atg.security
Class IdentitySecurityPolicy

java.lang.Object
  atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      atg.nucleus.GenericService
          atg.security.StandardSecurityPolicy
              atg.security.IdentitySecurityPolicy

All Implemented Interfaces:

NameContextBindingListener, NameContextElement, NameResolver, AdminableService, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, SecurityPolicy, java.util.EventListener

public class IdentitySecurityPolicy
extends StandardSecurityPolicy

An extension of the standard security policy that allows or denies access by specific identities in addition to a normal ACL. This is particularly useful for creating superuser access policies.

Field Summary

static java.lang.String

CLASS_VERSION Class version string

Fields inherited from class atg.nucleus.GenericService

SERVICE_INFO_KEY

Fields inherited from interface atg.security.SecurityPolicy

DENIED, GRANTED, UNSPECIFIED

Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging

DEFAULT_LOG_TRACE_STATUS

Fields inherited from interface atg.nucleus.logging.ApplicationLogging

DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS

Constructor Summary

IdentitySecurityPolicy()

Method Summary

java.lang.String	getAllowed() Returns the list of allowed identities.
java.lang.String	getDenied() Returns the list of allowed identities.
UserAuthority	getUserAuthority() Returns the user authority for identities that are valid for registered users.
boolean	hasAccess(java.lang.Object pObject, User pUser, AccessRight pRight) Returns true if a user may perform a particular operation on an object.
protected boolean	identityHasAccess(User pUser) Checks to see whether or not an identity is granted access.
void	setAllowed(java.lang.String pIdentityList) Changes the list of allowed identities.
void	setDenied(java.lang.String pIdentityList) Changes the list of allowed identities.
void	setUserAuthority(UserAuthority pAuthority) Changes the user authority for identities that are valid for registered users.

Methods inherited from class atg.security.StandardSecurityPolicy

checkAccess, getAccess, getCompatiblePersona, getCompatiblePersonae, getCompleteAccessControlList, getCreationAccessControlList, getCreationAccessControlList, getCreationOwner, getCreationOwnerAccessControlList, getCreationSubPersonaeAccessControlList, getCurrentUser, getEffectiveAccessControlList, getImpliedAccessControlList, getUserPersonae

Methods inherited from class atg.nucleus.GenericService

addLogListener, createAdminServlet, doStartService, doStopService, getAbsoluteName, getAdminServlet, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService

Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION

Class version string

Constructor Detail

IdentitySecurityPolicy

public IdentitySecurityPolicy()

Method Detail

getUserAuthority

public UserAuthority getUserAuthority()

Returns the user authority for identities that are valid for registered users.

setUserAuthority

public void setUserAuthority(UserAuthority pAuthority)

Changes the user authority for identities that are valid for registered users.

getAllowed

public java.lang.String getAllowed()

Returns the list of allowed identities.

setAllowed

public void setAllowed(java.lang.String pIdentityList)

Changes the list of allowed identities.

getDenied

public java.lang.String getDenied()

Returns the list of allowed identities.

setDenied

public void setDenied(java.lang.String pIdentityList)

Changes the list of allowed identities.

identityHasAccess

protected boolean identityHasAccess(User pUser)

Checks to see whether or not an identity is granted access.

hasAccess

public boolean hasAccess(java.lang.Object pObject,
                         User pUser,
                         AccessRight pRight)
                  throws SecurityException

Returns true if a user may perform a particular operation on an object.

Specified by:

hasAccess in interface SecurityPolicy

Overrides:

hasAccess in class StandardSecurityPolicy

Throws:

SecurityException

See Also:

StandardSecurityPolicy.getCurrentUser()