Package org.trellisldp.webac

Class WebAcService

    • Field Detail

      • CONFIG_WEBAC_MEMBERSHIP_CHECK

        public static final String CONFIG_WEBAC_MEMBERSHIP_CHECK
        The configuration key controlling whether to check member resources at the AuthZ enforcement point.
        See Also:
        Constant Field Values

      • CONFIG_WEBAC_DEFAULT_ACL_LOCATION

        public static final String CONFIG_WEBAC_DEFAULT_ACL_LOCATION
        The configuration key controlling the classpath location of the default root acl.
        See Also:
        Constant Field Values

      • CONFIG_WEBAC_INITIALIZE_ROOT_ACL

        public static final String CONFIG_WEBAC_INITIALIZE_ROOT_ACL
        The configuration key controlling whether the root ACL is initialized.
        See Also:
        Constant Field Values

      • DEFAULT_ACL_LOCATION

        public static final String DEFAULT_ACL_LOCATION
        The default classpath location of the default root acl.
        See Also:
        Constant Field Values

    • Constructor Detail

      • WebAcService

        public WebAcService()
        Create a WebAC-based authorization service.

      • WebAcService

        public WebAcService​(ResourceService resourceService,
                    CacheService<String,​AuthorizedModes> cache,
                    boolean checkMembershipResources,
                    String defaultAuthResourceLocation)
        Create a WebAC-based authorization service.
        Parameters:
        resourceService - the resource service
        cache - a cache
        checkMembershipResources - whether to check membership resource permissions (default=false)
        defaultAuthResourceLocation - a classpath location of a default root ACL (in Turtle)

    • Method Detail

      • initialize

        @PostConstruct
public void initialize()
        Initializes the root ACL, if there is no root ACL.

      • getAccessModes

        public Set<IRI> getAccessModes​(IRI identifier,
                               Session session)
        Get the allowable access modes for the given session to the specified resource.
        Parameters:
        identifier - the resource identifier
        session - the agent's session
        Returns:
        a set of allowable access modes

      • getAuthorizedModes

        public AuthorizedModes getAuthorizedModes​(IRI identifier,
                                          Session session)
        Get the authorized modes for the resources.
        Parameters:
        identifier - the resource identifier
        session - the agent's session
        Returns:
        the authorized modes

      • generateCacheKey

        public static String generateCacheKey​(IRI identifier,
                                      IRI agent)
        Generate a key suitable for cache lookups for the given arguments.
        Parameters:
        identifier - the resource identifier
        agent - the agent identifier
        Returns:
        a key for cache lookups