AccessControlManager (JCMS API)

java.lang.Object
- com.jalios.jcms.ChannelListener
- - com.jalios.jcms.accesscontrol.AccessControlManager

All Implemented Interfaces:

AccessControlConstants, PluginComponent, JPropertiesListener, java.lang.Comparable
```
public class AccessControlManager
extends ChannelListener
implements JPropertiesListener, AccessControlConstants
```
Manager of Access Control in JCMS.

Since:

jcms-7.0

Version:

$Revision: 51105 $

Field Summary

Fields
Modifier and Type Field and Description

static java.lang.String REVISION
- Fields inherited from class com.jalios.jcms.ChannelListener
  order
- Fields inherited from interface com.jalios.jcms.accesscontrol.AccessControlConstants
  ADMIN_RESOURCE, CTXT_DATA, CTXT_WORKSPACE, GRP_EDIT_RESOURCE, MBR_EDIT_RESOURCE, WORKSPACE_ADMIN_RESOURCE, WS_EDIT_RESOURCE, WSGRP_EDIT_RESOURCE, WSMBR_EDIT_RESOURCE

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`REVISION`

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`checkAccess(Member member, java.lang.String resource, java.util.Map<java.lang.String,java.lang.Object> context)` Check if the specified member is authorized to access the specified resource.
`java.util.Set<java.lang.String>`	`getDeclaredResources()` Retrieve the resources declared in properties.
`static AccessControlManager`	`getInstance()`
`java.util.Set<java.lang.String>`	`getValidResources()` Retrieve the resources allowed to be accessed (those declared in properties and the associated zone).
`void`	`handleFinalize()` Called when the channel is finalized
`void`	`init()`
`void`	`initAfterStoreLoad()` Called just after the store has been loaded and the channel has been initialized.
`void`	`initBeforeStoreLoad()` Called just before the store has been loaded.
`protected static boolean`	`internalCheckWorkspaceDataAccess(java.lang.String resource, Group aclGroup, Workspace ws, Data data, Member mbr)` This method is invoked when a Data ACL has been granted for a member, in such case, we check the minimum requirement to validate the authorization or not.
`void`	`propertiesChange(JProperties properties)` Invoked after properties have been modified in JCMS and save on disk.
`void`	`reloadProperties()`

Methods inherited from class com.jalios.jcms.ChannelListener
compareTo, equals, init

Methods inherited from class java.lang.Object
clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - REVISION
```
public static final java.lang.String REVISION
```
    See Also:
    Constant Field Values
- Method Detail
  - getInstance
```
public static AccessControlManager getInstance()
```
  - init
```
public void init()
```
  - reloadProperties
```
public void reloadProperties()
```
  - propertiesChange
```
public void propertiesChange(JProperties properties)
```
    Description copied from interface: JPropertiesListener
    
    Invoked after properties have been modified in JCMS and save on disk.
    You cannot alter the value received in parameters.
    
    Specified by:
    
    propertiesChange in interface JPropertiesListener
    
    Parameters:
    properties - the properties which have been modified (may not contain all JCMS properties)
  - initBeforeStoreLoad
```
public void initBeforeStoreLoad()
                         throws java.lang.Exception
```
    Description copied from class: ChannelListener
    
    Called just before the store has been loaded. If for any reason you want to interrupt JCMS startup, you can throw an exception. The exception's message will be displayed in JCMS status page (to any user!).
    
    Specified by:
    
    initBeforeStoreLoad in class ChannelListener
    
    Throws:
    
    java.lang.Exception - any exception you may want to throw if a problem occurs needing to interrupt JCMS startup.
  - initAfterStoreLoad
```
public void initAfterStoreLoad()
                        throws java.lang.Exception
```
    Description copied from class: ChannelListener
    
    Called just after the store has been loaded and the channel has been initialized. If for any reason you want to interrupt JCMS startup, you can throw an exception. The exception's message will be displayed in JCMS status page (to any user!).
    
    Specified by:
    
    initAfterStoreLoad in class ChannelListener
    
    Throws:
    
    java.lang.Exception - any exception you may want to throw if a problem occurs needing to interrupt JCMS startup.
  - handleFinalize
```
public void handleFinalize()
```
    Description copied from class: ChannelListener
    
    Called when the channel is finalized
    
    Specified by:
    
    handleFinalize in class ChannelListener
  - getDeclaredResources
```
public java.util.Set<java.lang.String> getDeclaredResources()
```
    Retrieve the resources declared in properties.
    
    Returns:
    a Set of resource path.
  - getValidResources
```
public java.util.Set<java.lang.String> getValidResources()
```
    Retrieve the resources allowed to be accessed (those declared in properties and the associated zone).
    
    Returns:
    a Set of resource path.
  - checkAccess
```
public boolean checkAccess(Member member,
                  java.lang.String resource,
                  java.util.Map<java.lang.String,java.lang.Object> context)
```
    Check if the specified member is authorized to access the specified resource.
    A valid context map containing the current Workspace is required for all access check on workspace resources (eg resource starting with "admin-ws/" as defined by "admin-ws".
    Use utility method for easier invocation :
```
  boolean isAuthorized = AccessControlManager.checkAccess(loggedMember, "admin-ws/types/content", AccessControlUtil.getContext(workspace));
 
```
    A valid context map containing the current Data being edited is required for all access to data resource (as declared in properties). Use utility method for easier invocation :
```
  Map aclContext = AccessControlUtil.getContext(null, AccessControlConstants.CTXT_DATA, someMemberBeingEdited);
  boolean isAuthorized = AccessControlManager.checkAccess(loggedMember, "admin/users/member", aclContext);
 
```
    Parameters:
    member - a Member
    resource - a resource URI using a path representation, eg "admin/dev/store-cleaner"
    context - an optional context map containing relevant information such as workspace or data
    
    Returns:
    true if the access is authorized, false otherwise
    Since:
    
    jcms-7.0.0
  - internalCheckWorkspaceDataAccess
```
protected static boolean internalCheckWorkspaceDataAccess(java.lang.String resource,
                                       Group aclGroup,
                                       Workspace ws,
                                       Data data,
                                       Member mbr)
```
    This method is invoked when a Data ACL has been granted for a member, in such case, we check the minimum requirement to validate the authorization or not.
    
    Parameters:
    resource - the resource which granted the edit authorization check
    aclGroup - Group to which the ACL edit authorization was attached
    ws - the current Workspace in which it is being edited
    data - the Data being edited
    mbr - the Member editing
    
    Returns:
    is the authorization is validated or not
    Since:
    
    jcms-7.0.0

Class AccessControlManager

Field Summary

Fields inherited from class com.jalios.jcms.ChannelListener

Fields inherited from interface com.jalios.jcms.accesscontrol.AccessControlConstants

Method Summary

Methods inherited from class com.jalios.jcms.ChannelListener

Methods inherited from class java.lang.Object

Field Detail

REVISION

Method Detail

getInstance

init

reloadProperties

propertiesChange

initBeforeStoreLoad

initAfterStoreLoad

handleFinalize

getDeclaredResources

getValidResources

checkAccess

internalCheckWorkspaceDataAccess