Package eu.rarogsoftware.rarog.platform.api.plugins.web.servlets

Interface AuthorizationManagerAware

All Known Implementing Classes:

OverriddenServlet, OverridingServlet

public interface AuthorizationManagerAware

Extension for HttpServlet defined with PluginServletMappingDescriptor, that allows to control authorization using AuthorizationManager. It supports the same design as PluginServletMappingDescriptor, with overriding and passing through. If servlet doesn't implement AuthorizationManagerAware or getAuthorizationManager(HttpServletRequest) returns Optional.empty(), then control is passed to the next servlet. If none servlet matches/defines voter, then default settings set by Spring based controllers are in power (which usually translated to access only for logged-in users).

Method Summary

Modifier and Type	Method	Description
Optional<org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext>>	getAuthorizationManager(jakarta.servlet.http.HttpServletRequest request)

Method Details

getAuthorizationManager

Optional<org.springframework.security.authorization.AuthorizationManager<org.springframework.security.web.access.intercept.RequestAuthorizationContext>> getAuthorizationManager(jakarta.servlet.http.HttpServletRequest request)

Parameters:

request - request for which decision is taken

Returns:

manager if servlet supports request and define custom access rights or empty optional if servlet do not support request or want to use default access rights.