Package io.milton.resource

Interface AccessControlledResource

All Superinterfaces:
Resource
public interface AccessControlledResource extends Resource
5.4.1. Example: Retrieving the User's Current Set of Assigned Privileges

Continuing the example from Section 5.3.1, this example shows a client requesting the DAV:current-user-privilege-set property from the resource with URL http://www.example.com/papers/. The username of the principal making the request is "khare", and Digest authentication is used in the request. The principal with username "khare" has been granted the DAV:read privilege. Since the DAV:read privilege contains the DAV:read-acl and DAV:read-current-user-privilege-set privileges (see Section 5.3.1), the principal with username "khare" can read the ACL property, and the DAV:current-user-privilege-set property. However, the DAV:all, DAV:read-acl, DAV:write-acl and DAV:read-current-user-privilege-set privileges are not listed in the value of DAV:current-user-privilege-set, since (for this example) they are abstract privileges. DAV:write is not listed since the principal with username "khare" is not listed in an ACE granting that principal write permission.

>> Request << 

PROPFIND /papers/ HTTP/1.1 Host: www.example.com Content-type: text/xml;
 charset="utf-8" Content-Length: xxx Depth: 0 Authorization: Digest
 username="khare", realm="users@example.com", nonce="...", uri="/papers/",
 response="...", opaque="..."

 <?xml version="1.0" encoding="utf-8" ?> <D:propfind xmlns:D="DAV:"> <D:prop>
 <D:current-user-privilege-set/> </D:prop> </D:propfind>

>> Response << 

 HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8"
 Content-Length: xxx

 <?xml version="1.0" encoding="utf-8" ?> <D:multistatus xmlns:D="DAV:">
 <D:response> <D:href>http://www.example.com/papers/</D:href> <D:propstat>
 <D:prop> <D:current-user-privilege-set> <D:privilege><D:read/></D:privilege>
 </D:current-user-privilege-set> </D:prop> <D:status>HTTP/1.1 200
 OK</D:status> </D:propstat> </D:response> </D:multistatus>

  • Field Details

  • Method Details

    • getPrincipalURL

      String getPrincipalURL()
      A URL which identifies the principal owner of this resource See http://greenbytes.de/tech/webdav/rfc3744.html#PROPERTY_principal-URL
      Returns:

    • getPriviledges

      List<AccessControlledResource.Priviledge> getPriviledges(Auth auth)
      Return the list of privlidges which the current user (given by the auth object) has access to, on this resource.
      Parameters:
      auth -
      Returns:

    • getAccessControlList

      Map<Principal,List<AccessControlledResource.Priviledge>> getAccessControlList()
      Get all allowed priviledges for all principals on this resource. Note that a principal might be a user, a group, or a built-in webdav group such as AUTHENTICATED
      Returns:

    • setAccessControlList

      void setAccessControlList(Map<Principal,List<AccessControlledResource.Priviledge>> privs)
      Set the allowed Priviledges for all principals to the given list. Existing priviledges must be removed or updated as required so that the given list is the complete list for this resource
      Parameters:
      privs -

    • getPrincipalCollectionHrefs

      io.milton.http.values.HrefList getPrincipalCollectionHrefs()
      Return the hrefs (either fully qualified URLs or absolute paths) to the collections which contain principals. This is to allow user agents to display a list of users to display. Most implementations will only have a single value which will be the path to the users folder. Eg: return Arrays.asList("/users/");
      Returns:
      - a list of hrefs