org.xwiki.security.authorization

Class DefaultAuthorizationManager

java.lang.Object

org.xwiki.security.authorization.DefaultAuthorizationManager

All Implemented Interfaces:

AuthorizationManager

@Component
@Singleton
public class DefaultAuthorizationManager
extends Object
implements AuthorizationManager

Default implementation of the AuthorizationManager.

Since:

4.0M2

Version:

$Id: bc61c38efc50bd1c9dca24dfb8bc55d757d68df7 $

Field Summary

Fields inherited from interface org.xwiki.security.authorization.AuthorizationManager

SUPERADMIN_USER

Constructor Summary

Constructors

Constructor and Description
DefaultAuthorizationManager()

Method Summary

Methods

Modifier and Type	Method and Description
void	checkAccess(Right right, DocumentReference userReference, EntityReference entityReference) Check if the user identified by userReference has the access identified by right on the entity identified by entityReference.
boolean	hasAccess(Right right, DocumentReference userReference, EntityReference entityReference) Verifies if the user identified by userReference has the access identified by right on the entity identified by entityReference.
protected void	logDeny(DocumentReference user, EntityReference entity, Right right, String info) Log denied access conclusion.
Right	register(RightDescription rightDescription) Register a new custom Right.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAuthorizationManager

public DefaultAuthorizationManager()

Method Detail

checkAccess

public void checkAccess(Right right,
               DocumentReference userReference,
               EntityReference entityReference)
                 throws AccessDeniedException

Description copied from interface: AuthorizationManager

Check if the user identified by userReference has the access identified by right on the entity identified by entityReference. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used at security checkpoint.

Specified by:

checkAccess in interface AuthorizationManager

Parameters:

right - the right needed for execution of the action

userReference - the user to check the right for

entityReference - the entity on which to check the right

Throws:

AccessDeniedException - if the action should be denied, which may also happen when an error occurs

hasAccess

public boolean hasAccess(Right right,
                DocumentReference userReference,
                EntityReference entityReference)

Description copied from interface: AuthorizationManager

Verifies if the user identified by userReference has the access identified by right on the entity identified by entityReference. Note that some rights may be checked higher in hierarchy of the provided entity if such right is not enabled at lowest hierarchy level provided. This function should be used for interface matters, use AuthorizationManager.checkAccess(org.xwiki.security.authorization.Right, org.xwiki.model.reference.DocumentReference, org.xwiki.model.reference.EntityReference) at security checkpoints.

Specified by:

hasAccess in interface AuthorizationManager

Parameters:

right - the right to check .

userReference - the user to check the right for

entityReference - the entity on which to check the right

Returns:

true if the user has the specified right on the entity, false otherwise

register

public Right register(RightDescription rightDescription)
               throws UnableToRegisterRightException

Description copied from interface: AuthorizationManager

Register a new custom Right.

Specified by:

register in interface AuthorizationManager

Parameters:

rightDescription - the full description of the new Right

Returns:

the created Right

Throws:

UnableToRegisterRightException - if an error prevent creation of the new right. Registering exactly the same right does not cause an exception and return the existing right.

logDeny

protected void logDeny(DocumentReference user,
           EntityReference entity,
           Right right,
           String info)

Log denied access conclusion. All denied access conclusion made during a security checkpoint use this method.

Parameters:

user - The user name that was checked.

entity - The page that was checked.

right - The action that was requested.

info - Additional information.