@Override
  public Resource getResource(String host, String sPath)
      throws NotAuthorizedException, BadRequestException {
    LogUtils.trace(log, "getResource", host, sPath);
    Path path = Path.path(sPath);
    Path parent = path.getParent();
    Request request = HttpManager.request();
    String encodedPath = request.getAbsolutePath();

    // This is to support a use case where a developer wants their resources to
    // be accessible through milton-json, but don't want to use DAV urls. Instead
    // they use a parameter and DO NOT implement PostableResource.
    if (request.getMethod().equals(Method.POST)) {
      Resource wrappedResource = wrapped.getResource(host, sPath);
      if (wrappedResource != null && !(wrappedResource instanceof PostableResource)) {
        LogUtils.trace(log, "getResource: is post, and got a: ", wrappedResource.getClass());
        return new PostJsonResource(host, encodedPath, wrappedResource, methodParamName, this);
      }
    }
    if (request.getMethod().equals(Method.GET)
        && isMatchingContentType(request.getAcceptHeader())) {
      Resource wrappedResource = wrapped.getResource(host, sPath);
      if (wrappedResource != null) {
        log.trace("getResource: matches content type, and found wrapped resource");
        return wrapResource(host, wrappedResource, Method.PROPFIND.code, encodedPath);
      } else {
        LogUtils.trace(
            log, "getResource: is GET and matched type, but found no actual resource on", sPath);
      }
    }
    if (isMatchingPath(parent)) {
      log.trace("getResource: is matching path");
      Path resourcePath = parent.getParent();
      if (resourcePath != null) {
        String method = path.getName();
        Resource wrappedResource = wrapped.getResource(host, resourcePath.toString());
        if (wrappedResource != null) {
          Resource r = wrapResource(host, wrappedResource, method, encodedPath);
          LogUtils.trace(log, "returning a", r.getClass());
          return r;
        }
      }
    } else {
      log.trace("getResource: not matching path");
      return wrapped.getResource(host, sPath);
    }
    return null;
  }
  @Override
  public String render(RenderContext rc) {
    log.debug("render");
    Resource resource = rc.getTargetPage();
    Request request = (Request) rc.getAttribute("request");
    if (request == null)
      throw new RuntimeException("expected to find request in RenderContext attribute");

    PermissionsAuthoriser permissionsAuthoriser =
        RequestContext.getCurrent().get(PermissionsAuthoriser.class);
    if (permissionsAuthoriser == null)
      throw new IllegalStateException("Not found in configuration: " + PermissionsAuthoriser.class);

    Boolean b =
        permissionsAuthoriser.authorise(
            resource, request, request.getMethod(), request.getAuthorization());
    log.debug("result: " + b);
    if (b == null) return null;
    else return b.toString();
  }
 @Override
 public Set<CheckResult> checkPermissions(
     Request request,
     Method method,
     PropertyPermission perm,
     Set<QName> fields,
     Resource resource) {
   if (resource.authorise(request, request.getMethod(), request.getAuthorization())) {
     log.trace("checkPermissions: ok");
     return null;
   } else {
     // return all properties
     log.info(
         "checkPermissions: property authorisation failed because user does not have permission for method: "
             + method.code);
     Set<CheckResult> set = new HashSet<CheckResult>();
     for (QName name : fields) {
       set.add(new CheckResult(name, Status.SC_UNAUTHORIZED, "Not authorised", resource));
     }
     return set;
   }
 }