org.fcrepo.auth.common

Interface FedoraAuthorizationDelegate

public interface FedoraAuthorizationDelegate

An interface that can authorize access to specific resources within repositories.

An implementation has the opportunity to inspect nodes and the session, which may have additional information assigned as session attributes, such as the associated servlet request. This interface defines the Fedora-specific attributes which may be added.

Author:

Gregory Jansen

Field Summary

Fields

Modifier and Type	Field and Description
static String	FEDORA_ALL_PRINCIPALS The name of the session attribute containing a set of instances of Principal, representing the current user's credentials, including the value of the FEDORA_USER_PRINCIPAL session attribute.
static String	FEDORA_SERVLET_REQUEST The name of the session attribute containing the servlet request (an instance of javax.servlet.http.HttpServletRequest).
static String	FEDORA_USER_PRINCIPAL The name of the session attribute containing an instance of Principal representing the current authenticated user.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	hasPermission(javax.jcr.Session session, org.modeshape.jcr.value.Path absPath, String[] actions) Determine if the supplied session has permission at absPath for all of the actions.

Field Detail

FEDORA_SERVLET_REQUEST

static final String FEDORA_SERVLET_REQUEST

The name of the session attribute containing the servlet request (an instance of javax.servlet.http.HttpServletRequest).

See Also:

Constant Field Values

FEDORA_USER_PRINCIPAL

static final String FEDORA_USER_PRINCIPAL

The name of the session attribute containing an instance of Principal representing the current authenticated user.

See Also:

Constant Field Values

FEDORA_ALL_PRINCIPALS

static final String FEDORA_ALL_PRINCIPALS

The name of the session attribute containing a set of instances of Principal, representing the current user's credentials, including the value of the FEDORA_USER_PRINCIPAL session attribute.

See Also:

Constant Field Values

Method Detail

hasPermission

boolean hasPermission(javax.jcr.Session session,
                    org.modeshape.jcr.value.Path absPath,
                    String[] actions)

Determine if the supplied session has permission at absPath for all of the actions.

The authentication provider may have added session attributes, which can be accessed in implementations by calling session#getAttribute. If an attribute is not available in session attributes and would be required to establish that the session has permission for any action given, an implementation should usually return false.

Note that accessing nodes using the provided session will result in additional calls to this method and thus an infinite loop. Instead, obtain a new session instance if your implementation requires access to nodes. See AbstractRolesAuthorizationDelegate for an example.

Parameters:

session - the session

absPath - the abspath

actions - the actions

Returns:

true if the given session has permission at absPath for all of the given actions, or false otherwise