sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r903477 - in /websites/staging/sling/trunk/content: ./ documentation/bundles/resource-access-security.html
Date Tue, 25 Mar 2014 08:32:06 GMT
Author: buildbot
Date: Tue Mar 25 08:32:06 2014
New Revision: 903477

Staging update by buildbot for sling

    websites/staging/sling/trunk/content/   (props changed)

Propchange: websites/staging/sling/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Tue Mar 25 08:32:06 2014
@@ -1 +1 @@

Modified: websites/staging/sling/trunk/content/documentation/bundles/resource-access-security.html
--- websites/staging/sling/trunk/content/documentation/bundles/resource-access-security.html
+++ websites/staging/sling/trunk/content/documentation/bundles/resource-access-security.html
Tue Mar 25 08:32:06 2014
@@ -99,7 +99,7 @@
 <p>To use the ResourceAccessSecurity service you don’t have to implement the interface
ResourceAccessSecurity. Simply add the resourceaccesssecurity bundle to your sling instance.
This adds an implementation of the ResourceAccessSecurity service for the provider context
(“provider”) and also the application context (“application”).</p>
 <p>Furthermore the implementation of ResourceAccessSecurity defines a service provider
interface named ResourceAccessGate. This is the service interface which you can implement
and register to control the access to the resources.</p>
 <p>The ResourceAccessGate defines a service API which can be used to make some restrictions
to accessing resources. Implementations of this service interface must be registered like
ResourceProvider with a path (like provider.roots but with the property name “path”).
If different ResourceAccessGate services match a path, not only the ResourceAccessGate with
the longest path will be called, but all of them, that's in contrast to the ResourceProvider,
but in this case more logical (and secure!). The access gates also must be registered with
a context (“application” or “provider”), without a given context, the
service will be ignored by ResourceAccessSecurity. The gates will be called in the order of
the service ranking. If one of the gates grants access for a given operation access will be
granted. An exception are the gates which are registered for “finaloperations”.
If such a gate denies resource access no further gate will be asked and access
  denied (except a gate with higher service ranking has granted access).</p>
-<h1 id="service-properties">Service properties</h1>
+<h3 id="service-properties">Service properties</h3>
@@ -126,7 +126,7 @@
-<h1 id="how-to-implement-resourceaccessgate">How to implement ResourceAccessGate</h1>
+<h3 id="how-to-implement-resourceaccessgate">How to implement ResourceAccessGate</h3>
 <p>The implementation is straightforward. The easiest way is to extend <code>AllowingResourceAccessGate</code>
which is exported by the resourceaccesssecurity bundle and does not deny any access. So if
you wan’t restrict access on resources for read operations you have to implement to following
two methods:</p>
 <div class="codehilite"><pre><span class="nd">@Override</span>
 <span class="kd">public</span> <span class="kt">boolean</span> <span
class="nf">hasReadRestrictions</span><span class="o">(</span><span
class="kd">final</span> <span class="n">ResourceResolver</span> <span
class="n">resourceResolver</span><span class="o">)</span> <span class="o">{</span>
@@ -149,10 +149,10 @@
 <p>And you have to register the ResourceAccessGate with the path where you wan’t
to restrict access and the operation property set to “read”. Furthermore you have
to decide if the ResourceAccessGate should operate on all resource providers (context=”application”)
or only on the resourceproviders flagged with the property useResourceAccessSecurity=true
-<h1 id="actual-state-of-resourceaccesssecurity">Actual state of ResourceAccessSecurity</h1>
+<h2 id="actual-state-of-resourceaccesssecurity">Actual state of ResourceAccessSecurity</h2>
 <p>By now the implementation is complete for securing access on resource level for
CRUD operations. It is not yet ready to allow fine granular access rights on values of a resource.
So at the moment the <code>canReadValue, canUpdateValue, canDeleteValue</code>
and <code>canCreateValue</code> on <code>ResourceAccessGate</code>
methods are ignored.</p>
       <div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;">
-        Rev. 1581274 by mykee on Tue, 25 Mar 2014 08:30:53 +0000
+        Rev. 1581275 by mykee on Tue, 25 Mar 2014 08:32:00 +0000
       <div class="trademarkFooter"> 
         Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project

View raw message