Package org.opencms.security

Class CmsDefaultAuthorizationHandler

java.lang.Object
org.opencms.main.A_CmsAuthorizationHandler
org.opencms.security.CmsDefaultAuthorizationHandler
All Implemented Interfaces:
I_CmsAuthorizationHandler
Direct Known Subclasses:
CmsPersistentLoginAuthorizationHandler
public class CmsDefaultAuthorizationHandler extends A_CmsAuthorizationHandler
Defines default authorization methods.

Since:
6.5.4

  • Field Details

  • Constructor Details

  • Method Details

    • checkPath

      protected static boolean checkPath(String uri, String pathSpec)
      Checks if a request URI path matches a given set of prefix paths.
      Parameters:
      uri - the request URI path
      pathSpec - a comma separated list of path prefixes, which may contain %(contextPath) macros
      Returns:
      true if the URI path matches the path spec

    • checkUser

      protected static boolean checkUser(CmsObject cms, String userSpec)
      Checks if the authenticated user matches a user specification string.

      The user specification string is a comma-separed list of entries of the form TYPE.Name, where TYPE is either ROLE, GROUP, or USER. The method returns true if the user matches any of the groups, roles, or user names from this list.

      It's also possible to configure an entry "*", which always matches.

      Parameters:
      cms - the CMS context
      userSpec - the user specification
      Returns:
      true if the user matches any entry from the user specification

    • getLoginFormURL

      public String getLoginFormURL(String loginFormURL, String params, String callbackURL)
      Description copied from interface: I_CmsAuthorizationHandler
      Returns the full URL used to call a login form with additional parameters and a callbackURL.

      Parameters:
      loginFormURL - the form URL specified in the cms (either as a property or system-wide)
      params - additional parameters to provide to the login form
      callbackURL - the call-back URL to redirect after a successful login
      Returns:
      the full URL used to call a login form
      See Also:

    • initCmsObject

      public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request)
      Description copied from interface: I_CmsAuthorizationHandler
      Creates a new cms object from the given request object.

      This method is called by OpenCms every time a resource is requested and the session can not automatically be authenticated.

      Parameters:
      request - the HTTP request to authenticate
      Returns:
      the cms context object associated to the current session
      See Also:

    • initCmsObject

      public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request, I_CmsAuthorizationHandler.I_PrivilegedLoginAction loginAction)
      Description copied from interface: I_CmsAuthorizationHandler
      Creates a new cms object from the given request object.

      This method is called by OpenCms every time a resource is requested and the session can not automatically be authenticated.

      Parameters:
      request - the HTTP request to authenticate
      loginAction - the privileged login action
      Returns:
      the cms context object associated to the current session
      See Also:

    • initCmsObject

      public CmsObject initCmsObject(javax.servlet.http.HttpServletRequest request, String userName, String pwd) throws CmsException
      Description copied from interface: I_CmsAuthorizationHandler
      Authenticates the current request with additional user information.

      You have to call this method by your own.

      Parameters:
      request - the HTTP request to authenticate
      userName - the user name to authenticate
      pwd - the user password to authenticate with
      Returns:
      the cms context object associated to the given user
      Throws:
      CmsException - if something goes wrong
      See Also:

    • requestAuthorization

      public void requestAuthorization(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res, String loginFormURL) throws IOException
      This method sends a request to the client to display a login form, it is needed for HTTP-Authentication.

      Parameters:
      req - the client request
      res - the response
      loginFormURL - the full URL used for form based authentication
      Throws:
      IOException - if something goes wrong

    • checkBasicAuthorization

      protected CmsObject checkBasicAuthorization(javax.servlet.http.HttpServletRequest req)
      Checks if the current request contains HTTP basic authentication information in the headers, if so the user is tried to log in with this data, and on success a session is generated.

      Parameters:
      req - the current HTTP request
      Returns:
      the authenticated cms object, or null if failed

    • shouldUseStartSettingsForHttpBasicAuth

      protected boolean shouldUseStartSettingsForHttpBasicAuth(CmsObject cms, javax.servlet.http.HttpServletRequest req)
      Checks whether start settings should be used after HTTP Basic authentication.

      This method will not be called for workplace requests; for these the start settings will always be used.

      Parameters:
      cms - the CMS context initialized with the user from the HTTP Basic authentication
      req - the current request
      Returns:
      true if the start settings should be used