public class RestSecurityProcessor extends GenericRestProcessor
GenericRestProcessor
,
RestProcessor
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CLASS_VERSION
Class version string
|
SERVICE_INFO_KEY
DEFAULT_LOG_TRACE_STATUS
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS
Constructor and Description |
---|
RestSecurityProcessor() |
Modifier and Type | Method and Description |
---|---|
protected void |
checkAccess(BeanURI pParsedURI,
RestSecurityConfiguration pRestSecurityConfiguration,
AccessRight pAccessRight,
DynamoHttpServletResponse pResponse)
Checks security for component resource access.
|
void |
doRESTDelete(DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method handles a REST "DELETE" request.
|
void |
doRESTGet(DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method handles a REST "GET" request.
|
void |
doRESTPost(DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method handles a REST "POST" request.
|
void |
doRESTPut(DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method handles a REST "PUT" request.
|
protected ComponentSecurityConfiguration |
findParentSecurityConfiguration(ComponentSecurityConfiguration pCsc,
BeanURI pParsedURI)
Looks for parent ComponentSecurityConfiguration if neccessary.
|
protected ComponentSecurityConfiguration |
getComponentSecurityConfiguration(BeanURI pParsedURI)
Looks for ComponentSecurityConfiguration for a resource.
|
java.util.List<java.lang.String> |
getExcludePrefixes()
List of prefixes that should be ignored.
|
static java.lang.String |
getMethodNameWithSignature(java.lang.String pMethodName)
Retrieves the method name with its signature
|
protected ComponentSecurityConfiguration |
getParentSecurityConfiguration(BeanURI pParsedURI)
Looks for wildcard or default ComponentSecurityConfiguration for a resource
|
RestSecurityManager |
getRestSecurityManager() |
protected void |
handleRepositoryRequest(RepositoryURI pRepositoryURI,
DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
Checks security for repository access.
|
boolean |
isAllowAccessForUnsecuredRepository() |
boolean |
isEnabled() |
protected boolean |
isFormHanlder(java.lang.Object resContainer)
This method attempts to find out if a component is a FormHanlder
|
protected boolean |
isMethodRequest(BeanURI pParsedURI,
DynamoHttpServletRequest pRequest,
DynamoHttpServletResponse pResponse)
This method attempts to find out if the request is for a method call.
|
protected boolean |
isRepositoryURI(ParsedURI pParsedURI)
Check if the ParsedURI is a RepositoryURI
|
void |
setAllowAccessForUnsecuredRepository(boolean pAllowAccessForUnsecuredRepository) |
void |
setEnabled(boolean pEnabled) |
void |
setExcludePrefixes(java.util.List<java.lang.String> pExcludePrefixes)
Sets the list of prefixes that should be ignored
|
void |
setRestSecurityManager(RestSecurityManager pRestSecurityManager) |
protected boolean |
shouldSkipRequest(DynamoHttpServletRequest pRequest)
Checks if a given request starts with a prefix from
excludePrefixes |
determineJSONControlParams, determineJSONUsage, getBooleanControlParam, getComponentResolver, getFilteringManager, getOutputCustomizer, getParentServlet, getStringControlParam, isAcceptJSONInput, isResourceWritable, isResourceWritable, setAcceptJSONInput, setComponentResolver, setOutputCustomizer, setParentServlet, useSimpleResponseCodes, validateResource
addLogListener, createAdminServlet, doStartService, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
public static final java.lang.String CLASS_VERSION
public void setEnabled(boolean pEnabled)
pEnabled
- the enabled to setpublic boolean isEnabled()
public void setAllowAccessForUnsecuredRepository(boolean pAllowAccessForUnsecuredRepository)
pAllowAccessForUnsecuredRepository
- the allowAccessForUnsecuredRepository to setpublic boolean isAllowAccessForUnsecuredRepository()
public void setRestSecurityManager(RestSecurityManager pRestSecurityManager)
pRestSecurityManager
- the restSecurityManager to setpublic RestSecurityManager getRestSecurityManager()
