Package org.craftercms.engine.security
Class CrafterPageAccessManager
- java.lang.Object
-
- org.craftercms.engine.security.CrafterPageAccessManager
-
public class CrafterPageAccessManager extends Object
Manages access to Crafter pages, depending on the roles specified in the page and the current user's roles.- Author:
- Russ Danner, Alfonso Vásquez
-
-
Field Summary
Fields Modifier and Type Field Description protected String
authorizedRolesXPathQuery
-
Constructor Summary
Constructors Constructor Description CrafterPageAccessManager()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
checkAccess(SiteItem page)
Checks if the user has sufficient rights to access the specified page: If the page doesn't contain any required role, no authentication is needed. If the page has the role "Anonymous", no authentication is needed. If the page has the role "Authenticated", just authentication is needed. If the page has any other the roles, the user needs to have any of those roles.protected boolean
containsRole(String role, List<String> roles)
protected List<String>
getAuthorizedRolesForPage(SiteItem page)
protected boolean
hasAnyRole(org.springframework.security.core.Authentication auth, List<String> roles)
void
setAuthorizedRolesXPathQuery(String authorizedRolesXPathQuery)
-
-
-
Field Detail
-
authorizedRolesXPathQuery
protected String authorizedRolesXPathQuery
-
-
Method Detail
-
setAuthorizedRolesXPathQuery
public void setAuthorizedRolesXPathQuery(String authorizedRolesXPathQuery)
-
checkAccess
public void checkAccess(SiteItem page)
Checks if the user has sufficient rights to access the specified page:- If the page doesn't contain any required role, no authentication is needed.
- If the page has the role "Anonymous", no authentication is needed.
- If the page has the role "Authenticated", just authentication is needed.
- If the page has any other the roles, the user needs to have any of those roles.
-
-