|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.jalios.jcms.ChannelListener com.jalios.jcms.accesscontrol.AccessControlManager
public class AccessControlManager
Manager of Access Control in JCMS.
Field Summary | |
---|---|
static String |
REVISION
|
Fields inherited from class com.jalios.jcms.ChannelListener |
---|
order |
Fields inherited from interface com.jalios.jcms.accesscontrol.AccessControlConstants |
---|
ADMIN_RESOURCE, CTXT_DATA, CTXT_WORKSPACE, GRP_EDIT_RESOURCE, MBR_EDIT_RESOURCE, WORKSPACE_ADMIN_RESOURCE, WS_EDIT_RESOURCE, WSGRP_EDIT_RESOURCE, WSMBR_EDIT_RESOURCE |
Method Summary | |
---|---|
boolean |
checkAccess(Member member,
String resource,
Map<String,Object> context)
Check if the specified member is authorized to access the specified resource. |
Set<String> |
getDeclaredResources()
Retrieve the resources declared in properties. |
static AccessControlManager |
getInstance()
|
Set<String> |
getValidResources()
Retrieve the resources allowed to be accessed (those declared in properties and the associated zone). |
void |
handleFinalize()
Called when the channel is finalized |
void |
init()
|
void |
initAfterStoreLoad()
Called just after the store has been loaded and the channel has been initialized. |
void |
initBeforeStoreLoad()
Called just before the store has been loaded. |
protected static boolean |
internalCheckWorkspaceDataAccess(String resource,
Group aclGroup,
Workspace ws,
Data data,
Member mbr)
This method is invoked when a Data ACL has been granted for a member, in such case, we check the minimum requirement to validate the authorization or not. |
void |
propertiesChange(JProperties properties)
Invoked after properties have been modified in JCMS and save on disk. |
void |
reloadProperties()
|
Methods inherited from class com.jalios.jcms.ChannelListener |
---|
compareTo, equals, init |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String REVISION
Method Detail |
---|
public static AccessControlManager getInstance()
public void init()
public void reloadProperties()
public void propertiesChange(JProperties properties)
JPropertiesListener
You cannot alter the value received in parameters.
propertiesChange
in interface JPropertiesListener
properties
- the properties which have been modified (may not contain all JCMS properties)public void initBeforeStoreLoad() throws Exception
ChannelListener
initBeforeStoreLoad
in class ChannelListener
Exception
- any exception you may want to throw if a problem occurs needing to interrupt JCMS startup.public void initAfterStoreLoad() throws Exception
ChannelListener
initAfterStoreLoad
in class ChannelListener
Exception
- any exception you may want to throw if a problem occurs needing to interrupt JCMS startup.public void handleFinalize()
ChannelListener
handleFinalize
in class ChannelListener
public Set<String> getDeclaredResources()
public Set<String> getValidResources()
public boolean checkAccess(Member member, String resource, Map<String,Object> context)
A valid context map containing the current Workspace is required for all access
check on workspace resources (eg resource starting with "admin-ws/" as defined
by .
Use utility method for easier invocation :
boolean isAuthorized = AccessControlManager.checkAccess(loggedMember, "admin-ws/types/content", AccessControlUtil.getContext(workspace));
A valid context map containing the current Data being edited is required for all access to data resource (as declared in properties). Use utility method for easier invocation :
MapaclContext = AccessControlUtil.getContext(null, AccessControlConstants.CTXT_DATA, someMemberBeingEdited); boolean isAuthorized = AccessControlManager.checkAccess(loggedMember, "admin/users/member", aclContext);
member
- a Memberresource
- a resource URI using a path representation, eg "admin/dev/store-cleaner"context
- an optionnal context map containing relevant information such as workspace or data
protected static boolean internalCheckWorkspaceDataAccess(String resource, Group aclGroup, Workspace ws, Data data, Member mbr)
resource
- the resource which granted the edit authorization checkaclGroup
- Group to which the ACL edit authorization was attachedws
- the current Workspace in which it is being editeddata
- the Data being editedmbr
- the Member editing
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |