Class PathFilterRule

  • All Implemented Interfaces:
    SecurityFilterRule

    public class PathFilterRule
    extends java.lang.Object
    implements SecurityFilterRule

    A SecurityFilterRule that deleagates to a set of PathMatchers

    How this thing works:

    • A path that is not listed in deniedPaths is always granted anonymous access (even if the user is authenticated for a process engine).
    • A path that is listed in deniedPaths is then also checked against allowedPaths.
    • A path that is listed in allowedPaths is checked by the corresponding RequestAuthorizer that can decide to grant/deny (identified or anonymous) access.
    • A path that is not listed in allowedPaths is always granted anonymous access (via FilterRules.authorize(String, String, List))
    Author:
    Daniel Meyer, nico.rehwaldt
    • Constructor Detail

      • PathFilterRule

        public PathFilterRule()
    • Method Detail

      • authorize

        public Authorization authorize​(java.lang.String requestMethod,
                                       java.lang.String requestUri)
        Description copied from interface: SecurityFilterRule
        Authorize the given request and return a Authorization as a result. May return null if the request could not be authorized.
        Specified by:
        authorize in interface SecurityFilterRule
        Returns:
        the authorization for the given request or null if the authorization for the request could not be checked
      • getAllowedPaths

        public java.util.List<RequestMatcher> getAllowedPaths()
      • getDeniedPaths

        public java.util.List<RequestMatcher> getDeniedPaths()