Interface ClientlibPermissionPlugin


  • public interface ClientlibPermissionPlugin
    Plugin for the clientlib service that can limit extendability.
    • Method Detail

      • categoryFilter

        @NotNull
        @NotNull ResourceFilter categoryFilter​(@NotNull
                                               @NotNull String category)
        Returns limits for the client libraries that are used for the given category. This can be used to avoid security issues where a malicious user can add client libraries to a category another user uses, and thus compromise the site of the other user. To avoid this, there has to be a ClientlibPermissionPlugin that returns a ResourceFilter that matches only the areas in the JCR tree the legitimate users for the site can write to, but not the areas potentially malicious users can write to (e.g. other tenants).

        Caution: If there are several ClientlibPermissionPlugins, the ResourceFilter of all plugins have to be matched. Thus, if a particular plugin doesn't care about a category, it must return ResourceFilter.ALL! We also assume that if the filter matches one path, it should also match all subpaths.

        Parameters:
        category - the name of a category
        Returns:
        a filter that restricts client libraries that should be included into a category. not null - return ResourceFilter.ALL if this ClientlibPermissionPlugin does not pose a restriction for a category.