Package nl.b3p.tailormap.api.security

Class AuthorizationService

  • @Service
public class AuthorizationService
extends Object
    Validates access control rules. Any call to mayUserRead will verify that the currently logged in user is not only allowed to read the current object, but any object above and below it in the hierarchy.

    • Constructor Detail

      • AuthorizationService

        public AuthorizationService()

    • Method Detail

      • mayUserRead

        public boolean mayUserRead​(Application application)
        Verifies that this user may read this Application.
        Parameters:
        application - the Application to check
        Returns:
        the results from the access control checks.

      • mayUserRead

        public boolean mayUserRead​(GeoService geoService)
        Verifies that this user may read this GeoService.
        Parameters:
        geoService - the GeoService to check
        Returns:
        the results from the access control checks.

      • mayUserRead

        public boolean mayUserRead​(GeoService geoService,
                           GeoServiceLayer layer)
        Verifies that this user may read the Layer in context of the GeoService.
        Parameters:
        geoService - the GeoService to check
        layer - the GeoServiceLayer to check
        Returns:
        the results from the access control checks.

      • allowProxyAccess

        public boolean allowProxyAccess​(Application application,
                                GeoService geoService)
        To avoid exposing a secured service by proxying it to everyone, do not proxy a secured geo service when the application is public (accessible by anonymous users). Do not even allow proxying a secured service if the user is logged viewing a public app!
        Parameters:
        application - The application
        geoService - The geo service
        Returns:
        Whether to allow proxying this service for the application