Package digilib.auth

Class MetaAccessAuthzOps

java.lang.Object

digilib.auth.AuthzOpsImpl

digilib.auth.MetaAccessAuthzOps

All Implemented Interfaces:

AuthzOps

public class MetaAccessAuthzOps
extends AuthzOpsImpl

Implementation of AuthzOps using "access" information from file metadata. Requires FileMeta implementation providing "access", e.g. digilib.meta.IndexMetaFileMeta. The name of the configuration file is read from the digilib config parameter "auth-file". The tag "digilib-access" is read from the auth-file configuration file:

 
 <digilib-access>
   <access type="group:mpiwg" role="mpiwg-user"/>
   <access type="default" role=""/>
 </digilib-access>
 
 

A user must supply one of the roles under "role" to access any object with the metadata "access" type of "type". Roles under "role" must be separated by comma only (no spaces). Access type "default" applies to objects without metadata access tag.

Field Summary

Fields

Modifier and Type	Field	Description
protected File	configFile
protected List<String>	defaultRoles
protected static final org.slf4j.Logger	logger
protected Map<String,List<String>>	rolesMap

Fields inherited from class digilib.auth.AuthzOpsImpl

authnOps

Constructor Summary

Constructors

Constructor	Description
MetaAccessAuthzOps()

Method Summary

Modifier and Type	Method	Description
void	init(DigilibConfiguration dlConfig)	Initialize authentication operations.
List<String>	rolesForPath(DigilibServletRequest dlRequest)	Return authorization roles needed for request.

Methods inherited from class digilib.auth.AuthzOpsImpl

isAuthorizationRequired, isAuthorized, isRoleAuthorized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

protected static final org.slf4j.Logger logger

configFile

protected File configFile

rolesMap

protected Map<String,List<String>> rolesMap

defaultRoles

protected List<String> defaultRoles

Constructor Details

MetaAccessAuthzOps

public MetaAccessAuthzOps()

Method Details

init

public void init(DigilibConfiguration dlConfig)
          throws AuthOpException

Initialize authentication operations. Reads tag "digilib-access" from configuration file and sets up authentication arrays.

Specified by:

init in interface AuthzOps

Specified by:

init in class AuthzOpsImpl

Parameters:

dlConfig - current DigilibConfiguration

Throws:

AuthOpException - Exception thrown on error.

rolesForPath

public List<String> rolesForPath(DigilibServletRequest dlRequest)
                          throws AuthOpException

Return authorization roles needed for request. Returns the list of authorization roles that are needed to access the specified path. No list means the path is free. The location information of the request is also considered.

Specified by:

rolesForPath in class AuthzOpsImpl

Parameters:

dlRequest - ServletRequest with address information.

Returns:

List of Strings with role names.

Throws:

AuthOpException - Exception thrown on error.