@ProviderType
public interface ResourceAccessSecurity
ResourceAccessSecurity
defines a service API which is
used in two different context: for securing resource providers which
have no own access control and on the application level to further
restrict the access to resources in general.
A resource access security service is registered with the service
property CONTEXT
. Allowed values are APPLICATION_CONTEXT
and PROVIDER_CONTEXT
. If the value is missing or invalid,
the service will be ignored.
In the context of resource providers, this service might be used
for implementations of resource providers where the underlying persistence
layer does not implement access control. The goal is to make it easy to implement
a lightweight access control for such providers. For example, a JCR resource
providers should *not* use the provider context resource access security - in a
JCR context, security is fully delegated to the underlying repository, and
mixing security models would be a bad idea.
In the context of the application, this service might be used to add
additional or temporary constraints across the whole resource tree.
It is expected to only have a single service per context in the
framework/application (much like the OSGi LogService or ConfigurationAdmin Service).
In the case of multiple services per context, the one with the highest
service ranking is used.Modifier and Type | Field and Description |
---|---|
static String |
APPLICATION_CONTEXT
Allowed value for the
CONTEXT service registration property. |
static String |
CONTEXT
The name of the service registration property containing the context
of this service.
|
static String |
PROVIDER_CONTEXT
Allowed value for the
CONTEXT service registration property. |
Modifier and Type | Method and Description |
---|---|
boolean |
canCreate(String absPathName,
ResourceResolver resourceResolver) |
boolean |
canDelete(Resource resource) |
boolean |
canDeleteValue(Resource resource,
String valueName) |
boolean |
canExecute(Resource resource) |
boolean |
canReadValue(Resource resource,
String valueName) |
boolean |
canSetValue(Resource resource,
String valueName) |
boolean |
canUpdate(Resource resource) |
Resource |
getReadableResource(Resource resource)
If supplied Resource can be read, return it (or a wrapped
variant of it).
|
String |
transformQuery(String query,
String language,
ResourceResolver resourceResolver)
Optionally transform a query based on the current
user's credentials.
|
static final String CONTEXT
APPLICATION_CONTEXT
and
PROVIDER_CONTEXT
.
This property is required and has no default value.
(value is "access.context")static final String APPLICATION_CONTEXT
CONTEXT
service registration property.
Services marked with this context are applied to all resources.static final String PROVIDER_CONTEXT
CONTEXT
service registration property.
Services marked with this context are only applied to resource
providers which indicate the additional checks with the
ResourceProvider.USE_RESOURCE_ACCESS_SECURITY
property.Resource getReadableResource(Resource resource)
Resource
cannot be readboolean canCreate(String absPathName, ResourceResolver resourceResolver)
Resource
can be created at the supplied
absolute path.boolean canExecute(Resource resource)
Resource
can be executed as a scriptboolean canReadValue(Resource resource, String valueName)
Resource
can be readboolean canSetValue(Resource resource, String valueName)
Resource
can be setboolean canDeleteValue(Resource resource, String valueName)
Resource
can be deletedString transformQuery(String query, String language, ResourceResolver resourceResolver) throws AccessSecurityException
query
- the querylanguage
- the language in which the query is expressedresourceResolver
- the resource resolver which resolves the queryAccessSecurityException
Copyright © 2014 The Apache Software Foundation. All rights reserved.