Package org.xwiki.security.authorization
Class DefaultAuthorizationManager
- java.lang.Object
-
- org.xwiki.security.authorization.DefaultAuthorizationManager
-
- All Implemented Interfaces:
AuthorizationManager
@Component @Singleton public class DefaultAuthorizationManager extends Object implements AuthorizationManager
Default implementation of theAuthorizationManager
.- Since:
- 4.0M2
- Version:
- $Id: 5366e2597113ad7d7473d35248f2fddd572fb2a9 $
-
-
Field Summary
-
Fields inherited from interface org.xwiki.security.authorization.AuthorizationManager
SUPERADMIN_USER
-
-
Constructor Summary
Constructors Constructor Description DefaultAuthorizationManager()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkAccess(Right right, DocumentReference userReference, EntityReference entityReference)
Check if the user identified byuserReference
has the access identified byright
on the entity identified byentityReference
.boolean
hasAccess(Right right, DocumentReference userReference, EntityReference entityReference)
Verifies if the user identified byuserReference
has the access identified byright
on the entity identified byentityReference
.protected void
logDeny(DocumentReference user, EntityReference entity, Right right, String info)
Log denied access conclusion.Right
register(RightDescription rightDescription)
Register a new customRight
.Right
register(RightDescription rightDescription, Set<Right> impliedByRights)
Register a new customRight
and add it as an implied right to the given set of rights.void
unregister(Right right)
Unregister the given customRight
.
-
-
-
Method Detail
-
checkAccess
public void checkAccess(Right right, DocumentReference userReference, EntityReference entityReference) throws AccessDeniedException
Description copied from interface:AuthorizationManager
Check if the user identified byuserReference
has the access identified byright
on the entity identified byentityReference
. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used at security checkpoint.- Specified by:
checkAccess
in interfaceAuthorizationManager
- Parameters:
right
- the right needed for execution of the actionuserReference
- the user to check the right forentityReference
- the entity on which to check the right- Throws:
AccessDeniedException
- if the action should be denied, which may also happen when an error occurs
-
hasAccess
public boolean hasAccess(Right right, DocumentReference userReference, EntityReference entityReference)
Description copied from interface:AuthorizationManager
Verifies if the user identified byuserReference
has the access identified byright
on the entity identified byentityReference
. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used for interface matters, useAuthorizationManager.checkAccess(org.xwiki.security.authorization.Right, org.xwiki.model.reference.DocumentReference, org.xwiki.model.reference.EntityReference)
at security checkpoints.- Specified by:
hasAccess
in interfaceAuthorizationManager
- Parameters:
right
- the right to check .userReference
- the user to check the right forentityReference
- the entity on which to check the right- Returns:
true
if the user has the specified right on the entity,false
otherwise
-
register
public Right register(RightDescription rightDescription) throws UnableToRegisterRightException
Description copied from interface:AuthorizationManager
Register a new customRight
.- Specified by:
register
in interfaceAuthorizationManager
- Parameters:
rightDescription
- the full description of the newRight
- Returns:
- the created
Right
- Throws:
UnableToRegisterRightException
- if an error prevent creation of the new right. Registering exactly the same right does not cause an exception and return the existing right.
-
register
public Right register(RightDescription rightDescription, Set<Right> impliedByRights) throws UnableToRegisterRightException
Description copied from interface:AuthorizationManager
Register a new customRight
and add it as an implied right to the given set of rights.- Specified by:
register
in interfaceAuthorizationManager
- Parameters:
rightDescription
- the full description of the newRight
impliedByRights
- the rights that should imply the new right.- Returns:
- the created
Right
- Throws:
UnableToRegisterRightException
- if an error prevent creation of the new right. Registering exactly the same right does not cause an exception and return the existing right.
-
unregister
public void unregister(Right right) throws AuthorizationException
Description copied from interface:AuthorizationManager
Unregister the given customRight
.- Specified by:
unregister
in interfaceAuthorizationManager
- Parameters:
right
- the custom right to unregister.- Throws:
AuthorizationException
- if the right is not custom.
-
logDeny
protected void logDeny(DocumentReference user, EntityReference entity, Right right, String info)
Log denied access conclusion. All denied access conclusion made during a security checkpoint use this method.- Parameters:
user
- The user name that was checked.entity
- The page that was checked.right
- The action that was requested.info
- Additional information.
-
-