The main interfaces, objects, and classes for Security Services are as follows:
User Authority: This interface is used for authenticating a user. The interface produces Persona objects that are used to identify a user and any roles that the user may have.
Persona: An identity of a user, a user’s role (which may be a user group such as Designers or Developers, for example), or an application privilege. Persona objects may have multiple embedded identities. For example, a user may have several roles, such as manager and developer, and a role may have multiple privileges. The Persona interface is a superset of the standard J2EE Principal interface, and implements the Principal interface for interoperability.
User: The User object holds a collection of Personae that have been collected by one or more user authorities. This object is like a wallet into which identities are placed. A User object can hold several identities if a user has been authenticated by several means.
Security Policy: A security policy is used to determine whether a user has access to an object by checking an access control list composed of access rights and/or deny rights.
Secured Object: The
SecuredObject
interface provides a standard way to look up and change security information related to an object. Theatg.security.StandardSecurityPolicy
class uses this interface to determine the ACL for an object and any related container objects that may affect the ACL.Secured Container: Like
SecuredObject
,SecuredContainer
provides a standard interface for determining a list of security-related parents of an object, to support ACL inheritance or other cross-object semantics, for example.Security Configuration: A security configuration is a security policy grouped together with the user authority that determines the identity information for a user. The security configuration is used primarily for reconstituting persisted ACL information using the
parse()
method ofatg.security.AccessControlList
.Security Context: Every
SecuredObject
has a relatedSecurity Context
, which is a Security Configuration plus a reference back to the object. This allows the access checker in the security policy to use the object itself to determine access control rules.