Interface | Description |
---|---|
AccessManager |
Handles ACL checks and knows the users permissions.
|
Group |
A user group.
|
GroupManager |
Manages groups, groups are identified by name and can be organized in folders.
|
IPSecurityManager |
Used to check if a client has access based on his IP address.
|
Permission |
A permission is a collection of rights and can match paths.
|
Realm |
Provides the name for the default realm.
|
Role |
A role is a collection of ACLs (permissions).
|
RoleManager |
Manages roles, roles are identified by name and can be organized in folders.
|
SecuritySupport | |
User |
Represents a magnolia user.
|
UserManager |
Manages users.
|
Class | Description |
---|---|
AbstractUser |
Abstract user implementation.
|
AccessManagerImpl |
Default implementation for
AccessManager . |
ACLImpl |
Basic ACL implementation.
|
BaseSecurityFilter |
Provides basic infrastructure for filters which check if a request is authorized.
|
ContentSecurityFilter |
Used to check if the user can read the requested content.
|
CsrfSecurityFilter |
Ensure that the request is not a CSRF attack.
|
CsrfTokenSecurityFilter |
Filter that handles setup and validation of tokens to prevent CSRF attacks.
|
DelegatingUserManager |
A
UserManager delegating to a set of user managers. |
Digester | Deprecated
since 4.5.3 - use SecurityUtil instead.
|
DummyUser | Deprecated
since 4.3.6 - usage needs to be reviewed - see MAGNOLIA-3269
|
ExternalUser |
A user which is not stored in Magnolia.
|
ExternalUserManager |
Manages the JAAS users.
|
HierarchicalUserManager |
A variation of a
MgnlUserManager which stores users hierarchically using the following structure: /<path>/<first letter of user name>/<first two letters of user name>. |
IPSecurityManager.Factory |
Factory to get the singleton instance.
|
IPSecurityManagerImpl |
A very limited implementation of
IPSecurityManager . |
IPSecurityManagerImpl.InstanceFactory |
Provides a custom transformer as the current configuration is not c2b friendly.
|
IPSecurityManagerImpl.IPSecurityManagerTransformer |
Transformer which uses the IP value of the rule as the key.
|
IPSecurityManagerImpl.Rule |
Basic rule.
|
JCRSessionOp<R> |
Operation requiring session access.
|
Lock | Deprecated
since 5.3.6 - no longer used, will be removed without replacement.
|
LogoutFilter |
Performing the logout operation if the parameter "mgnlLogout" is present.
|
MgnlGroup |
A group implementation.
|
MgnlGroupManager |
Group manager working directly with JCR API and returning simple groups (no JCR node aware).
|
MgnlKeyPair |
Private and public key holder.
|
MgnlRole |
Wraps a role jcr-node.
|
MgnlRoleManager |
Manages the users stored in the
RepositoryConstants.USER_ROLES workspace. |
MgnlUser |
A read-only snapshot of a Magnolia user as found in JCR at the moment of creation (e.g.
|
MgnlUserManager |
Manages the users stored in Magnolia itself.
|
PermissionImpl |
Concrete implementation of
Permission using UrlPattern to match pathes. |
PermissionUtil |
Collection of methods for handling permission related processing.
|
PrincipalUtil |
Utility methods for handling JAAS principals.
|
Realm.Factory |
Factory for providing realms.
|
Realm.RealmImpl |
Implementation of the realm.
|
RepositoryBackedSecurityManager |
Common parent class for repo based security managers.
|
RescueSecuritySupport |
To be used as a replacement of /server/security or SecuritySupportImpl in mgnl-beans.properties
in case the configuration is messed up.
|
RescueSecuritySupport.RescueUser |
TODO extract as top level class? Currently this class is tested implicitly by
RescueSecuritySupportTest . |
RescueSecuritySupport.RescueUserManager |
TODO: extract as top level class? Currently this class is tested implicitly by
RescueSecuritySupportTest . |
Security | Deprecated
since 5.1 - use IoC to get
SecuritySupport or directly use SecurityUtil instead. |
SecurityCallbackFilter |
A filter which handles 401, 403 HTTP response codes, as well as
AccessDeniedException s,
and renders an appropriate "login form" (which can consist of a redirect or anything else just as well). |
SecurityCallbackFilter.StatusSniffingResponseWrapper |
A simple HttpServletResponseWrapper which keeps track of the current http status code.
|
SecurityConstants |
Common constants used throughout the security.
|
SecuritySupport.Factory | Deprecated
since 5.1 - use IoC instead
|
SecuritySupportBase |
Base implementation of
SecuritySupport using JAAS for authentication. |
SecuritySupportImpl |
Default
SecuritySupport . |
SecuritySupportObservedComponentFactory |
Special ObservedComponentFactory used for providing a SecuritySupport already during the initialization phase - before the proper SecuritySupportImpl can been instantiated.
|
SecurityUtil |
Utility functions required in the context of Security.
|
SilentSessionOp<R> |
Session operation that just logs all exceptions instead of re-throwing them.
|
SystemUserManager |
Responsible to handle system users like anonymous and superuser.
|
URISecurityFilter |
This Filter protects URI as defined by ROLE(s)/GROUP(s) ACL.
|
Exception | Description |
---|---|
AccessDeniedException | Deprecated
since 5.5.
|
PrincipalNotFoundException |
Throw when a Principal is search and not found.
|
Copyright © 2003–2019 Magnolia International Ltd.. All rights reserved.