Package ontopoly

Class OntopolyAccessStrategy

java.lang.Object
ontopoly.OntopolyAccessStrategy
All Implemented Interfaces:
Serializable
public abstract class OntopolyAccessStrategy extends Object implements Serializable
Default access strategy implementation used by OntopolyApplication. Subclasses can extend this functionality to enable authentication and/or authorization for their ontopoly instance. To activate your own implementation, create an extension of OntopolyApplication and override the OntopolyApplication.newAccessStrategy() method.
See Also:

  • Constructor Details

    • OntopolyAccessStrategy

      public OntopolyAccessStrategy()

  • Method Details

    • isEnabled

      public boolean isEnabled()
      Indicates if this strategy is enabled. An enabled strategy will cause the login page to be used. The default implementation always returns true.
      Returns:
      True if the strategy is enabled, false if disabled.

    • autoAuthenticate

      public User autoAuthenticate(javax.servlet.http.HttpServletRequest request)
      Automatically authenticates a user based on a request made. Subclasses can implement a remember-me functionality by using this method, for example by checking the presence of a cookie. Default implementation always returns null.
      Parameters:
      request - The request made that requires automatic authentication checks
      Returns:
      A User object when the automated authentication has succeeded, or null.

    • authenticate

      public User authenticate(String username, String password)
      Attempts to authenticate a user with given name and password. Subclasses should override this method to include their user verification. The default implementation makes a new user with username as name, and ignores the provided password. Note that subclasses should not throw exceptions when authentication fails, but instead return null.
      Parameters:
      username - The username to authenticate
      password - The password in plain text used by the user attempting to login
      Returns:
      A User object when authentication succeeded, or null

    • getPrivilege

      public OntopolyAccessStrategy.Privilege getPrivilege(User user, Topic topic)
      Resolves the privilege of a user for the provided topic. In this context, the privileges mean:
      • Privilege.EDIT: The user is allowed to change this topic
      • Privilege.READ_ONLY: The user is allowed to view this topic, but not to change it.
      • Privilege.NONE: The user is not allowed to view or change this topic.
      Parameters:
      user - The user to retrieve the privilege for
      topic - The topic the user is trying to access
      Returns:
      The privilege of the user regarding the provided topic. Must not be null.

    • getPrivilege

      public OntopolyAccessStrategy.Privilege getPrivilege(User user, FieldInstance fieldInstance)
      Resolves the privilege of a user for the provided field. In this context, the privileges mean:
      • Privilege.EDIT: The user is allowed to change this field
      • Privilege.READ_ONLY: The user is allowed to view this field, but not to change it.
      • Privilege.NONE: The user is not allowed to view or change this field.
      The field privilege has precedence over the topic privilege provided by getPrivilege(User, Topic).
      Parameters:
      user - The user to retrieve the privilege for
      fieldInstance - The fieldinstance the user is trying to access
      Returns:
      The privilege of the user regarding the provided fieldinstance. Must not be null.

    • getSignInMessage

      public String getSignInMessage()
      Returns the message displayed on the login page.
      Returns:
      The message displayed on the login page