Interface ResourceAccessGate

  • All Known Implementing Classes:
    AllowingResourceAccessGate

    @ConsumerType
    public interface ResourceAccessGate
    The ResourceAccessGate defines a service API which might be used to make some restrictions to accessing resources. Implementations of this service interface must be registered like ResourceProvider with a path (like provider.roots). If different ResourceAccessGateService services match a path, not only the ResourceAccessGateService with the longest path will be called, but all of them, that's in contrast to the ResourceProvider, but in this case more logical (and secure!). The gates will be called in the order of the service ranking. If one of the gates grants access for a given operation access will be granted. service properties:
    • path: regexp to define on which paths the service should be called (default .*)
    • operations: set of operations on which the service should be called ("read,create,update,delete,execute", default all of them)
    • finaloperations: set of operations on which the service answer is final and no further service should be called (default none of them), except the GateResult is GateResult.DONTCARE
    The resource access gate can either have the context PROVIDER_CONTEXT, in this case the gate is only applied to resource providers requesting the security checks. Or the context can be APPLICATION_CONTEXT. In this case the access gate is invoked for the whole resource tree. This is indicated by the required service property CONTEXT. If the property is missing or invalid, the service is ignored.
    • Field Detail

      • SERVICE_NAME

        static final java.lang.String SERVICE_NAME
        The service name to use when registering implementations of this interface as services (value is "org.apache.sling.api.resource.ResourceAccessGate").
      • CONTEXT

        static final java.lang.String CONTEXT
        The name of the service registration property containing the context of this service. Allowed values are APPLICATION_CONTEXT and PROVIDER_CONTEXT. This property is required and has no default value. (value is "access.context")
        See Also:
        Constant Field Values
      • APPLICATION_CONTEXT

        static final java.lang.String APPLICATION_CONTEXT
        Allowed value for the CONTEXT service registration property. Services marked with this context are applied to all resources.
        See Also:
        Constant Field Values
      • PATH

        static final java.lang.String PATH
        The name of the service registration property containing the path as a regular expression for which the service should be called (value is "path").
        See Also:
        Constant Field Values
      • OPERATIONS

        static final java.lang.String OPERATIONS
        The name of the (multi-value) service registration property containing the operations for which the service should be called, defaults to all the operations (value is "operations").
        See Also:
        Constant Field Values
      • FINALOPERATIONS

        static final java.lang.String FINALOPERATIONS
        The name of the (multi-value) service registration property containing the operations for which the service should be called and no further service should be called after this, except the services returns DONTCARE as result, default is empty (none of them are final) (value is "finaloperations").
        See Also:
        Constant Field Values