| Interface | Description |
|---|---|
| AccessManager |
Handles ACL checks and knows the users permissions.
|
| Group |
A user group.
|
| GroupManager |
Manages groups, groups are identified by name and can be organized in folders.
|
| IPSecurityManager |
Used to check if a client has access based on his IP address.
|
| Permission |
A permission is a collection of rights and can match paths.
|
| Realm |
Provides the name for the default realm.
|
| Role |
A role is a collection of ACLs (permissions).
|
| RoleManager |
Manages roles, roles are identified by name and can be organized in folders.
|
| SecuritySupport | |
| User |
Represents a magnolia user.
|
| UserManager |
Manages users.
|
| Class | Description |
|---|---|
| AbstractUser |
Abstract user implementation.
|
| AccessManagerImpl |
Default implementation for
AccessManager. |
| ACLImpl |
Basic ACL implementation.
|
| BaseSecurityFilter |
Provides basic infrastructure for filters which check if a request is authorized.
|
| ContentSecurityFilter |
Used to check if the user can read the requested content.
|
| CsrfSecurityFilter |
Ensure that the request is not a CSRF attack.
|
| DelegatingUserManager |
A
UserManager delegating to a set of user managers. |
| Digester | Deprecated
since 4.5.3 - use SecurityUtil instead.
|
| DummyUser | Deprecated
since 4.3.6 - usage needs to be reviewed - see MAGNOLIA-3269
|
| ExternalUser |
A user which is not stored in Magnolia.
|
| ExternalUserManager |
Manages the JAAS users.
|
| HierarchicalUserManager |
A variation of a
MgnlUserManager which stores users hierarchically using the following structure: /<path>/<first letter of user name>/<first two letters of user name>. |
| IPSecurityManager.Factory |
Factory to get the singleton instance.
|
| IPSecurityManagerImpl |
A very limited implementation of
IPSecurityManager. |
| IPSecurityManagerImpl.InstanceFactory |
Provides a custom transformer as the current configuration is not c2b friendly.
|
| IPSecurityManagerImpl.IPSecurityManagerTransformer |
Transformer which uses the IP value of the rule as the key.
|
| IPSecurityManagerImpl.Rule |
Basic rule.
|
| JCRSessionOp<R> |
Operation requiring session access.
|
| Lock | Deprecated
since 5.3.6 - no longer used, will be removed without replacement.
|
| LogoutFilter |
Performing the logout operation if the parameter "mgnlLogout" is present.
|
| MgnlGroup |
A group implementation.
|
| MgnlGroupManager |
Group manager working directly with JCR API and returning simple groups (no JCR node aware).
|
| MgnlKeyPair |
Private and public key holder.
|
| MgnlRole |
Wraps a role jcr-node.
|
| MgnlRoleManager |
Manages the users stored in the
RepositoryConstants.USER_ROLES workspace. |
| MgnlUser |
A read-only snapshot of a Magnolia user as found in JCR at the moment of creation (e.g.
|
| MgnlUserManager |
Manages the users stored in Magnolia itself.
|
| PermissionImpl |
Concrete implementation of
Permission using UrlPattern to match pathes. |
| PermissionUtil |
Collection of methods for handling permission related processing.
|
| PrincipalUtil |
Utility methods for handling JAAS principals.
|
| Realm.Factory |
Factory for providing realms.
|
| Realm.RealmImpl |
Implementation of the realm.
|
| RepositoryBackedSecurityManager |
Common parent class for repo based security managers.
|
| RescueSecuritySupport |
To be used as a replacement of /server/security or SecuritySupportImpl in mgnl-beans.properties
in case the configuration is messed up.
|
| RescueSecuritySupport.RescueUser |
TODO extract as top level class? Currently this class is tested implicitly by
RescueSecuritySupportTest. |
| RescueSecuritySupport.RescueUserManager |
TODO: extract as top level class? Currently this class is tested implicitly by
RescueSecuritySupportTest. |
| Security | Deprecated
since 5.1 - use IoC to get
SecuritySupport or directly use SecurityUtil instead. |
| SecurityCallbackFilter |
A filter which handles 401, 403 HTTP response codes, as well as
AccessDeniedExceptions,
and renders an appropriate "login form" (which can consist of a redirect or anything else just as well). |
| SecurityCallbackFilter.StatusSniffingResponseWrapper |
A simple HttpServletResponseWrapper which keeps track of the current http status code.
|
| SecurityConstants |
Common constants used throughout the security.
|
| SecuritySupport.Factory | Deprecated
since 5.1 - use IoC instead
|
| SecuritySupportBase |
Base implementation of
SecuritySupport using JAAS for authentication. |
| SecuritySupportImpl |
Default
SecuritySupport. |
| SecuritySupportObservedComponentFactory |
Special ObservedComponentFactory used for providing a SecuritySupport already during the initialization phase - before the proper SecuritySupportImpl can been instantiated.
|
| SecurityUtil |
Utility functions required in the context of Security.
|
| SilentSessionOp<R> |
Session operation that just logs all exceptions instead of re-throwing them.
|
| SystemUserManager |
Responsible to handle system users like anonymous and superuser.
|
| URISecurityFilter |
This Filter protects URI as defined by ROLE(s)/GROUP(s) ACL.
|
| Exception | Description |
|---|---|
| AccessDeniedException | Deprecated
since 5.5.
|
| PrincipalNotFoundException |
Throw when a Principal is search and not found.
|
Copyright © 2003–2017 Magnolia International Ltd.. All rights reserved.