|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object atg.nucleus.logging.VariableArgumentApplicationLoggingImpl atg.nucleus.GenericService atg.rest.processor.GenericRestProcessor atg.rest.processor.RestSecurityProcessor
public class RestSecurityProcessor
RestSecurityProcessor the base type for Rest security checking. This class handles GET, POST, PUT, and DELETE requests.
GenericRestProcessor
,
RestProcessor
Field Summary | |
---|---|
static java.lang.String |
CLASS_VERSION
Class version string |
Fields inherited from class atg.nucleus.GenericService |
---|
SERVICE_INFO_KEY |
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging |
---|
DEFAULT_LOG_TRACE_STATUS |
Fields inherited from interface atg.nucleus.logging.ApplicationLogging |
---|
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS |
Constructor Summary | |
---|---|
RestSecurityProcessor()
|
Method Summary | |
---|---|
protected void |
checkAccess(BeanURI pParsedURI,
RestSecurityConfiguration pRestSecurityConfiguration,
AccessRight pAccessRight,
DynamoHttpServletResponse pResponse)
Checks security for component resource access. |
void |
doRESTDelete(DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method handles a REST "DELETE" request. |
void |
doRESTGet(DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method handles a REST "GET" request. |
void |
doRESTPost(DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method handles a REST "POST" request. |
void |
doRESTPut(DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method handles a REST "PUT" request. |
protected ComponentSecurityConfiguration |
findParentSecurityConfiguration(ComponentSecurityConfiguration pCsc,
BeanURI pParsedURI)
Looks for parent ComponentSecurityConfiguration if neccessary. |
protected ComponentSecurityConfiguration |
getComponentSecurityConfiguration(BeanURI pParsedURI)
Looks for ComponentSecurityConfiguration for a resource. |
java.util.List<java.lang.String> |
getExcludePrefixes()
List of prefixes that should be ignored. |
static java.lang.String |
getMethodNameWithSignature(java.lang.String pMethodName)
Retrieves the method name with its signature |
protected ComponentSecurityConfiguration |
getParentSecurityConfiguration(BeanURI pParsedURI)
Looks for wildcard or default ComponentSecurityConfiguration for a resource |
RestSecurityManager |
getRestSecurityManager()
|
protected void |
handleRepositoryRequest(RepositoryURI pRepositoryURI,
DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
Checks security for repository access. |
boolean |
isAllowAccessForUnsecuredRepository()
|
boolean |
isEnabled()
|
protected boolean |
isFormHanlder(java.lang.Object resContainer)
This method attempts to find out if a component is a FormHanlder |
protected boolean |
isMethodRequest(BeanURI pParsedURI,
DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method attempts to find out if the request is for a method call. |
protected boolean |
isRepositoryURI(ParsedURI pParsedURI)
Check if the ParsedURI is a RepositoryURI |
void |
setAllowAccessForUnsecuredRepository(boolean pAllowAccessForUnsecuredRepository)
|
void |
setEnabled(boolean pEnabled)
|
void |
setExcludePrefixes(java.util.List<java.lang.String> pExcludePrefixes)
Sets the list of prefixes that should be ignored |
void |
setRestSecurityManager(RestSecurityManager pRestSecurityManager)
|
protected boolean |
shouldSkipRequest(DynamoHttpServletRequest pRequest)
Checks if a given request starts with a prefix from excludePrefixes |
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl |
---|
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String CLASS_VERSION
Constructor Detail |
---|
public RestSecurityProcessor()
Method Detail |
---|
public void setEnabled(boolean pEnabled)
pEnabled
- the enabled to setpublic boolean isEnabled()
public void setAllowAccessForUnsecuredRepository(boolean pAllowAccessForUnsecuredRepository)
pAllowAccessForUnsecuredRepository
- the allowAccessForUnsecuredRepository to setpublic boolean isAllowAccessForUnsecuredRepository()
public void setRestSecurityManager(RestSecurityManager pRestSecurityManager)
pRestSecurityManager
- the restSecurityManager to setpublic RestSecurityManager getRestSecurityManager()
