Interface ClientlibPermissionPlugin
-
public interface ClientlibPermissionPlugin
Plugin for the clientlib service that can limit extendability.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description @NotNull ResourceFilter
categoryFilter(@NotNull String category)
Returns limits for the client libraries that are used for the given category.
-
-
-
Method Detail
-
categoryFilter
@NotNull @NotNull ResourceFilter categoryFilter(@NotNull @NotNull String category)
Returns limits for the client libraries that are used for the given category. This can be used to avoid security issues where a malicious user can add client libraries to a category another user uses, and thus compromise the site of the other user. To avoid this, there has to be aClientlibPermissionPlugin
that returns aResourceFilter
that matches only the areas in the JCR tree the legitimate users for the site can write to, but not the areas potentially malicious users can write to (e.g. other tenants).Caution: If there are several
ClientlibPermissionPlugin
s, theResourceFilter
of all plugins have to be matched. Thus, if a particular plugin doesn't care about a category, it must returnResourceFilter.ALL
! We also assume that if the filter matches one path, it should also match all subpaths.- Parameters:
category
- the name of a category- Returns:
- a filter that restricts client libraries that should be included into a category.
not null - return
ResourceFilter.ALL
if thisClientlibPermissionPlugin
does not pose a restriction for a category.
-
-