All Known Implementing Classes:

AllowingResourceAccessGate
```
public interface ResourceAccessGate
```
The ResourceAccessGate defines a service API which might be used to make some restrictions to accessing resources. Implementations of this service interface must be registered like ResourceProvider with a path (like provider.roots). If different ResourceAccessGateService services match a path, not only the ResourceAccessGateService with the longest path will be called, but all of them, that's in contrast to the ResourceProvider, but in this case more logical (and secure!). The gates will be called in the order of the service ranking. If one of the gates grants access for a given operation access will be granted. service properties:
- path: regexp to define on which paths the service should be called (default .*)
- operations: set of operations on which the service should be called ("read,create,update,delete,execute", default all of them)
- finaloperations: set of operations on which the service answer is final and no further service should be called (default none of them), except the GateResult is GateResult.DONTCARE
The resource access gate can either have the context PROVIDER_CONTEXT, in this case the gate is only applied to resource providers requesting the security checks. Or the context can be APPLICATION_CONTEXT. In this case the access gate is invoked for the whole resource tree. This is indicated by the required service property CONTEXT. If the property is missing or invalid, the service is ignored.

Nested Class Summary

Nested Classes
Modifier and Type	Interface	Description
`static class`	`ResourceAccessGate.GateResult`	`GateResult` defines 3 possible states which can be returned by the different canXXX methods of this interface.
`static class`	`ResourceAccessGate.Operation`

Field Summary

Fields
Modifier and Type	Field	Description
`static String`	`APPLICATION_CONTEXT`	Allowed value for the `CONTEXT` service registration property.
`static String`	`CONTEXT`	The name of the service registration property containing the context of this service.
`static String`	`FINALOPERATIONS`	The name of the service registration property containing the operations for which the service should be called and no further service should be called after this, except the services returns DONTCARE as result, default is empty (non of them are final) (value is "finaloperations").
`static String`	`OPERATIONS`	The name of the service registration property containing the operations for which the service should be called, defaults to all the operations (value is "operations").
`static String`	`PATH`	The name of the service registration property containing the path as a regular expression for which the service should be called (value is "path").
`static String`	`PROVIDER_CONTEXT`	Allowed value for the `CONTEXT` service registration property.
`static String`	`SERVICE_NAME`	The service name to use when registering implementations of this interface as services (value is "org.apache.sling.api.resource.ResourceAccessGate").

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`ResourceAccessGate.GateResult`	`canCreate(String absPathName, ResourceResolver resourceResolver)`
`boolean`	`canCreateAllValues(Resource resource)`
`ResourceAccessGate.GateResult`	`canCreateValue(Resource resource, String valueName)`
`ResourceAccessGate.GateResult`	`canDelete(Resource resource)`
`boolean`	`canDeleteAllValues(Resource resource)`
`ResourceAccessGate.GateResult`	`canDeleteValue(Resource resource, String valueName)`
`ResourceAccessGate.GateResult`	`canExecute(Resource resource)`
`ResourceAccessGate.GateResult`	`canRead(Resource resource)`
`boolean`	`canReadAllValues(Resource resource)`
`ResourceAccessGate.GateResult`	`canReadValue(Resource resource, String valueName)`
`ResourceAccessGate.GateResult`	`canUpdate(Resource resource)`
`boolean`	`canUpdateAllValues(Resource resource)`
`ResourceAccessGate.GateResult`	`canUpdateValue(Resource resource, String valueName)`
`boolean`	`hasCreateRestrictions(ResourceResolver resourceResolver)`
`boolean`	`hasDeleteRestrictions(ResourceResolver resourceResolver)`
`boolean`	`hasExecuteRestrictions(ResourceResolver resourceResolver)`
`boolean`	`hasReadRestrictions(ResourceResolver resourceResolver)`
`boolean`	`hasUpdateRestrictions(ResourceResolver resourceResolver)`
`String`	`transformQuery(String query, String language, ResourceResolver resourceResolver)`	Allows to transform the query based on the current user's credentials.

- Field Detail
  - SERVICE_NAME
```
static final String SERVICE_NAME
```
    The service name to use when registering implementations of this interface as services (value is "org.apache.sling.api.resource.ResourceAccessGate").
  - CONTEXT
```
static final String CONTEXT
```
    The name of the service registration property containing the context of this service. Allowed values are APPLICATION_CONTEXT and PROVIDER_CONTEXT. This property is required and has no default value. (value is "access.context")
    
    See Also:
    
    Constant Field Values
  - APPLICATION_CONTEXT
```
static final String APPLICATION_CONTEXT
```
    Allowed value for the CONTEXT service registration property. Services marked with this context are applied to all resources.
    
