Package org.tailormap.api.security

Class AuthorizationService

java.lang.Object
org.tailormap.api.security.AuthorizationService
@Service public class AuthorizationService extends Object
Validates access control rules. Any call to mayUserRead will verify that the currently logged in user is not only allowed to read the current object, but any object above and below it in the hierarchy.

  • Field Details

  • Constructor Details

    • AuthorizationService

      public AuthorizationService()

  • Method Details

    • mayUserRead

      public boolean mayUserRead(Application application)
      Verifies that this user may read this Application.
      Parameters:
      application - the Application to check
      Returns:
      the results from the access control checks.

    • mayUserRead

      public boolean mayUserRead(GeoService geoService)
      Verifies that this user may read this GeoService.
      Parameters:
      geoService - the GeoService to check
      Returns:
      the results from the access control checks.

    • mayUserRead

      public boolean mayUserRead(GeoService geoService, GeoServiceLayer layer)
      Verifies that this user may read the Layer in context of the GeoService.
      Parameters:
      geoService - the GeoService to check
      layer - the GeoServiceLayer to check
      Returns:
      the results from the access control checks.

    • mustDenyAccessForSecuredProxy

      public boolean mustDenyAccessForSecuredProxy(Application application, GeoService geoService)
      To avoid exposing a secured service by proxying it to everyone, do not proxy a secured geo service when the application is public (accessible by anonymous users). Do not even allow proxying a secured service if the user is logged viewing a public app!
      Parameters:
      application - The application
      geoService - The geo service
      Returns:
      Whether to deny proxying this service for the application