atg.security
Class GenericSecuredObject

java.lang.Object
  atg.security.GenericSecuredObject

All Implemented Interfaces:

SecuredObject

Direct Known Subclasses:

SecuredRepositoryObject

public class GenericSecuredObject
extends java.lang.Object
implements SecuredObject

A generic implementation of the SecuredObject interface. This version provides storage for the owner and access control list of a secured object and implements access control on the appropriate accessor methods. This is a good base class for building other secured object implementations.

Field Summary

static java.lang.String	CLASS_VERSION
protected AccessControlList	mAcl The access control list assigned to the object.
protected Persona	mOwner The owner of record for the object.
protected SecurityContext	mSecurityContext The security context for the object.

Constructor Summary

GenericSecuredObject()

Method Summary

void	checkAccess(AccessRight pRight) Ensures that the user has the specified access right for this object.
void	checkRuntimeAccess(AccessRight pRight) Ensures that the user has the specified access right for this object.
AccessControlList	getAccessControlList() Retrieves the access control list associated with this object.
Persona	getOwner() Retrieves the owner of the object, if any.
SecurityContext	getSecurityContext() Returns the security system context information appropriate to this object.
boolean	hasAccess(AccessRight pRight) Determines if the current user has the specified access right for this object.
void	setAccessControlList(AccessControlList acl) Changes the access control list associated with this object.
void	setOwner(Persona pPersona) Changes the owner of the object, if any.
void	setSecurityContext(SecurityContext pContext) Changes the security system context information appropriate to this object.
boolean	supportsAccessControlList() Returns true if this object supports an access control list.
boolean	supportsOwner() Returns true if this object supports an owner.
AccessControlList	unsecuredGetAccessControlList() Returns the access control list stored in this secured object.
SecuredContainer[]	unsecuredGetContainers() Returns the set of containers (parents) that contain or may contain access control information that should be effective when this object is being manipulated.
Persona	unsecuredGetOwner() Returns the persona that has been specified as the owner of the object, or null if none has been specified.
SecuredContainer[]	unsecuredGetSecuredContainers() Returns the set of containers (parents) that contain or may contain access control information that should be effective when this object is being manipulated.
void	unsecuredSetAccessControlList(AccessControlList pAcl) Changes the access control list stored in this object.
void	unsecuredSetCreationSecurity() Sets the object's security to the creation defaults.
void	unsecuredSetOwner(Persona pOwner) Changes the persona that is considered to be the owner of the object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION

mAcl

protected AccessControlList mAcl

The access control list assigned to the object.

mOwner

protected Persona mOwner

The owner of record for the object.

mSecurityContext

protected SecurityContext mSecurityContext

The security context for the object.

Constructor Detail

GenericSecuredObject

public GenericSecuredObject()

Method Detail

checkAccess

public void checkAccess(AccessRight pRight)
                 throws SecurityException

Ensures that the user has the specified access right for this object. If not, a PermissionDeniedException is thrown. This method is useful for implementing access control in object methods.

Throws:

SecurityException

checkRuntimeAccess

public void checkRuntimeAccess(AccessRight pRight)

Ensures that the user has the specified access right for this object. If not, a RuntimeSecurityException is thrown, encapsulating a PermissionDeniedException. This method is useful for implementing access control in object methods that cannot have SecurityException in their signatures.

hasAccess

public boolean hasAccess(AccessRight pRight)
                  throws SecurityException

Determines if the current user has the specified access right for this object.

Throws:

SecurityException

setSecurityContext

public void setSecurityContext(SecurityContext pContext)

Changes the security system context information appropriate to this object.

getAccessControlList

public AccessControlList getAccessControlList()
                                       throws SecurityException

Retrieves the access control list associated with this object. A security exception will be thrown if the owner does not have READ_ACL access within this object, as determined by the security policy found in the object's security context.

Specified by:

getAccessControlList in interface SecuredObject

Throws:

SecurityException

setAccessControlList

public void setAccessControlList(AccessControlList acl)
                          throws SecurityException

Changes the access control list associated with this object.

Specified by:

setAccessControlList in interface SecuredObject

Throws:

SecurityException

supportsAccessControlList

public boolean supportsAccessControlList()

Returns true if this object supports an access control list.

Specified by:

supportsAccessControlList in interface SecuredObject

getOwner

public Persona getOwner()
                 throws SecurityException

Retrieves the owner of the object, if any.

Specified by:

getOwner in interface SecuredObject

Throws:

SecurityException

setOwner

public void setOwner(Persona pPersona)
              throws SecurityException

Changes the owner of the object, if any. The security policy may deny change of ownership.

Specified by:

setOwner in interface SecuredObject

Throws:

SecurityException

supportsOwner

public boolean supportsOwner()

Returns true if this object supports an owner.

Specified by:

supportsOwner in interface SecuredObject

getSecurityContext

public SecurityContext getSecurityContext()

Returns the security system context information appropriate to this object.

Specified by:

getSecurityContext in interface SecuredObject

unsecuredGetAccessControlList

public AccessControlList unsecuredGetAccessControlList()
                                                throws SecurityException

Returns the access control list stored in this secured object. This access control list is read-only.

This is considered to be a private API for the security policy and domain and should not be used by applications.

Specified by:

unsecuredGetAccessControlList in interface SecuredObject

Throws:

SecurityException

unsecuredGetOwner

public Persona unsecuredGetOwner()
                          throws SecurityException

Returns the persona that has been specified as the owner of the object, or null if none has been specified.

This is considered to be a private API for the security policy and domain and should not be used by applications.

Specified by:

unsecuredGetOwner in interface SecuredObject

Throws:

SecurityException

unsecuredGetSecuredContainers

public SecuredContainer[] unsecuredGetSecuredContainers()
                                                 throws SecurityException

Returns the set of containers (parents) that contain or may contain access control information that should be effective when this object is being manipulated. This is used by StandardSecurityPolicy.getEffectiveAccessControlList() to determine creation and effective access control lists.

This implementation always returns null. A security domain should create a subclass that implements this method if ACL inheritance capabilities are desired.

This is considered to be a private API for the security policy and domain and should not be used by applications.

Throws:

SecurityException

unsecuredSetAccessControlList

public void unsecuredSetAccessControlList(AccessControlList pAcl)
                                   throws SecurityException

Changes the access control list stored in this object. If the specified access control list is read-only, a reference is kept to it. If not, a read-only copy is made.

This is considered to be a private API for the security domain and should not be used by applications.

Specified by:

unsecuredSetAccessControlList in interface SecuredObject

Throws:

SecurityException

unsecuredSetOwner

public void unsecuredSetOwner(Persona pOwner)
                       throws SecurityException

Changes the persona that is considered to be the owner of the object.

This is considered to be a private API for the security domain and should not be used by applications.

Specified by:

unsecuredSetOwner in interface SecuredObject

Throws:

SecurityException

unsecuredGetContainers

public SecuredContainer[] unsecuredGetContainers()
                                          throws SecurityException

Returns the set of containers (parents) that contain or may contain access control information that should be effective when this object is being manipulated. This is used by StandardSecurityPolicy.getEffectiveAccessControlList() to determine creation and effective access control lists.

This is considered to be a private API for the security policy and domain objects and should not be used by applications.

This implementation provides no support for containers; this method will always return null.

Specified by:

unsecuredGetContainers in interface SecuredObject

Throws:

SecurityException

unsecuredSetCreationSecurity

public void unsecuredSetCreationSecurity()
                                  throws SecurityException

Sets the object's security to the creation defaults. This is considered to be a private API for the domain object and should not be used by applications.

Throws:

SecurityException