com.jalios.jcms.accesscontrol
Class AccessControlManager

java.lang.Object
  extended by com.jalios.jcms.ChannelListener
      extended by com.jalios.jcms.accesscontrol.AccessControlManager
All Implemented Interfaces:
AccessControlConstants, PluginComponent, JPropertiesListener, Comparable

public class AccessControlManager
extends ChannelListener
implements JPropertiesListener, AccessControlConstants

Manager of Access Control in JCMS.

Since:
jcms-7.0
Version:
$Revision: 36987 $

Field Summary
static String REVISION
           
 
Fields inherited from class com.jalios.jcms.ChannelListener
order
 
Fields inherited from interface com.jalios.jcms.accesscontrol.AccessControlConstants
ADMIN_RESOURCE, CTXT_DATA, CTXT_WORKSPACE, GRP_EDIT_RESOURCE, MBR_EDIT_RESOURCE, WORKSPACE_ADMIN_RESOURCE, WS_EDIT_RESOURCE, WSGRP_EDIT_RESOURCE, WSMBR_EDIT_RESOURCE
 
Method Summary
 boolean checkAccess(Member member, String resource, Map<String,Object> context)
          Check if the specified member is authorized to access the specified resource.
 Set<String> getDeclaredResources()
          Retrieve the resources declared in properties.
static AccessControlManager getInstance()
           
 Set<String> getValidResources()
          Retrieve the resources allowed to be accessed (those declared in properties and the associated zone).
 void handleFinalize()
          Called when the channel is finalized
 void init()
           
 void initAfterStoreLoad()
          Called just after the store has been loaded and the channel has been initialized.
 void initBeforeStoreLoad()
          Called just before the store has been loaded.
protected static boolean internalCheckWorkspaceDataAccess(String resource, Group aclGroup, Workspace ws, Data data, Member mbr)
          This method is invoked when a Data ACL has been granted for a member, in such case, we check the minimum requirement to validate the authorization or not.
 void propertiesChange(JProperties properties)
          Invoked after properties have been modified in JCMS and save on disk.
 void reloadProperties()
           
 
Methods inherited from class com.jalios.jcms.ChannelListener
compareTo, equals, init
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

REVISION

public static final String REVISION
See Also:
Constant Field Values
Method Detail

getInstance

public static AccessControlManager getInstance()

init

public void init()

reloadProperties

public void reloadProperties()

propertiesChange

public void propertiesChange(JProperties properties)
Description copied from interface: JPropertiesListener
Invoked after properties have been modified in JCMS and save on disk.

You cannot alter the value received in parameters.

Specified by:
propertiesChange in interface JPropertiesListener
Parameters:
properties - the properties which have been modified (may not contain all JCMS properties)

initBeforeStoreLoad

public void initBeforeStoreLoad()
                         throws Exception
Description copied from class: ChannelListener
Called just before the store has been loaded. If for any reason you want to interrupt JCMS startup, you can throw an exception. The exception's message will be displayed in JCMS status page (to any user!).

Specified by:
initBeforeStoreLoad in class ChannelListener
Throws:
Exception - any exception you may want to throw if a problem occurs needing to interrupt JCMS startup.

initAfterStoreLoad

public void initAfterStoreLoad()
                        throws Exception
Description copied from class: ChannelListener
Called just after the store has been loaded and the channel has been initialized. If for any reason you want to interrupt JCMS startup, you can throw an exception. The exception's message will be displayed in JCMS status page (to any user!).

Specified by:
initAfterStoreLoad in class ChannelListener
Throws:
Exception - any exception you may want to throw if a problem occurs needing to interrupt JCMS startup.

handleFinalize

public void handleFinalize()
Description copied from class: ChannelListener
Called when the channel is finalized

Specified by:
handleFinalize in class ChannelListener

getDeclaredResources

public Set<String> getDeclaredResources()
Retrieve the resources declared in properties.

Returns:
a Set of resource path.

getValidResources

public Set<String> getValidResources()
Retrieve the resources allowed to be accessed (those declared in properties and the associated zone).

Returns:
a Set of resource path.

checkAccess

public boolean checkAccess(Member member,
                           String resource,
                           Map<String,Object> context)
Check if the specified member is authorized to access the specified resource.

A valid context map containing the current Workspace is required for all access check on workspace resources (eg resource starting with "admin-ws/" as defined by .
Use utility method for easier invocation :

  boolean isAuthorized = AccessControlManager.checkAccess(loggedMember, "admin-ws/types/content", AccessControlUtil.getContext(workspace));
 

A valid context map containing the current Data being edited is required for all access to data resource (as declared in properties). Use utility method for easier invocation :

  Map aclContext = AccessControlUtil.getContext(null, AccessControlConstants.CTXT_DATA, someMemberBeingEdited);
  boolean isAuthorized = AccessControlManager.checkAccess(loggedMember, "admin/users/member", aclContext);
 

Parameters:
member - a Member
resource - a resource URI using a path representation, eg "admin/dev/store-cleaner"
context - an optionnal context map containing relevant information such as workspace or data
Returns:
true if the access is authorized, false otherwise
Since:
jcms-7.0.0

internalCheckWorkspaceDataAccess

protected static boolean internalCheckWorkspaceDataAccess(String resource,
                                                          Group aclGroup,
                                                          Workspace ws,
                                                          Data data,
                                                          Member mbr)
This method is invoked when a Data ACL has been granted for a member, in such case, we check the minimum requirement to validate the authorization or not.

Parameters:
resource - the resource which granted the edit authorization check
aclGroup - Group to which the ACL edit authorization was attached
ws - the current Workspace in which it is being edited
data - the Data being edited
mbr - the Member editing
Since:
jcms-7.0.0


Copyright © 2001-2010 Jalios SA. All Rights Reserved.