Interface ResourceAccessGate

  • All Known Implementing Classes:

    public interface ResourceAccessGate
    The ResourceAccessGate defines a service API which might be used to make some restrictions to accessing resources. Implementations of this service interface must be registered like ResourceProvider with a path (like provider.roots). If different ResourceAccessGateService services match a path, not only the ResourceAccessGateService with the longest path will be called, but all of them, that's in contrast to the ResourceProvider, but in this case more logical (and secure!). The gates will be called in the order of the service ranking. If one of the gates grants access for a given operation access will be granted. service properties:
    • path: regexp to define on which paths the service should be called (default .*)
    • operations: set of operations on which the service should be called ("read,create,update,delete,execute", default all of them)
    • finaloperations: set of operations on which the service answer is final and no further service should be called (default none of them), except the GateResult is GateResult.DONTCARE
    The resource access gate can either have the context PROVIDER_CONTEXT, in this case the gate is only applied to resource providers requesting the security checks. Or the context can be APPLICATION_CONTEXT. In this case the access gate is invoked for the whole resource tree. This is indicated by the required service property CONTEXT. If the property is missing or invalid, the service is ignored.