ContentSecurityHelper (Oracle Fusion Middleware Java API for Oracle WebLogic Portal)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.bea.content.federated
Class ContentSecurityHelper

java.lang.Object
  com.bea.content.federated.ContentSecurityHelper

public class ContentSecurityHelper
extends Object
extends Object

This class contains helper methods to manage security on content management resources.

Field Summary
`static ContextKey`	`COMMUNITY_URI` optional.
`static String`	`MARKER_CAPABILITY`

Method Summary
`static void`	`addRoles(SecurityPolicyItem spi, List<String> roleList)` Adds this list of roles to the security policty
`static void`	`cleanDanglingPolicies(ContentContext context)` Clean all the dangling policies in CM System for ALL the repositories.
`static void`	`createDAPolicy(ContentContext context, String taxonomy, List<String> roleList, String capability)` Create a DA security policy for the given taxonomy and capability.
`static void`	`createVisitorSecurityPolicy(ContentContext context, String taxonomy, List<String> roleList, String capability, String providerName)` Create a visitor security policy for the given taxonomy and capability.
`static String`	`getRootTaxonomy(String repositoryName, String resourceType)` Return the taxonomy of the repository root.
`static List<SecurityPolicyItem>`	`getSecurityPolicies(String taxonomyStart, int policyUser)` Gets all the security policies for a given user which start with the given taxonomy.
`static SecurityPolicyItem`	`getSecurityPolicy(int policyUser, String aResourceId, String aCapability)` Returns a security policy item given a policyUser, resourceId, and a capability.
`static Subject`	`getSubject()` Returns the currently logged in subject
`static String`	`getTaxonomy(Node node)` Return the taxonomy of the node used by the Content Security Layer
`static String`	`getTaxonomy(ObjectClass objectClass)` Return the taxonomy of the type used by the Content Security Layer
`static String`	`getTaxonomy(Workflow workflow)` Return the taxonomy of the workflow object used by the Content Security Layer
`static String`	`getUserName()` Gets the userName of the currently logged in user
`static boolean`	`isAdminRole()`
`static boolean`	`isAnonymousUser(String username)`
`static void`	`removeDAPolicy(ContentContext context, String taxonomy, String capability)` Remove the DA Policy set on the content resource
`static void`	`removeRoles(SecurityPolicyItem spi, List<String> roleList)` Remove the roles from the given security policy
`static void`	`removeVisitorPolicy(ContentContext context, String taxonomy, String capability, String providerName)` Remove the visitor Policy set on the content resource

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

MARKER_CAPABILITY

public static final String MARKER_CAPABILITY

See Also: Constants Summary

COMMUNITY_URI

public static final ContextKey COMMUNITY_URI

optional. If a groupSpace community, need the community uri for entitlements check

Method Detail

getSubject

public static Subject getSubject()

Returns the currently logged in subject

Returns: logged in subject

getUserName

public static String getUserName()

Gets the userName of the currently logged in user

Returns: The user name.

isAnonymousUser

public static boolean isAnonymousUser(String username)

getRootTaxonomy

public static String getRootTaxonomy(String repositoryName,
                                     String resourceType)

Return the taxonomy of the repository root.

To get the taxonomy of the root of the repository named "WLP Repository" to check the capabilities associated with the repository in general: String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository', ContentEntitlementHelper.RESOURCE_REPOSITORY);

However, when placing entitlements on content within the repository, use the taxonomy of the content node representing the root of the repository named "WLP Repository": String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository', ContentEntitlementHelper.RESOURCE_CONTENT);

Similarly, when placing entitlements on ObjectClasses within the repository, use the taxonomy of the ObjectClass representing the root of the repository named "WLP Repository": String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository', ContentEntitlementHelper.RESOURCE_TYPE);

Parameters: resourceType - The resourceType defined in ContentEntitlementHelper [RESOURCE_CONTENT, RESOURCE_TYPE, RESOURCE_REPOSITORY, RESOURCE_WORKFLOW]; repositoryName - The name of the repository. If it's null, it will return taxonomy of the Virtual Repository
Returns: The taxonomy for that repository. Will throw an IllegalArgumentException if invalid resource type is specified

getTaxonomy

public static String getTaxonomy(Node node)

Return the taxonomy of the node used by the Content Security Layer

Here is an example of using this method to grant all users in the 'MyClients' role view capability on the repository named "WLP Repository" starting at the node with path /WLP Repository/A/B/C: INodeManager nodeManager = ContentManagerFactory.getNodeManager(); ContentContext cc = new ContentContext(); Node node = nodeManager.getNode(cc, "/WLP Repository/A/B/C"); String taxonomy = ContentSecurityHelper.getTaxonomy(node); List roleList = new ArrayList(); roleList.add('MyClients'); String capability = ContentEntitlementHelper.CAN_VISITOR_VIEW; ContentSecurityHelper.createVisitorSecurityPolicy(cc, taxonomy, roleList, capability, null);

Parameters: node - The node object
Returns: The taxonomy

getTaxonomy

public static String getTaxonomy(ObjectClass objectClass)

Return the taxonomy of the type used by the Content Security Layer

Parameters: objectClass - Object class to be checked.
Returns: The taxonomy

getTaxonomy

public static String getTaxonomy(Workflow workflow)

Return the taxonomy of the workflow object used by the Content Security Layer

Parameters: workflow - The workflow object
Returns: The taxonomy

createVisitorSecurityPolicy

public static void createVisitorSecurityPolicy(ContentContext context,
                                               String taxonomy,
                                               List<String> roleList,
                                               String capability,
                                               String providerName)
                                        throws com.bea.p13n.entitlements.common.EntitlementsException,
                                               com.bea.p13n.entitlements.common.PolicyCreateException,
                                               com.bea.p13n.entitlements.common.PolicyExistsException,
                                               RepositoryException

Create a visitor security policy for the given taxonomy and capability.

