Class PathFilterRule
java.lang.Object
org.camunda.bpm.webapp.impl.security.filter.PathFilterRule
- All Implemented Interfaces:
SecurityFilterRule
A SecurityFilterRule
that deleagates to a set of PathMatcher
s
How this thing works:
- A path that is not listed in
deniedPaths
is always granted anonymous access (even if the user is authenticated for a process engine). - A path that is listed in
deniedPaths
is then also checked againstallowedPaths
. - A path that is listed in
allowedPaths
is checked by the correspondingRequestAuthorizer
that can decide to grant/deny (identified or anonymous) access. - A path that is not listed in
allowedPaths
is always granted anonymous access (viaFilterRules.authorize(String, String, List)
)
- Author:
- Daniel Meyer, nico.rehwaldt
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionAuthorize the given request and return aAuthorization
as a result.
-
Field Details
-
allowedPaths
-
deniedPaths
-
-
Constructor Details
-
PathFilterRule
public PathFilterRule()
-
-
Method Details
-
authorize
Description copied from interface:SecurityFilterRule
Authorize the given request and return aAuthorization
as a result. May returnnull
if the request could not be authorized.- Specified by:
authorize
in interfaceSecurityFilterRule
- Returns:
- the authorization for the given request or
null
if the authorization for the request could not be checked
-
getAllowedPaths
-
getDeniedPaths
-