org.apache.sling.resourceaccesssecurity
Interface ResourceAccessGate

All Known Implementing Classes:
AllowingResourceAccessGate

public interface ResourceAccessGate

The ResourceAccessGate defines a service API which might be used to make some restrictions to accessing resources. Implementations of this service interface must be registered like ResourceProvider with a path (like provider.roots). If different ResourceAccessGateService services match a path, not only the ResourceAccessGateService with the longest path will be called, but all of them, that's in contrast to the ResourceProvider, but in this case more logical (and secure!). The gates will be called in the order of the service ranking. If one of the gates grants access for a given operation access will be granted. service properties:

The resource access gate can either have the context PROVIDER_CONTEXT, in this case the gate is only applied to resource providers requesting the security checks. Or the context can be APPLICATION_CONTEXT. In this case the access gate is invoked for the whole resource tree. This is indicated by the required service property CONTEXT. If the property is missing or invalid, the service is ignored.


Nested Class Summary
static class ResourceAccessGate.GateResult
          GateResult defines 3 possible states which can be returned by the different canXXX methods of this interface.
static class ResourceAccessGate.Operation
           
 
Field Summary
static String APPLICATION_CONTEXT
          Allowed value for the CONTEXT service registration property.
static String CONTEXT
          The name of the service registration property containing the context of this service.
static String FINALOPERATIONS
          The name of the service registration property containing the operations for which the service should be called and no further service should be called after this, except the services returns DONTCARE as result, default is empty (non of them are final) (value is "finaloperations").
static String OPERATIONS
          The name of the service registration property containing the operations for which the service should be called, defaults to all the operations (value is "operations").
static String PATH
          The name of the service registration property containing the path as a regular expression for which the service should be called (value is "path").
static String PROVIDER_CONTEXT
          Allowed value for the CONTEXT service registration property.
static String SERVICE_NAME
          The service name to use when registering implementations of this interface as services (value is "org.apache.sling.api.resource.ResourceAccessGate").
 
Method Summary
 ResourceAccessGate.GateResult canCreate(String absPathName, org.apache.sling.api.resource.ResourceResolver resourceResolver)
           
 boolean canCreateAllValues(org.apache.sling.api.resource.Resource resource)
           
 ResourceAccessGate.GateResult canCreateValue(org.apache.sling.api.resource.Resource resource, String valueName)
           
 ResourceAccessGate.GateResult canDelete(org.apache.sling.api.resource.Resource resource)
           
 boolean canDeleteAllValues(org.apache.sling.api.resource.Resource resource)
           
 ResourceAccessGate.GateResult canDeleteValue(org.apache.sling.api.resource.Resource resource, String valueName)
           
 ResourceAccessGate.GateResult canExecute(org.apache.sling.api.resource.Resource resource)
           
 ResourceAccessGate.GateResult canRead(org.apache.sling.api.resource.Resource resource)
           
 boolean canReadAllValues(org.apache.sling.api.resource.Resource resource)
           
 ResourceAccessGate.GateResult canReadValue(org.apache.sling.api.resource.Resource resource, String valueName)
           
 ResourceAccessGate.GateResult canUpdate(org.apache.sling.api.resource.Resource resource)
           
 boolean canUpdateAllValues(org.apache.sling.api.resource.Resource resource)
           
 ResourceAccessGate.GateResult canUpdateValue(org.apache.sling.api.resource.Resource resource, String valueName)
           
 boolean hasCreateRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
           
 boolean hasDeleteRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
           
 boolean hasExecuteRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
           
 boolean hasReadRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
           
 boolean hasUpdateRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
           
 String transformQuery(String query, String language, org.apache.sling.api.resource.ResourceResolver resourceResolver)
          Allows to transform the query based on the current user's credentials.
 

Field Detail

SERVICE_NAME

static final String SERVICE_NAME
The service name to use when registering implementations of this interface as services (value is "org.apache.sling.api.resource.ResourceAccessGate").


