Package org.opencms.security

Class CmsDefaultAuthorizationHandler

    • Method Detail

      • checkPath

        protected static boolean checkPath​(java.lang.String uri,
                                   java.lang.String pathSpec)
        Checks if a request URI path matches a given set of prefix paths.
        Parameters:
        uri - the request URI path
        pathSpec - a comma separated list of path prefixes, which may contain %(contextPath) macros
        Returns:
        true if the URI path matches the path spec

      • checkUser

        protected static boolean checkUser​(CmsObject cms,
                                   java.lang.String userSpec)
        Checks if the authenticated user matches a user specification string.

        The user specification string is a comma-separed list of entries of the form TYPE.Name, where TYPE is either ROLE, GROUP, or USER. The method returns true if the user matches any of the groups, roles, or user names from this list.

        It's also possible to configure an entry "*", which always matches.

        Parameters:
        cms - the CMS context
        userSpec - the user specification
        Returns:
        true if the user matches any entry from the user specification

      • getLoginFormURL

        public java.lang.String getLoginFormURL​(java.lang.String loginFormURL,
                                        java.lang.String params,
                                        java.lang.String callbackURL)
        Description copied from interface: I_CmsAuthorizationHandler
        Returns the full URL used to call a login form with additional parameters and a callbackURL.

        Parameters:
        loginFormURL - the form URL specified in the cms (either as a property or system-wide)
        params - additional parameters to provide to the login form
        callbackURL - the call-back URL to redirect after a successful login
        Returns:
        the full URL used to call a login form
        See Also:
        I_CmsAuthorizationHandler.getLoginFormURL(java.lang.String, java.lang.String, java.lang.String)

      • initCmsObject

        public CmsObject initCmsObject​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: I_CmsAuthorizationHandler
        Creates a new cms object from the given request object.

        This method is called by OpenCms every time a resource is requested and the session can not automatically be authenticated.

        Parameters:
        request - the HTTP request to authenticate
        Returns:
        the cms context object associated to the current session
        See Also:
        I_CmsAuthorizationHandler.initCmsObject(HttpServletRequest)

      • requestAuthorization

        public void requestAuthorization​(javax.servlet.http.HttpServletRequest req,
                                 javax.servlet.http.HttpServletResponse res,
                                 java.lang.String loginFormURL)
                          throws java.io.IOException
        This method sends a request to the client to display a login form, it is needed for HTTP-Authentication.

        Parameters:
        req - the client request
        res - the response
        loginFormURL - the full URL used for form based authentication
        Throws:
        java.io.IOException - if something goes wrong

      • checkBasicAuthorization

        protected CmsObject checkBasicAuthorization​(javax.servlet.http.HttpServletRequest req)
        Checks if the current request contains HTTP basic authentication information in the headers, if so the user is tried to log in with this data, and on success a session is generated.

        Parameters:
        req - the current HTTP request
        Returns:
        the authenticated cms object, or null if failed

      • shouldUseStartSettingsForHttpBasicAuth

        protected boolean shouldUseStartSettingsForHttpBasicAuth​(CmsObject cms,
                                                         javax.servlet.http.HttpServletRequest req)
        Checks whether start settings should be used after HTTP Basic authentication.

        This method will not be called for workplace requests; for these the start settings will always be used.

        Parameters:
        cms - the CMS context initialized with the user from the HTTP Basic authentication
        req - the current request
        Returns:
        true if the start settings should be used