com.jalios.jcms.accesscontrol
Class AccessControlManager

java.lang.Object
  com.jalios.jcms.ChannelListener
      com.jalios.jcms.accesscontrol.AccessControlManager

All Implemented Interfaces:

AccessControlConstants, PluginComponent, JPropertiesListener, Comparable

public class AccessControlManager
extends ChannelListener
implements JPropertiesListener, AccessControlConstants

Manager of Access Control in JCMS.

Since:

jcms-7.0

Version:

$Revision: 28657 $

Field Summary

static String

REVISION

Fields inherited from class com.jalios.jcms.ChannelListener

order

Fields inherited from interface com.jalios.jcms.accesscontrol.AccessControlConstants

ADMIN_RESOURCE, CTXT_DATA, CTXT_WORKSPACE, WORKSPACE_ADMIN_RESOURCE

Method Summary

boolean	checkAccess(Member member, String resource, Map<String,Object> context) Check if the specified member is authorized to access the specified resource.
Set<String>	getDeclaredResources() Retrieve the resources declared in properties.
static AccessControlManager	getInstance()
Set<String>	getValidResources() Retrieve the resources allowed to be accessed (those declared in properties and the associated zone).
void	handleFinalize() Called when the channel is finalized
void	init()
void	initAfterStoreLoad() Called just after the store has been loaded and the channel has been initialized.
void	initBeforeStoreLoad() Called just before the store has been loaded.
protected static boolean	internalCheckWorkspaceDataAccess(String resource, Group aclGroup, Workspace ws, Data data, Member mbr) This method is invoked when a Data ACL has been granted for a member, in such case, we check the minimum requirement to validate the authorization or not.
void	propertiesChange(JProperties properties)
void	reloadProperties()

Methods inherited from class com.jalios.jcms.ChannelListener

compareTo, equals, init

Methods inherited from class java.lang.Object

clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REVISION

public static final String REVISION

See Also:

Constant Field Values

Method Detail

getInstance

public static AccessControlManager getInstance()

init

public void init()

reloadProperties

public void reloadProperties()

propertiesChange

public void propertiesChange(JProperties properties)

Specified by:

propertiesChange in interface JPropertiesListener

initBeforeStoreLoad

public void initBeforeStoreLoad()
                         throws Exception

Description copied from class: ChannelListener

Called just before the store has been loaded. If for any reason you want to interrupt JCMS startup, you can throw an exception. The exception's message will be displayed in JCMS status page (to any user!).

Specified by:

initBeforeStoreLoad in class ChannelListener

Throws:

Exception - any exception you may want to throw if a problem occurs needing to interrupt JCMS startup.

initAfterStoreLoad

public void initAfterStoreLoad()
                        throws Exception

Description copied from class: ChannelListener

Called just after the store has been loaded and the channel has been initialized. If for any reason you want to interrupt JCMS startup, you can throw an exception. The exception's message will be displayed in JCMS status page (to any user!).

Specified by:

initAfterStoreLoad in class ChannelListener

Throws:

Exception - any exception you may want to throw if a problem occurs needing to interrupt JCMS startup.

handleFinalize

public void handleFinalize()

Description copied from class: ChannelListener

Called when the channel is finalized

Specified by:

handleFinalize in class ChannelListener

getDeclaredResources

public Set<String> getDeclaredResources()

Retrieve the resources declared in properties.

Returns:

a Set of resource path.

getValidResources

public Set<String> getValidResources()

Retrieve the resources allowed to be accessed (those declared in properties and the associated zone).

Returns:

a Set of resource path.

checkAccess

public boolean checkAccess(Member member,
                           String resource,
                           Map<String,Object> context)

Check if the specified member is authorized to access the specified resource.

A valid context map containing the current Workspace is required for all access check on workspace resources (eg resource starting with "admin-ws/" as defined by .
Use utility method for easier invocation :

  boolean isAuthorized = AccessControlManager.checkAccess(loggedMember, "admin-ws/types/content", AccessControlUtil.getContext(workspace));
 

A valid context map containing the current Data being edited is required for all access to data resource (as declared in properties). Use utility method for easier invocation :

  Map aclContext = AccessControlUtil.getContext(null, AccessControlConstants.CTXT_DATA, someMemberBeingEdited);
  boolean isAuthorized = AccessControlManager.checkAccess(loggedMember, "admin/users/member", aclContext);
 

Parameters:

member - a Member

resource - a resource URI using a path representation, eg "admin/dev/store-cleaner"

context - an optionnal context map containing relevant information such as workspace or data

Returns:

true if the access is authorized, false otherwise

Since:

jcms-7.0.0

internalCheckWorkspaceDataAccess

protected static boolean internalCheckWorkspaceDataAccess(String resource,
                                                          Group aclGroup,
                                                          Workspace ws,
                                                          Data data,
                                                          Member mbr)

This method is invoked when a Data ACL has been granted for a member, in such case, we check the minimum requirement to validate the authorization or not.

Parameters:

resource - the resource which granted the edit authorization check

aclGroup - Group to which the ACL edit authorization was attached

ws - the current Workspace in which it is being edited

data - the Data being edited

mbr - the Member editing

Since:

jcms-7.0.0