PathFilterRule (Camunda Platform Javadocs 7.20.0-SNAPSHOT)

java.lang.Object
- org.camunda.bpm.webapp.impl.security.filter.PathFilterRule

All Implemented Interfaces:

SecurityFilterRule
```
public class PathFilterRule
extends Object
implements SecurityFilterRule
```
A SecurityFilterRule that deleagates to a set of PathMatchers

How this thing works:
- A path that is not listed in deniedPaths is always granted anonymous access (even if the user is authenticated for a process engine).
- A path that is listed in deniedPaths is then also checked against allowedPaths.
- A path that is listed in allowedPaths is checked by the corresponding RequestAuthorizer that can decide to grant/deny (identified or anonymous) access.
- A path that is not listed in allowedPaths is always granted anonymous access (via FilterRules.authorize(String, String, List))
Author:

Daniel Meyer, nico.rehwaldt

Field Summary

Fields
Modifier and Type Field Description

protected List<RequestMatcher> allowedPaths

protected List<RequestMatcher> deniedPaths

Constructor Summary

Constructors
Constructor Description

PathFilterRule()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`Authorization`	`authorize(String requestMethod, String requestUri)`	Authorize the given request and return a `Authorization` as a result.
`List<RequestMatcher>`	`getAllowedPaths()`
`List<RequestMatcher>`	`getDeniedPaths()`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - allowedPaths
```
protected List<RequestMatcher> allowedPaths
```
  - deniedPaths
```
protected List<RequestMatcher> deniedPaths
```
- Constructor Detail
  - PathFilterRule
```
public PathFilterRule()
```
- Method Detail
  - authorize
```
public Authorization authorize(String requestMethod,
                               String requestUri)
```
    Description copied from interface: SecurityFilterRule
    
    Authorize the given request and return a Authorization as a result. May return null if the request could not be authorized.
    
    Specified by:
    
    authorize in interface SecurityFilterRule
    
    Returns:
    
    the authorization for the given request or null if the authorization for the request could not be checked
  - getAllowedPaths
```
public List<RequestMatcher> getAllowedPaths()
```
  - getDeniedPaths
```
public List<RequestMatcher> getDeniedPaths()
```