public void doRESTDelete(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws java.io.IOException, RestException
pRequest
- the servlet requestpResponse
- the servlet responseRestException
- if security check is failed, sets the response status to HttpServletResponse.SC_UNAUTHORIZEDjava.io.IOException
- if an input or output stream exception occursRestProcessor#handleRESTDeleteRequest(java.lang.String, atg.servlet.DynamoHttpServletRequest, atg.servlet.DynamoHttpServletResponse)
public void doRESTGet(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws java.io.IOException, RestException
pRequest
- the servlet requestpResponse
- the servlet responseRestException
- if security check is failed, sets the response status to HttpServletResponse.SC_UNAUTHORIZEDjava.io.IOException
- if an input or output stream exception occursatg.rest.processor.RestProcessor#handleRESTGetRequest(java.lang.String, atg.servlet.DynamoHttpServletRequest, atg.servlet.DynamoHttpServletResponse)
public void doRESTPost(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws java.io.IOException, RestException
pRequest
- the servlet requestpResponse
- the servlet responseRestException
- if security check is failed, sets the response status to HttpServletResponse.SC_UNAUTHORIZEDjava.io.IOException
- if an input or output stream exception occursatg.rest.processor.RestProcessor#handleRESTPostRequest(java.lang.String, atg.servlet.DynamoHttpServletRequest, atg.servlet.DynamoHttpServletResponse)
public void doRESTPut(DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws java.io.IOException, RestException
pRequest
- the servlet requestpResponse
- the servlet responseRestException
- if security check is failed, sets the response status to HttpServletResponse.SC_UNAUTHORIZEDjava.io.IOException
- if an input or output stream exception occurs, sets the response status to HttpServletResponse.SC_BAD_REQUESTatg.rest.processor.RestProcessor#handleRESTPutRequest(java.lang.String, atg.servlet.DynamoHttpServletRequest, atg.servlet.DynamoHttpServletResponse)
protected ComponentSecurityConfiguration getComponentSecurityConfiguration(BeanURI pParsedURI)
pParsedURI
- an object containing the parsed URIprotected ComponentSecurityConfiguration getParentSecurityConfiguration(BeanURI pParsedURI)
pParsedURI
- an object containing the parsed URIprotected ComponentSecurityConfiguration findParentSecurityConfiguration(ComponentSecurityConfiguration pCsc, BeanURI pParsedURI)
pComponentSecurityConfiguration
- protected void handleRepositoryRequest(RepositoryURI pRepositoryURI, DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws RestException
pRepositoryURI
- the RepositoryURIpRequest
- the servlet requestpResponse
- the servlet responseRestException
- if the repository is not SecuredRepositoryprotected boolean isRepositoryURI(ParsedURI pParsedURI)
pParsedURI
- The ParseURIprotected void checkAccess(BeanURI pParsedURI, RestSecurityConfiguration pRestSecurityConfiguration, AccessRight pAccessRight, DynamoHttpServletResponse pResponse) throws RestException
pParsedURI
- the ParsedURIpRestSecurityConfiguration
- the RestSecurityConfiguration to checkpAccessRight
- the AccessRight to checkpResponse
- the servlet responseRestException
- if the current user doesn't have the access right for the resource, , sets the response status to HttpServletResponse.SC_UNAUTHORIZEDprotected boolean isMethodRequest(BeanURI pParsedURI, DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse)
pParsedURI
- an object containing the parsed URIpRequest
- the servlet requestpResponse
- the servlet responseRestException
protected boolean isFormHanlder(java.lang.Object resContainer)
resContainer
- The component to check.public java.util.List<java.lang.String> getExcludePrefixes()
public void setExcludePrefixes(java.util.List<java.lang.String> pExcludePrefixes)
pExcludePrefixes
- the excludePrefixes to setprotected boolean shouldSkipRequest(DynamoHttpServletRequest pRequest)
excludePrefixes
pRequest
- The requestpublic static java.lang.String getMethodNameWithSignature(java.lang.String pMethodName)
pMethodName
- the method name