Package org.tailormap.api.security

Class AuthorizationService

java.lang.Object
org.tailormap.api.security.AuthorizationService
@Service public class AuthorizationService extends Object
Validates access control rules. Any call to userMayView will verify that the currently logged in user is not only allowed to read the current object, but any object above and below it in the hierarchy.

  • Field Details

  • Constructor Details

    • AuthorizationService

      public AuthorizationService()

  • Method Details

    • userMayView

      public boolean userMayView(Application application)
      Verifies that the (authenticated) user may view/open the application.
      Parameters:
      application - the Application to check
      Returns:
      the result from the access control checks.

    • userMayView

      public boolean userMayView(GeoService geoService)
      Verifies that the (authenticated) user may view this geoService.
      Parameters:
      geoService - the GeoService to check
      Returns:
      the result from the access control checks.

    • userMayView

      public boolean userMayView(GeoService geoService, GeoServiceLayer layer)
      Verifies that the (authenticated) user may view the layer in context of the geoService.
      Parameters:
      geoService - the GeoService to check
      layer - the GeoServiceLayer to check
      Returns:
      the result from the access control checks.

    • mustDenyAccessForSecuredProxy

      public boolean mustDenyAccessForSecuredProxy(Application application, GeoService geoService)
      To avoid exposing a secured service by proxying it to everyone, do not proxy a secured geo service when the application is public (accessible by anonymous users). Do not even allow proxying a secured service if the user is logged viewing a public app!
      Parameters:
      application - The application
      geoService - The geo service
      Returns:
      Whether to deny proxying this service for the application