public void doRESTDelete(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws java.io.IOException, RestException
pRequest
- the servlet requestpResponse
- the servlet response
RestException
- if security check is failed, sets the response status to HttpServletResponse.SC_UNAUTHORIZED
java.io.IOException
- if an input or output stream exception occursRestProcessor#handleRESTDeleteRequest(java.lang.String, atg.servlet.DynamoHttpServletRequest, atg.servlet.DynamoHttpServletResponse)
public void doRESTGet(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws java.io.IOException, RestException
pRequest
- the servlet requestpResponse
- the servlet response
RestException
- if security check is failed, sets the response status to HttpServletResponse.SC_UNAUTHORIZED
java.io.IOException
- if an input or output stream exception occursatg.rest.processor.RestProcessor#handleRESTGetRequest(java.lang.String, atg.servlet.DynamoHttpServletRequest, atg.servlet.DynamoHttpServletResponse)
public void doRESTPost(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws java.io.IOException, RestException
pRequest
- the servlet requestpResponse
- the servlet response
RestException
- if security check is failed, sets the response status to HttpServletResponse.SC_UNAUTHORIZED
java.io.IOException
- if an input or output stream exception occursatg.rest.processor.RestProcessor#handleRESTPostRequest(java.lang.String, atg.servlet.DynamoHttpServletRequest, atg.servlet.DynamoHttpServletResponse)
public void doRESTPut(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws java.io.IOException, RestException
pRequest
- the servlet requestpResponse
- the servlet response
RestException
- if security check is failed, sets the response status to HttpServletResponse.SC_UNAUTHORIZED
java.io.IOException
- if an input or output stream exception occurs, sets the response status to HttpServletResponse.SC_BAD_REQUESTatg.rest.processor.RestProcessor#handleRESTPutRequest(java.lang.String, atg.servlet.DynamoHttpServletRequest, atg.servlet.DynamoHttpServletResponse)
protected ComponentSecurityConfiguration getComponentSecurityConfiguration(BeanURI pParsedURI)
pParsedURI
- an object containing the parsed URI
protected ComponentSecurityConfiguration getParentSecurityConfiguration(BeanURI pParsedURI)
pParsedURI
- an object containing the parsed URI
protected ComponentSecurityConfiguration findParentSecurityConfiguration(ComponentSecurityConfiguration pCsc, BeanURI pParsedURI)
pComponentSecurityConfiguration
-
protected void handleRepositoryRequest(RepositoryURI pRepositoryURI, DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws RestException
pRepositoryURI
- the RepositoryURIpRequest
- the servlet requestpResponse
- the servlet response
RestException
- if the repository is not SecuredRepositoryprotected boolean isRepositoryURI(ParsedURI pParsedURI)
pParsedURI
- The ParseURI
protected void checkAccess(BeanURI pParsedURI, RestSecurityConfiguration pRestSecurityConfiguration, AccessRight pAccessRight, DynamoHttpServletResponse pResponse) throws RestException
pParsedURI
- the ParsedURIpRestSecurityConfiguration
- the RestSecurityConfiguration to checkpAccessRight
- the AccessRight to checkpResponse
- the servlet response
RestException
- if the current user doesn't have the access right for the resource, , sets the response status to HttpServletResponse.SC_UNAUTHORIZEDprotected boolean isMethodRequest(BeanURI pParsedURI, DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse)
pParsedURI
- an object containing the parsed URIpRequest
- the servlet requestpResponse
- the servlet response
RestException
protected boolean isFormHanlder(java.lang.Object resContainer)
resContainer
- The component to check.
public java.util.List<java.lang.String> getExcludePrefixes()
public void setExcludePrefixes(java.util.List<java.lang.String> pExcludePrefixes)
pExcludePrefixes
- the excludePrefixes to setprotected boolean shouldSkipRequest(DynamoHttpServletRequest pRequest)
excludePrefixes
pRequest
- The request
public static java.lang.String getMethodNameWithSignature(java.lang.String pMethodName)
pMethodName
- the method name
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |