public class ExtensionsControl extends Object implements AccessControlled
To get all registered extensions for an extension point call
useExtensions(JspContext, String...)
.
Use get(DbControl)
to access the management API wich allows
you to enable/disable extensions and change settings for the extension
system.
Modifier and Type | Field and Description |
---|---|
static EventType |
AFTER_ENABLE
This event is sent after an extension or extension point is
enabled by
enableExtensionPoint(String, boolean) ,
enableExtension(String, boolean) , or
enableAllInFile(String, boolean) . |
static EventType |
BEFORE_DISABLE
This event is sent before an extension or extension point is
disabled by
enableExtensionPoint(String, boolean) ,
enableExtension(String, boolean) , or
enableAllInFile(String, boolean) . |
private DbControl |
dc |
private static boolean |
initialised |
private static org.slf4j.Logger |
log |
private static ExtensionsManager |
manager |
private Set<Permission> |
permissions |
private static Registry |
registry |
static String |
RESOURCES_URL
The location where the extensions resources are extracted.
|
static String |
SERVLET_URL
The location where extension servlets are registered.
|
private static ServletContext |
servletContext |
private static Settings |
settings |
Modifier | Constructor and Description |
---|---|
private |
ExtensionsControl(DbControl dc,
Set<Permission> permissions) |
Modifier and Type | Method and Description |
---|---|
void |
checkPermission(Permission permission)
Check if the logged in user has the desired permission on
the item, otherwise throw an exception.
|
private void |
checkPermission(Permission permission,
String what)
For checking the permission and adding a custom message to
the PermissionDeniedException if the required permission is
missing.
|
boolean |
checkUnsafeScriptableUsage(Extension ex)
Checks if the given extension may violate the 'Content Security Policy' for
the server.
|
List<Extension> |
checkUnsafeScriptableUsage(ExtensionsFile xtFile)
Checks if the given extensions file contain any extensions that may
violate the 'Content Security Policy' for the server.
|
private boolean |
checkUnsafeScriptableUsageInternal(Extension ex) |
static void |
close()
Shut down the extensions system.
|
static JspContext |
createContext(DbControl dc,
PageContext pageContext)
Create a new
JspContext object with an active DbControl. |
static JspContext |
createContext(DbControl dc,
PageContext pageContext,
GuiContext guiContext,
Object currentItem)
Create a new
JspContext object with an active DbControl
and a current GuiContext and item. |
static JspContext |
createContext(SessionControl sc,
PageContext pageContext)
Create a new
JspContext object without an active DbControl. |
void |
enableAllInFile(String fileuri,
boolean enable)
Enable or disable all extensions and extension points in a file.
|
void |
enableExtension(String extensionId,
boolean enable)
Enable/disable an extension.
|
void |
enableExtensionPoint(String extensionPointId,
boolean enable)
Enable/disable an extension point.
|
static ExtensionsControl |
get(DbControl dc)
Get an extension control object for managing the
installed extensions.
|
ErrorHandlerFactory<Action> |
getDefaultErrorHandlerFactory()
Get the default error handling factory.
|
Extension<?> |
getExtension(String id)
Get the extension with a given ID.
|
ExtensionPoint<?> |
getExtensionPoint(String id)
Get the extension point with a given ID.
|
List<ExtensionPoint<?>> |
getExtensionPoints()
Get an list returning all registered extension points.
|
List<Extension<?>> |
getExtensions()
Get a list returning all registered extensions.
|
List<Extension<?>> |
getExtensions(String id)
Get a list returning all registered extensions for a
specific extension point.
|
ExtensionsFile |
getFile(String fileuri)
Get information about an installed extensions file.
|
ExtensionsFile |
getFileByObjectKey(ObjectKey key)
Find out which file the given object is defined in.
|
List<ExtensionsFile> |
getFiles()
Get an list returning all XML/JAR files which contains installed
extensions.
|
static String |
getHomeUrl(String extensionId)
Get the URL to the home directory of extension with the
given ID.
|
Throwable |
getLastExtensionError(String id)
Get information about the last error that happened
when rendering an extension.
|
Throwable |
getLastExtensionPointError(String id)
Get information about the last error that happened
when rendering an extension point.
|
ProcessResults |
getLastScanResults()
Get the results of the last scan (manual or automatic).
|
<O> O |
getObjectForKey(ObjectKey<O> key)
Get the object that was registered for the given key.
|
Set<Permission> |
getPermissions()
Get the logged in user's permissions on the item.
|
static String |
getServletUrl(String extensionId,
String servletName)
Get the base URL for servlets in the extension with the given ID.
|
boolean |
hasPermission(Permission permission)
Check if the logged in user has the desired permission on
the item.
|
static void |
init(ServletContext context)
Initialise the extension system.
|
boolean |
isEnabled(Extension extension)
Check if an extension is enabled of disabled.
|
boolean |
isEnabled(ExtensionPoint extensionPoint)
Check if an extension point is enabled of disabled.
|
ProcessResults |
performActions(HttpServletRequest request)
Perform the requested actions (install/uninstall) as given
in the request form.
|
void |
saveSettings()
Save the settings.
|
private static ProcessResults |
scan(DbControl dc,
HttpServletRequest request) |
int |
scanForChanges()
Scan the managed directories for new/updated/deleted extensions.
|
static ExtensionsInvoker<?> |
useExtensions(JspContext context,
ExtensionsFilter filter,
String... extensionPoints) |
static ExtensionsInvoker<?> |
useExtensions(JspContext context,
String... extensionPoints)
Use extensions from one or more extension points.
|
private static final org.slf4j.Logger log
public static final String RESOURCES_URL
public static final String SERVLET_URL
public static final EventType BEFORE_DISABLE
enableExtensionPoint(String, boolean)
,
enableExtension(String, boolean)
, or
enableAllInFile(String, boolean)
.public static final EventType AFTER_ENABLE
enableExtensionPoint(String, boolean)
,
enableExtension(String, boolean)
, or
enableAllInFile(String, boolean)
.private static boolean initialised
private static ExtensionsManager manager
private static Registry registry
private static Settings settings
private static ServletContext servletContext
private final DbControl dc
private final Set<Permission> permissions
private ExtensionsControl(DbControl dc, Set<Permission> permissions)
public static void init(ServletContext context)
ExtensionsServlet
when the web server starts up.public static void close()
private static ProcessResults scan(DbControl dc, HttpServletRequest request)
public static ExtensionsControl get(DbControl dc)
dc
- The DbControl to use for database access and
permission checks, or null to only get read permissionpublic static ExtensionsInvoker<?> useExtensions(JspContext context, String... extensionPoints)
context
- The current contextextensionPoints
- An array with the ID values of the extension points.
Extension points that are not found are ignored.Registry.useExtensions(net.sf.basedb.util.extensions.ClientContext, net.sf.basedb.util.extensions.ExtensionsFilter, String...)
public static ExtensionsInvoker<?> useExtensions(JspContext context, ExtensionsFilter filter, String... extensionPoints)
public static JspContext createContext(SessionControl sc, PageContext pageContext)
JspContext
object without an active DbControl.
NOTE! Unless there is a very good reason we recommend that an
active DbControl is always supplied. Use the
createContext(DbControl, PageContext)
method instead.sc
- The current session controlpageContext
- Page context for the executing JSP pagecreateContext(DbControl, PageContext)
public static JspContext createContext(DbControl dc, PageContext pageContext)
JspContext
object with an active DbControl.dc
- An open DbControlpageContext
- Page context for the executing JSP pagepublic static JspContext createContext(DbControl dc, PageContext pageContext, GuiContext guiContext, Object currentItem)
JspContext
object with an active DbControl
and a current GuiContext
and item.dc
- An open DbControlpageContext
- Page context for the executing JSP pagepublic static String getHomeUrl(String extensionId)
extensionId
- The ID of a registered extensionpublic static String getServletUrl(String extensionId, String servletName)
/extensions/servlet/[jar-file-name]/[servlet-name]
NOTE! Servlets can also be invoked by using the alternate path:
/extensions/[jar-file-name]/[servlet-name].servlet
extensionId
- The ID of a registered extensionservletName
- The name of the servletpublic void checkPermission(Permission permission) throws PermissionDeniedException
AccessControlled
checkPermission
in interface AccessControlled
permission
- Permission the user should have.PermissionDeniedException
- If the user doesn't have the
requested permissionpublic Set<Permission> getPermissions()
AccessControlled
getPermissions
in interface AccessControlled
public boolean hasPermission(Permission permission)
AccessControlled
hasPermission
in interface AccessControlled
permission
- The permission to check if the user has.private void checkPermission(Permission permission, String what) throws PermissionDeniedException
PermissionDeniedException
public int scanForChanges()
getFiles()
to get an updated list of files.PermissionDeniedException
- If the logged in user doesn't
have WRITE permissionpublic ProcessResults performActions(HttpServletRequest request)
request
- The HTTP request with parametersPermissionDeniedException
- If the logged in user doesn't
have WRITE permissionpublic ProcessResults getLastScanResults()
ProcessResults
object, or null if no scan
has taken placepublic ErrorHandlerFactory<Action> getDefaultErrorHandlerFactory()
public List<ExtensionPoint<?>> getExtensionPoints()
Registry.getExtensionPoints()
public ExtensionPoint<?> getExtensionPoint(String id)
id
- The ID of the extension pointExtensionPoint
object or null if that
extension point doesn't existsRegistry.getExtensionPoint(String)
public boolean isEnabled(ExtensionPoint extensionPoint)
extensionPoint
- The extension pointSettings.isEnabled(ExtensionPoint)
public Throwable getLastExtensionPointError(String id)
id
- The id of the extension pointpublic void enableExtensionPoint(String extensionPointId, boolean enable)
extensionPointId
- The ID of the extension point to enable/disableenable
- TRUE to enable the extension point, FALSE to disable itPermissionDeniedException
- If the logged in user doesn't have
WRITE permissionpublic List<Extension<?>> getExtensions()
Registry.getExtensions()
public List<Extension<?>> getExtensions(String id)
id
- The ID of the extension pointRegistry.getExtensions(String)
public Extension<?> getExtension(String id)
id
- The ID of the extension pointExtension
object or null if that
extension doesn't existsRegistry.getExtension(String)
public Throwable getLastExtensionError(String id)
id
- The id of the extensionpublic boolean isEnabled(Extension extension)
extension
- The extensionSettings.isEnabled(Extension)
public void enableExtension(String extensionId, boolean enable)
extensionId
- The ID of the extension to enable/disableenable
- TRUE to enable the extension, FALSE to disable itPermissionDeniedException
- If the logged in user doesn't have
WRITE permissionpublic List<ExtensionsFile> getFiles()
public ExtensionsFile getFile(String fileuri)
fileuri
- The URI to the fileExtensionsFile
object or null if
the given file doesn't exists or isn't an extensions filepublic ExtensionsFile getFileByObjectKey(ObjectKey key)
key
- An object keypublic <O> O getObjectForKey(ObjectKey<O> key)
key
- An object keypublic List<Extension> checkUnsafeScriptableUsage(ExtensionsFile xtFile)
ContentSecurityPolicyFilter.isUnsafeInlineScriptsAllowed()
are called.
If this method returns true, no further checks are made and an empty list is
returned.
For each Extension
defined in the file,
checkUnsafeScriptableUsage(Extension)
is called and the extension is included in the list if TRUE.public boolean checkUnsafeScriptableUsage(Extension ex)
ContentSecurityPolicyFilter.isUnsafeInlineScriptsAllowed()
are called.
If this method returns true, no further checks are made and false is returned.
The extended ExtensionPoint
is checked for the UnsafeScriptable
annotation. If this annotation
is not present, it is not possible for the extension to violate the policy.
If this annotation is present, it is possible for the extensions to violate
the security policy and final check is made:
The About
object for the extension is checked for attribute
'safe-scripts'. If this attribute is missing or set to a FALSE value the
extension is considered 'unsafe' and are included in the returned list.
If the attribute is set to TRUE, the extension 'promises' to not use any
unsafe scripts.private boolean checkUnsafeScriptableUsageInternal(Extension ex)
public void enableAllInFile(String fileuri, boolean enable)
fileuri
- The fileuri which contains the extensionsenable
- TRUE to enable, FALSE to disablepublic void saveSettings()
PermissionDeniedException
- If the logged in user doesn't have
WRITE permissionSettings.save()