    See Also:
    
    Constant Field Values
  - PROVIDER_CONTEXT
```
static final String PROVIDER_CONTEXT
```
    Allowed value for the CONTEXT service registration property. Services marked with this context are only applied to resource providers which indicate the additional checks with the ResourceProvider.USE_RESOURCE_ACCESS_SECURITY property.
    
    See Also:
    
    Constant Field Values
  - PATH
```
static final String PATH
```
    The name of the service registration property containing the path as a regular expression for which the service should be called (value is "path").
    
    See Also:
    
    Constant Field Values
  - OPERATIONS
```
static final String OPERATIONS
```
    The name of the service registration property containing the operations for which the service should be called, defaults to all the operations (value is "operations").
    
    See Also:
    
    Constant Field Values
  - FINALOPERATIONS
```
static final String FINALOPERATIONS
```
    The name of the service registration property containing the operations for which the service should be called and no further service should be called after this, except the services returns DONTCARE as result, default is empty (non of them are final) (value is "finaloperations").
    
    See Also:
    
    Constant Field Values
- Method Detail
  - canRead
```
ResourceAccessGate.GateResult canRead(Resource resource)
```
  - canCreate
```
ResourceAccessGate.GateResult canCreate(String absPathName,
                                        ResourceResolver resourceResolver)
```
  - canUpdate
```
ResourceAccessGate.GateResult canUpdate(Resource resource)
```
  - canDelete
```
ResourceAccessGate.GateResult canDelete(Resource resource)
```
  - canExecute
```
ResourceAccessGate.GateResult canExecute(Resource resource)
```
  - canReadValue
```
ResourceAccessGate.GateResult canReadValue(Resource resource,
                                           String valueName)
```
  - canCreateValue
```
ResourceAccessGate.GateResult canCreateValue(Resource resource,
                                             String valueName)
```
  - canUpdateValue
```
ResourceAccessGate.GateResult canUpdateValue(Resource resource,
                                             String valueName)
```
  - canDeleteValue
```
ResourceAccessGate.GateResult canDeleteValue(Resource resource,
                                             String valueName)
```
  - transformQuery
```
String transformQuery(String query,
                      String language,
                      ResourceResolver resourceResolver)
               throws AccessSecurityException
```
    Allows to transform the query based on the current user's credentials. Can be used to narrow down queries to omit results that the current user is not allowed to see anyway, speeding up downstream access control. Query transformations are not critical with respect to access control as results are checked using the canRead.. methods anyway.
    
    Parameters:
    
    query - the query
    
    language - the language in which the query is expressed
    
    resourceResolver - the resource resolver which resolves the query
    
    Returns:
    
    the transformed query or the original query if no tranformation took place. This method should never return null
    
    Throws:
    
    AccessSecurityException
  - hasReadRestrictions
```
boolean hasReadRestrictions(ResourceResolver resourceResolver)
```
  - hasCreateRestrictions
```
boolean hasCreateRestrictions(ResourceResolver resourceResolver)
```
  - hasUpdateRestrictions
```
boolean hasUpdateRestrictions(ResourceResolver resourceResolver)
```
  - hasDeleteRestrictions
```
boolean hasDeleteRestrictions(ResourceResolver resourceResolver)
```
  - hasExecuteRestrictions
```
boolean hasExecuteRestrictions(ResourceResolver resourceResolver)
```
  - canReadAllValues
```
boolean canReadAllValues(Resource resource)
```
  - canCreateAllValues
```
boolean canCreateAllValues(Resource resource)
```
  - canUpdateAllValues
```
boolean canUpdateAllValues(Resource resource)
```
  - canDeleteAllValues
```
boolean canDeleteAllValues(Resource resource)
```

Interface ResourceAccessGate

Nested Class Summary

Field Summary

Method Summary

Field Detail

SERVICE_NAME

CONTEXT

APPLICATION_CONTEXT

PROVIDER_CONTEXT

PATH

OPERATIONS

FINALOPERATIONS

Method Detail

canRead

canCreate

canUpdate

canDelete

canExecute

canReadValue

canCreateValue

canUpdateValue

canDeleteValue

transformQuery

hasReadRestrictions

hasCreateRestrictions

hasUpdateRestrictions

hasDeleteRestrictions

hasExecuteRestrictions

canReadAllValues

canCreateAllValues

canUpdateAllValues

canDeleteAllValues