Package org.opencms.xml.xml2json

Class CmsJsonAccessPolicy

  • public class CmsJsonAccessPolicy
extends java.lang.Object
    Contains configuration for access restrictions to JSON handler.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String DEFAULT_CORS_FILTER
      Default CORS filter.
      static java.util.regex.Pattern DEFAULT_PROP_FILTER
      Default property filter: Property name must not contain secret, api, password or key.

    • Constructor Summary

      Constructors 
      Constructor Description
      CmsJsonAccessPolicy​(boolean enabled)
      Creates new access policy with a fixed return value for checkAccess.
      CmsJsonAccessPolicy​(java.lang.String accessGroup, java.util.List<java.lang.String> includePatterns, java.util.List<java.lang.String> excludePatterns, java.lang.String propertyFilterRegex, java.lang.String corsAllowOrigin, java.lang.String corsAllowMethods, java.lang.String corsAllowHeaders)
      Creates a new instance.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean checkAccess​(CmsObject cms, java.lang.String path)
      Checks if a JSON handler request is allowed for this policy.
      boolean checkPropertyAccess​(java.lang.String property)
      Checks if the property can be accessed (i.e.
      static CmsJsonAccessPolicy parse​(byte[] data)
      Parses an JSON handler access policy file.
      static CmsJsonAccessPolicy parse​(java.io.InputStream stream)
      Parses an JSON handler access policy file.
      void setCorsHeaders​(javax.servlet.http.HttpServletResponse response)
      Sets the configured CORS headers for a given HTTP servlet response.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • DEFAULT_PROP_FILTER

        public static final java.util.regex.Pattern DEFAULT_PROP_FILTER
        Default property filter: Property name must not contain secret, api, password or key.

    • Constructor Detail

      • CmsJsonAccessPolicy

        public CmsJsonAccessPolicy​(boolean enabled)
        Creates new access policy with a fixed return value for checkAccess.
        Parameters:
        enabled - true if allowed, false if forbidden

      • CmsJsonAccessPolicy

        public CmsJsonAccessPolicy​(java.lang.String accessGroup,
                           java.util.List<java.lang.String> includePatterns,
                           java.util.List<java.lang.String> excludePatterns,
                           java.lang.String propertyFilterRegex,
                           java.lang.String corsAllowOrigin,
                           java.lang.String corsAllowMethods,
                           java.lang.String corsAllowHeaders)
        Creates a new instance.
        Parameters:
        accessGroup - the access group (may be null)
        includePatterns - the include regexes
        excludePatterns - the exclude regexes
        propertyFilterRegex - the regular expression to filter property names with
        corsAllowOrigin - the HTTP response header Access-Control-Allow-Origin
        corsAllowMethods - the HTTP response header Access-Control-Allow-Methods
        corsAllowHeaders - the HTTP response header Access-Control-Allow-Headers

    • Method Detail

      • parse

        public static CmsJsonAccessPolicy parse​(byte[] data)
                                 throws org.dom4j.DocumentException
        Parses an JSON handler access policy file.
        Parameters:
        data - the data
        Returns:
        the access policy
        Throws:
        org.dom4j.DocumentException - if parsing fails

      • parse

        public static CmsJsonAccessPolicy parse​(java.io.InputStream stream)
                                 throws org.dom4j.DocumentException
        Parses an JSON handler access policy file.
        Parameters:
        stream - the XML data stream
        Returns:
        the access policy
        Throws:
        org.dom4j.DocumentException - if parsing fails

      • checkAccess

        public boolean checkAccess​(CmsObject cms,
                           java.lang.String path)
        Checks if a JSON handler request is allowed for this policy.
        Parameters:
        cms - the CMS context
        path - the path
        Returns:
        true if the request is allowed

      • checkPropertyAccess

        public boolean checkPropertyAccess​(java.lang.String property)
        Checks if the property can be accessed (i.e. is not filtered out by property filter).
        Parameters:
        property - the property name to check
        Returns:
        true if the property can be written to JSON

      • setCorsHeaders

        public void setCorsHeaders​(javax.servlet.http.HttpServletResponse response)
        Sets the configured CORS headers for a given HTTP servlet response.

        Parameters:
        response - the given HTTP servlet response