If anonymous users may not view all live pages, i.e., certain live pages are only accessible to a close user group, then a mechanism is needed to restrict access of anonymous users.
To restrict access to a page using Java Permission mechanism, we need to define that access is by default not given. However, by default we allow anonymous users to view all live pages. Therefore, we have to "mark" certain live pages as not accessible by default.
Alternative approaches:
- assign a special RDF type to a page to be protected
- assign a special property to a page to be protected
- assign a special path-segment to the URI of a page to be protected
To enforce access control, we need to invoke checkPermission at the code location where the page request is served. A requested live page is served by the PageTypeHandler which is a TypeHandler for RDF type http://clerezza.org/2010/02/pagemanager#Page. However, if the requested URI ends with "/' which denotes a resource of RDF type http://clerezza.org/2009/09/hierarchy#Collection, then the request is served by the CollectionTypeHandler. This means, we need to do checkPermission at both the PageTypeHandler and the CollectionTypeHandler. However, the CollectionTypeHandler resides in the package org.apache.clerezza.platform.content.
Alternative approaches:
- Extending clerezza's CollectionTypeHandler to handle access control
- Disabling clerezza's CollectionTypeHandler and implement a new one
- In combination with "assigning special path-segment to page URI", a new JAX-RS resource is implemented to handle the special URI path template. (I prefer this one)
A CugPermission contains information on path. No action differentiation is required. A CugPermission with a path ends with "/" implies all pages in the paths and deeper hierarchies. If a CugPermission is not granted to a user, then a redirection to another page is made. The information for redirection is conveyed in the request, e.g., as a query param.