires the ability to read access control content on the target path.