Class PathFilterRule
- java.lang.Object
-
- org.camunda.bpm.webapp.impl.security.filter.PathFilterRule
-
- All Implemented Interfaces:
SecurityFilterRule
public class PathFilterRule extends java.lang.Object implements SecurityFilterRule
A
SecurityFilterRule
that deleagates to a set ofPathMatcher
sHow this thing works:
- A path that is not listed in
deniedPaths
is always granted anonymous access (even if the user is authenticated for a process engine). - A path that is listed in
deniedPaths
is then also checked againstallowedPaths
. - A path that is listed in
allowedPaths
is checked by the correspondingRequestAuthorizer
that can decide to grant/deny (identified or anonymous) access. - A path that is not listed in
allowedPaths
is always granted anonymous access (viaFilterRules.authorize(String, String, List)
)
- Author:
- Daniel Meyer, nico.rehwaldt
-
-
Field Summary
Fields Modifier and Type Field Description protected java.util.List<RequestMatcher>
allowedPaths
protected java.util.List<RequestMatcher>
deniedPaths
-
Constructor Summary
Constructors Constructor Description PathFilterRule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Authorization
authorize(java.lang.String requestMethod, java.lang.String requestUri)
Authorize the given request and return aAuthorization
as a result.java.util.List<RequestMatcher>
getAllowedPaths()
java.util.List<RequestMatcher>
getDeniedPaths()
-
-
-
Field Detail
-
allowedPaths
protected java.util.List<RequestMatcher> allowedPaths
-
deniedPaths
protected java.util.List<RequestMatcher> deniedPaths
-
-
Method Detail
-
authorize
public Authorization authorize(java.lang.String requestMethod, java.lang.String requestUri)
Description copied from interface:SecurityFilterRule
Authorize the given request and return aAuthorization
as a result. May returnnull
if the request could not be authorized.- Specified by:
authorize
in interfaceSecurityFilterRule
- Returns:
- the authorization for the given request or
null
if the authorization for the request could not be checked
-
getAllowedPaths
public java.util.List<RequestMatcher> getAllowedPaths()
-
getDeniedPaths
public java.util.List<RequestMatcher> getDeniedPaths()
-
-