Package digilib.auth

Class MetaAccessAuthzOps

  • All Implemented Interfaces:
    AuthzOps

    public class MetaAccessAuthzOps
    extends AuthzOpsImpl
    Implementation of AuthzOps using "access" information from file metadata. Requires FileMeta implementation providing "access", e.g. digilib.meta.IndexMetaFileMeta. The name of the configuration file is read from the digilib config parameter "auth-file". The tag "digilib-access" is read from the auth-file configuration file:
     
     <digilib-access>
       <access type="group:mpiwg" role="mpiwg-user"/>
       <access type="default" role=""/>
     </digilib-access>
     
     
    A user must supply one of the roles under "role" to access any object with the metadata "access" type of "type". Roles under "role" must be separated by comma only (no spaces). Access type "default" applies to objects without metadata access tag.
    • Field Detail

      • logger

        protected static final org.slf4j.Logger logger
      • configFile

        protected File configFile
      • defaultRoles

        protected List<String> defaultRoles
    • Constructor Detail

      • MetaAccessAuthzOps

        public MetaAccessAuthzOps()
    • Method Detail

      • init

        public void init​(DigilibConfiguration dlConfig)
                  throws AuthOpException
        Initialize authentication operations. Reads tag "digilib-access" from configuration file and sets up authentication arrays.
        Specified by:
        init in interface AuthzOps
        Specified by:
        init in class AuthzOpsImpl
        Parameters:
        dlConfig - current DigilibConfiguration
        Throws:
        AuthOpException - Exception thrown on error.
      • rolesForPath

        public List<String> rolesForPath​(DigilibServletRequest dlRequest)
                                  throws AuthOpException
        Return authorization roles needed for request. Returns the list of authorization roles that are needed to access the specified path. No list means the path is free. The location information of the request is also considered.
        Specified by:
        rolesForPath in class AuthzOpsImpl
        Parameters:
        dlRequest - ServletRequest with address information.
        Returns:
        List of Strings with role names.
        Throws:
        AuthOpException - Exception thrown on error.