Package org.duracloud.security.vote

Class SpaceAccessVoter

java.lang.Object
org.duracloud.security.vote.SpaceAccessVoter
All Implemented Interfaces:
org.springframework.security.access.AccessDecisionVoter
Direct Known Subclasses:
SpaceReadAccessVoter, SpaceWriteAccessVoter
public abstract class SpaceAccessVoter extends Object implements org.springframework.security.access.AccessDecisionVoter
Author:
Andrew Woods Date: Mar 19, 2010

  • Constructor Details

    • SpaceAccessVoter

      public SpaceAccessVoter(StorageProviderFactory storageProviderFactory, org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

  • Method Details

    • isOpenResource

      protected boolean isOpenResource(javax.servlet.http.HttpServletRequest httpRequest)

    • getStoreId

      protected String getStoreId(javax.servlet.http.HttpServletRequest httpRequest)

    • getSpaceId

      protected String getSpaceId(javax.servlet.http.HttpServletRequest httpRequest)

    • extractSpaceId

      protected String extractSpaceId(String pathInfo)

    • hasContentId

      protected boolean hasContentId(javax.servlet.http.HttpServletRequest httpRequest)

    • getContentId

      protected String getContentId(javax.servlet.http.HttpServletRequest httpRequest)

    • getSpaceACLs

      protected Map<String,AclType> getSpaceACLs(javax.servlet.http.HttpServletRequest request)
      This method returns the ACLs of the requested space, or an empty-map if there is an error or for certain 'keyword' spaces, or null if the space does not exist.
      Parameters:
      request - containing spaceId and storeId
      Returns:
      ACLs, empty-map, or null

    • getSpaceACLs

      protected Map<String,AclType> getSpaceACLs(String storeId, String spaceId)

    • getHttpVerb

      protected HttpVerb getHttpVerb(javax.servlet.http.HttpServletRequest httpRequest)

    • getUserGroups

      protected List<String> getUserGroups(org.springframework.security.core.Authentication auth)

    • groupsHaveReadAccess

      protected boolean groupsHaveReadAccess(List<String> userGroups, Map<String,AclType> acls)

    • groupsHaveWriteAccess

      protected boolean groupsHaveWriteAccess(List<String> userGroups, Map<String,AclType> acls)

    • hasReadAccess

      protected boolean hasReadAccess(String name, Map<String,AclType> acls)

    • hasWriteAccess

      protected boolean hasWriteAccess(String name, Map<String,AclType> acls)

    • isAdmin

      protected boolean isAdmin(String name)

    • getStorageProviderFactory

      public StorageProviderFactory getStorageProviderFactory()

    • getHttpServletRequest

      protected javax.servlet.http.HttpServletRequest getHttpServletRequest(Object resource)

    • supports

      public boolean supports(org.springframework.security.access.ConfigAttribute configAttribute)
      This method always returns true because all configAttributes are able to be handled by this voter.
      Specified by:
      supports in interface org.springframework.security.access.AccessDecisionVoter
      Parameters:
      configAttribute - any att
      Returns:
      true

    • supports

      public boolean supports(Class aClass)
      This methods returns true if the arg class is an instance of or subclass of FilterInvocation. No other classes can be handled by this voter.
      Specified by:
      supports in interface org.springframework.security.access.AccessDecisionVoter
      Parameters:
      aClass - to be analyized for an AuthZ vote.
      Returns:
      true if is an instance of or subclass of FilterInvocation

    • isSnapshotMetadataSpace

      protected boolean isSnapshotMetadataSpace(javax.servlet.http.HttpServletRequest httpRequest)