| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.sling.resourceaccesssecurity; |
| |
| import org.apache.sling.api.resource.Resource; |
| import org.apache.sling.api.resource.ResourceResolver; |
| import org.apache.sling.api.security.AccessSecurityException; |
| |
| import aQute.bnd.annotation.ConsumerType; |
| |
| /** |
| * The <code>ResourceAccessGate</code> defines a service API which might be used |
| * to make some restrictions to accessing resources. |
| * |
| * Implementations of this service interface must be registered like |
| * ResourceProvider with a path (like provider.roots). If different |
| * ResourceAccessGateService services match a path, not only the |
| * ResourceAccessGateService with the longest path will be called, but all of |
| * them, that's in contrast to the ResourceProvider, but in this case more |
| * logical (and secure!). The gates will be called in the order of the |
| * service ranking. |
| * If one of the gates grants access for a given operation access will be granted. |
| * |
| * service properties: |
| * <ul> |
| * <li><b>path</b>: regexp to define on which paths the service should be called |
| * (default .*)</li> |
| * <li><b>operations</b>: set of operations on which the service should be |
| * called ("read,create,update,delete,execute", default all of them)</li> |
| * <li><b>finaloperations</b>: set of operations on which the service answer is |
| * final and no further service should be called (default none of them), except |
| * the GateResult is {@link GateResult.DONTCARE}</li> |
| * </ul> |
| * |
| * The resource access gate can either have the context {@link #PROVIDER_CONTEXT}, |
| * in this case the gate is only applied to resource providers requesting the |
| * security checks. Or the context can be {@link #APPLICATION_CONTEXT}. In this |
| * case the access gate is invoked for the whole resource tree. |
| * This is indicated by the required service property {@link #CONTEXT}. If the |
| * property is missing or invalid, the service is ignored. |
| */ |
| @ConsumerType |
| public interface ResourceAccessGate { |
| |
| /** |
| * The service name to use when registering implementations of this |
| * interface as services (value is |
| * "org.apache.sling.api.resource.ResourceAccessGate"). |
| */ |
| String SERVICE_NAME = ResourceAccessGate.class.getName(); |
| |
| /** |
| * The name of the service registration property containing the context |
| * of this service. Allowed values are {@link #APPLICATION_CONTEXT} and |
| * {@link #PROVIDER_CONTEXT}. |
| * This property is required and has no default value. |
| * (value is "access.context") |
| */ |
| String CONTEXT = "access.context"; |
| |
| /** |
| * Allowed value for the {@link #CONTEXT} service registration property. |
| * Services marked with this context are applied to all resources. |
| */ |
| String APPLICATION_CONTEXT = "application"; |
| |
| /** |
| * Allowed value for the {@link #CONTEXT} service registration property. |
| * Services marked with this context are only applied to resource |
| * providers which indicate the additional checks with the |
| * {@link org.apache.sling.api.resource.ResourceProvider#USE_RESOURCE_ACCESS_SECURITY} |
| * property. |
| */ |
| String PROVIDER_CONTEXT = "provider"; |
| |
| /** |
| * The name of the service registration property containing the path as a |
| * regular expression for which the service should be called (value is |
| * "path"). |
| */ |
| String PATH = "path"; |
| |
| /** |
| * The name of the service registration property containing the operations |
| * for which the service should be called, defaults to all the operations |
| * (value is "operations"). |
| */ |
| String OPERATIONS = "operations"; |
| |
| /** |
| * The name of the service registration property containing the operations |
| * for which the service should be called and no further service should be |
| * called after this, except the services returns DONTCARE as result, |
| * default is empty (non of them are final) (value is "finaloperations"). |
| */ |
| String FINALOPERATIONS = "finaloperations"; |
| |
| /** |
| * <code>GateResult</code> defines 3 possible states which can be returned |
| * by the different canXXX methods of this interface. |
| * <ul> |
| * <li>GRANTED: means no restrictions</li> |
| * <li>DENIED: means no permission for the requested action</li> |
| * <li>DONTCARE: means that the implementation of the service has no |
| * information or can't decide and therefore neither can't grant or deny |
| * access</li> |
| * </ul> |
| */ |
| public enum GateResult { |
| GRANTED, DENIED, CANT_DECIDE |
| }; |
| |
| public enum Operation { |
| READ("read"), CREATE("create"), UPDATE("update"), DELETE("delete"), EXECUTE( |
| "execute"); |
| |
| private String text; |
| |
| Operation(String text) { |
| this.text = text; |
| } |
| |
| public static Operation fromString(String opAsString) { |
| Operation returnValue = null; |
| |
| for (Operation op : Operation.values()) { |
| if (opAsString.equals(op.getText())) { |
| returnValue = op; |
| break; |
| } |
| } |
| |
| return returnValue; |
| } |
| |
| public String getText() { |
| return this.text; |
| } |
| } |
| |
| public GateResult canRead(Resource resource); |
| |
| public GateResult canCreate(String absPathName, |
| ResourceResolver resourceResolver); |
| |
| public GateResult canUpdate(Resource resource); |
| |
| public GateResult canDelete(Resource resource); |
| |
| public GateResult canExecute(Resource resource); |
| |
| public GateResult canReadValue(Resource resource, String valueName); |
| |
| public GateResult canCreateValue(Resource resource, String valueName); |
| |
| public GateResult canUpdateValue(Resource resource, String valueName); |
| |
| public GateResult canDeleteValue(Resource resource, String valueName); |
| |
| /** |
| * Allows to transform the query based on the current user's credentials. |
| * Can be used to narrow down queries to omit results that the current user |
| * is not allowed to see anyway, speeding up downstream access control. |
| * |
| * Query transformations are not critical with respect to access control as |
| * results are checked using the canRead.. methods anyway. |
| * |
| * @param query |
| * the query |
| * @param language |
| * the language in which the query is expressed |
| * @param resourceResolver |
| * the resource resolver which resolves the query |
| * @return the transformed query or the original query if no tranformation |
| * took place. This method should never return <code>null</code> |
| * @throws AccessSecurityException |
| */ |
| public String transformQuery(String query, String language, |
| ResourceResolver resourceResolver) throws AccessSecurityException; |
| |
| /* for convenience (and performance) */ |
| public boolean hasReadRestrictions(ResourceResolver resourceResolver); |
| |
| public boolean hasCreateRestrictions(ResourceResolver resourceResolver); |
| |
| public boolean hasUpdateRestrictions(ResourceResolver resourceResolver); |
| |
| public boolean hasDeleteRestrictions(ResourceResolver resourceResolver); |
| |
| public boolean hasExecuteRestrictions(ResourceResolver resourceResolver); |
| |
| public boolean canReadAllValues(Resource resource); |
| |
| public boolean canCreateAllValues(Resource resource); |
| |
| public boolean canUpdateAllValues(Resource resource); |
| |
| public boolean canDeleteAllValues(Resource resource); |
| |
| } |