Package org.tailormap.api.security

Class AuthorisationService

java.lang.Object

org.tailormap.api.security.AuthorisationService

@Service
public class AuthorisationService
extends Object

Validates access control rules. Any call to userAllowedToViewApplication will verify that the currently logged-in user is not only allowed to read the current object, but any object above and below it in the hierarchy.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ACCESS_TYPE_VIEW

Constructor Summary

Constructors

Constructor	Description
AuthorisationService()

Method Summary

Modifier and Type	Method	Description
boolean	mustDenyAccessForSecuredProxy(Application application, GeoService geoService)	To avoid exposing a secured service by proxying it to everyone, do not proxy a secured GeoService when the application is public (accessible by anonymous users).
boolean	userAllowedToViewApplication(Application application)	Verifies that the (authenticated) user may view/open the application.
boolean	userAllowedToViewGeoService(GeoService geoService)	Verifies that the (authenticated) user may view this geoService.
boolean	userAllowedToViewGeoServiceLayer(GeoService geoService, GeoServiceLayer layer)	Verifies that the (authenticated) user may view the layer in context of the geoService.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ACCESS_TYPE_VIEW

public static final String ACCESS_TYPE_VIEW

See Also:

• Constant Field Values

Constructor Details

AuthorisationService

public AuthorisationService()

Method Details

userAllowedToViewApplication

public boolean userAllowedToViewApplication(Application application)

Verifies that the (authenticated) user may view/open the application.

Parameters:

application - the Application to check

Returns:

the result from the access control checks.

userAllowedToViewGeoService

public boolean userAllowedToViewGeoService(GeoService geoService)

Verifies that the (authenticated) user may view this geoService.

Parameters:

geoService - the GeoService to check

Returns:

the result from the access control checks.

userAllowedToViewGeoServiceLayer

public boolean userAllowedToViewGeoServiceLayer(GeoService geoService,
 GeoServiceLayer layer)

Verifies that the (authenticated) user may view the layer in context of the geoService.

Parameters:

geoService - the GeoService to check

layer - the GeoServiceLayer to check

Returns:

the result from the access control checks.

mustDenyAccessForSecuredProxy

public boolean mustDenyAccessForSecuredProxy(Application application,
 GeoService geoService)

To avoid exposing a secured service by proxying it to everyone, do not proxy a secured GeoService when the application is public (accessible by anonymous users). Do not even allow proxying a secured service if the user is logged viewing a public app!

Parameters:

application - The application

geoService - The geo service to check

Returns:

Whether to deny proxying this service for the application