Package org.opencms.xml.xml2json
Class CmsJsonAccessPolicy
- java.lang.Object
-
- org.opencms.xml.xml2json.CmsJsonAccessPolicy
-
public class CmsJsonAccessPolicy extends java.lang.Object
Contains configuration for access restrictions to JSON handler.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DEFAULT_CORS_FILTER
Default CORS filter.static java.util.regex.Pattern
DEFAULT_PROP_FILTER
Default property filter: Property name must not contain secret, api, password or key.
-
Constructor Summary
Constructors Constructor Description CmsJsonAccessPolicy(boolean enabled)
Creates new access policy with a fixed return value for checkAccess.CmsJsonAccessPolicy(java.lang.String accessGroup, java.util.List<java.lang.String> includePatterns, java.util.List<java.lang.String> excludePatterns, java.lang.String propertyFilterRegex, java.lang.String corsAllowOrigin, java.lang.String corsAllowMethods, java.lang.String corsAllowHeaders)
Creates a new instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
checkAccess(CmsObject cms, java.lang.String path)
Checks if a JSON handler request is allowed for this policy.boolean
checkPropertyAccess(java.lang.String property)
Checks if the property can be accessed (i.e.static CmsJsonAccessPolicy
parse(byte[] data)
Parses an JSON handler access policy file.static CmsJsonAccessPolicy
parse(java.io.InputStream stream)
Parses an JSON handler access policy file.void
setCorsHeaders(javax.servlet.http.HttpServletResponse response)
Sets the configured CORS headers for a given HTTP servlet response.
-
-
-
Field Detail
-
DEFAULT_PROP_FILTER
public static final java.util.regex.Pattern DEFAULT_PROP_FILTER
Default property filter: Property name must not contain secret, api, password or key.
-
DEFAULT_CORS_FILTER
public static final java.lang.String DEFAULT_CORS_FILTER
Default CORS filter.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CmsJsonAccessPolicy
public CmsJsonAccessPolicy(boolean enabled)
Creates new access policy with a fixed return value for checkAccess.- Parameters:
enabled
- true if allowed, false if forbidden
-
CmsJsonAccessPolicy
public CmsJsonAccessPolicy(java.lang.String accessGroup, java.util.List<java.lang.String> includePatterns, java.util.List<java.lang.String> excludePatterns, java.lang.String propertyFilterRegex, java.lang.String corsAllowOrigin, java.lang.String corsAllowMethods, java.lang.String corsAllowHeaders)
Creates a new instance.- Parameters:
accessGroup
- the access group (may be null)includePatterns
- the include regexesexcludePatterns
- the exclude regexespropertyFilterRegex
- the regular expression to filter property names withcorsAllowOrigin
- the HTTP response header Access-Control-Allow-OrigincorsAllowMethods
- the HTTP response header Access-Control-Allow-MethodscorsAllowHeaders
- the HTTP response header Access-Control-Allow-Headers
-
-
Method Detail
-
parse
public static CmsJsonAccessPolicy parse(byte[] data) throws org.dom4j.DocumentException
Parses an JSON handler access policy file.- Parameters:
data
- the data- Returns:
- the access policy
- Throws:
org.dom4j.DocumentException
- if parsing fails
-
parse
public static CmsJsonAccessPolicy parse(java.io.InputStream stream) throws org.dom4j.DocumentException
Parses an JSON handler access policy file.- Parameters:
stream
- the XML data stream- Returns:
- the access policy
- Throws:
org.dom4j.DocumentException
- if parsing fails
-
checkAccess
public boolean checkAccess(CmsObject cms, java.lang.String path)
Checks if a JSON handler request is allowed for this policy.- Parameters:
cms
- the CMS contextpath
- the path- Returns:
- true if the request is allowed
-
checkPropertyAccess
public boolean checkPropertyAccess(java.lang.String property)
Checks if the property can be accessed (i.e. is not filtered out by property filter).- Parameters:
property
- the property name to check- Returns:
- true if the property can be written to JSON
-
setCorsHeaders
public void setCorsHeaders(javax.servlet.http.HttpServletResponse response)
Sets the configured CORS headers for a given HTTP servlet response.- Parameters:
response
- the given HTTP servlet response
-
-