CONTEXT

static final String CONTEXT
The name of the service registration property containing the context of this service. Allowed values are APPLICATION_CONTEXT and PROVIDER_CONTEXT. This property is required and has no default value. (value is "access.context")

See Also:
Constant Field Values

APPLICATION_CONTEXT

static final String APPLICATION_CONTEXT
Allowed value for the CONTEXT service registration property. Services marked with this context are applied to all resources.

See Also:
Constant Field Values

PROVIDER_CONTEXT

static final String PROVIDER_CONTEXT
Allowed value for the CONTEXT service registration property. Services marked with this context are only applied to resource providers which indicate the additional checks with the ResourceProvider.USE_RESOURCE_ACCESS_SECURITY property.

See Also:
Constant Field Values

PATH

static final String PATH
The name of the service registration property containing the path as a regular expression for which the service should be called (value is "path").

See Also:
Constant Field Values

OPERATIONS

static final String OPERATIONS
The name of the service registration property containing the operations for which the service should be called, defaults to all the operations (value is "operations").

See Also:
Constant Field Values

FINALOPERATIONS

static final String FINALOPERATIONS
The name of the service registration property containing the operations for which the service should be called and no further service should be called after this, except the services returns DONTCARE as result, default is empty (non of them are final) (value is "finaloperations").

See Also:
Constant Field Values
Method Detail

canRead

ResourceAccessGate.GateResult canRead(org.apache.sling.api.resource.Resource resource)

canCreate

ResourceAccessGate.GateResult canCreate(String absPathName,
                                        org.apache.sling.api.resource.ResourceResolver resourceResolver)

canUpdate

ResourceAccessGate.GateResult canUpdate(org.apache.sling.api.resource.Resource resource)

canDelete

ResourceAccessGate.GateResult canDelete(org.apache.sling.api.resource.Resource resource)

canExecute

ResourceAccessGate.GateResult canExecute(org.apache.sling.api.resource.Resource resource)

canReadValue

ResourceAccessGate.GateResult canReadValue(org.apache.sling.api.resource.Resource resource,
                                           String valueName)

canCreateValue

ResourceAccessGate.GateResult canCreateValue(org.apache.sling.api.resource.Resource resource,
                                             String valueName)

canUpdateValue

ResourceAccessGate.GateResult canUpdateValue(org.apache.sling.api.resource.Resource resource,
                                             String valueName)

canDeleteValue

ResourceAccessGate.GateResult canDeleteValue(org.apache.sling.api.resource.Resource resource,
                                             String valueName)

transformQuery

String transformQuery(String query,
                      String language,
                      org.apache.sling.api.resource.ResourceResolver resourceResolver)
                      throws org.apache.sling.api.security.AccessSecurityException
Allows to transform the query based on the current user's credentials. Can be used to narrow down queries to omit results that the current user is not allowed to see anyway, speeding up downstream access control. Query transformations are not critical with respect to access control as results are checked using the canRead.. methods anyway.

Parameters:
query - the query
language - the language in which the query is expressed
resourceResolver - the resource resolver which resolves the query
Returns:
the transformed query or the original query if no tranformation took place. This method should never return null
Throws:
org.apache.sling.api.security.AccessSecurityException

hasReadRestrictions

boolean hasReadRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)

hasCreateRestrictions

boolean hasCreateRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)

hasUpdateRestrictions

boolean hasUpdateRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)

hasDeleteRestrictions

boolean hasDeleteRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)

hasExecuteRestrictions

boolean hasExecuteRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)

canReadAllValues

boolean canReadAllValues(org.apache.sling.api.resource.Resource resource)

canCreateAllValues

boolean canCreateAllValues(org.apache.sling.api.resource.Resource resource)

canUpdateAllValues

boolean canUpdateAllValues(org.apache.sling.api.resource.Resource resource)

canDeleteAllValues

boolean canDeleteAllValues(org.apache.sling.api.resource.Resource resource)


Copyright © 2007–2014 The Apache Software Foundation. All rights reserved.