Package org.craftercms.engine.security
Class CrafterPageAccessManager
- java.lang.Object
-
- org.craftercms.engine.security.CrafterPageAccessManager
-
public class CrafterPageAccessManager extends Object
Manages access to Crafter pages, depending on the roles specified in the page and the current user's roles.- Author:
- Russ Danner, Alfonso Vásquez
-
-
Field Summary
Fields Modifier and Type Field Description protected StringauthorizedRolesXPathQuery
-
Constructor Summary
Constructors Constructor Description CrafterPageAccessManager()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidcheckAccess(SiteItem page)Checks if the user has sufficient rights to access the specified page: If the page doesn't contain any required role, no authentication is needed. If the page has the role "Anonymous", no authentication is needed. If the page has the role "Authenticated", just authentication is needed. If the page has any other the roles, the user needs to have any of those roles.protected booleancontainsRole(String role, List<String> roles)protected List<String>getAuthorizedRolesForPage(SiteItem page)protected booleanhasAnyRole(org.springframework.security.core.Authentication auth, List<String> roles)voidsetAuthorizedRolesXPathQuery(String authorizedRolesXPathQuery)
-
-
-
Field Detail
-
authorizedRolesXPathQuery
protected String authorizedRolesXPathQuery
-
-
Method Detail
-
setAuthorizedRolesXPathQuery
public void setAuthorizedRolesXPathQuery(String authorizedRolesXPathQuery)
-
checkAccess
public void checkAccess(SiteItem page)
Checks if the user has sufficient rights to access the specified page:- If the page doesn't contain any required role, no authentication is needed.
- If the page has the role "Anonymous", no authentication is needed.
- If the page has the role "Authenticated", just authentication is needed.
- If the page has any other the roles, the user needs to have any of those roles.
-
-