Parameters: context - The contentContext object; taxonomy - Taxonomy of the resource. Can be generated using getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow) for content specific resources; roleList - The roleList associated with the security policy item; capability - The visitor capability. Should only be a list of valid visitor capabilities defined in ContentEntitlementHelper - CAN_VISITOR_CREATE/CAN_VISITOR_VIEW etc; providerName - Optional parameter, needs to be set only if the visitor security policy is to be created in a different provider. If the policy is to be created in the default provider, this variable can be set to null.
Here is an example of using this method to grant all users in the 'MyClients' role view capability on the repository named "WLP Repository": String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository', ContentEntitlementHelper.RESOURCE_CONTENT); List roleList = new ArrayList(); roleList.add('MyClients'); String capability = ContentEntitlementHelper.CAN_VISITOR_VIEW; ContentSecurityHelper.createVisitorSecurityPolicy(new ContentContext(), taxonomy, roleList, capability, null);
Throws: com.bea.p13n.entitlements.common.EntitlementsException - If an entitlement error occurs; com.bea.p13n.entitlements.common.PolicyCreateException - if an error occurs in creating a policy; com.bea.p13n.entitlements.common.PolicyExistsException - if the policy already exists; RepositoryException - for any other error

removeVisitorPolicy

public static void removeVisitorPolicy(ContentContext context,
                                       String taxonomy,
                                       String capability,
                                       String providerName)
                                throws com.bea.p13n.entitlements.common.EntitlementsException,
                                       com.bea.p13n.entitlements.common.PolicyRemoveException,
                                       com.bea.p13n.entitlements.common.PolicyNotFoundException,
                                       RepositoryException

Remove the visitor Policy set on the content resource

Parameters: context - The contentContext object.; taxonomy - Taxonomy of the resource. Can be generated using getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow) for content specific resources; capability - The visitor capability. Should only be a list of valid visitor capabilities defined in ContentEntitlementHelper - CAN_VISITOR_CREATE etc To remove all capabilities, use the wildcard - *; providerName - Optional parameter, needs to be set only if the visitor security policy is to be removed for a different provider. If the policy is to be removed in the default provider, this variable can be set to null. To remove the visitor policy from ALL security providers, specify * as it's value
Throws: com.bea.p13n.entitlements.common.EntitlementsException - If an entitlement error occurs; com.bea.p13n.entitlements.common.PolicyRemoveException - If the policy cannot be removed; com.bea.p13n.entitlements.common.PolicyNotFoundException - If the policy was not found; RepositoryException - For any other error

createDAPolicy

public static void createDAPolicy(ContentContext context,
                                  String taxonomy,
                                  List<String> roleList,
                                  String capability)
                           throws com.bea.p13n.delegation.management.DelegationPolicyManagementException,
                                  com.bea.p13n.entitlements.common.EntitlementsException,
                                  RepositoryException

Create a DA security policy for the given taxonomy and capability.

Parameters: context - The ContentContext object. Recommended use is only from within admin tools.; taxonomy - Taxonomy of the resource. Can be generated using getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow) for content specific resources; roleList - A list of roles to associate with the policy.; capability - The DA capability. Should only be a list of valid DA capabilities defined in ContentEntitlementHelper - CAN_CREATE/CAN_DELETE etc
Throws: RepositoryException - If an error occurs; com.bea.p13n.entitlements.common.EntitlementsException - If an error occurs with entitlements; com.bea.p13n.delegation.management.DelegationPolicyManagementException - A wrapper for an exception throw by the underlying entitlements engine

removeDAPolicy

public static void removeDAPolicy(ContentContext context,
                                  String taxonomy,
                                  String capability)
                           throws com.bea.p13n.delegation.management.DelegationPolicyManagementException,
                                  com.bea.p13n.entitlements.common.EntitlementsException,
                                  RepositoryException

Remove the DA Policy set on the content resource

Parameters: context - The ContentContext object. Recommended use is only from within admin tools.; taxonomy - Taxonomy of the resource. Can be generated using getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow) for content specific resources; capability - The DA capability. Should only be a list of valid DA capabilities defined in ContentEntitlementHelper - CAN_CREATE/CAN_DELETE etc To remove all capabilities, use the wildcard - *
Throws: RepositoryException - If an error occurs; com.bea.p13n.delegation.management.DelegationPolicyManagementException - A wrapper for an exception throw by the underlying entitlements engine; com.bea.p13n.entitlements.common.EntitlementsException - If an error occurs with entitlements

isAdminRole

public static boolean isAdminRole()

addRoles

public static void addRoles(SecurityPolicyItem spi,
                            List<String> roleList)
                     throws com.bea.p13n.entitlements.common.PolicyNotFoundException,
                            com.bea.p13n.entitlements.common.PolicyCreateException

Adds this list of roles to the security policty

Parameters: spi - SecurityPolicyItem can be obtained via "getSecurityPolicy()" method in this class; roleList - The list of new roles
Throws: com.bea.p13n.entitlements.common.PolicyNotFoundException - If the given policy is not found.; com.bea.p13n.entitlements.common.PolicyCreateException - If the policy change fails.

removeRoles

public static void removeRoles(SecurityPolicyItem spi,
                               List<String> roleList)
                        throws com.bea.p13n.entitlements.common.PolicyNotFoundException,
                               com.bea.p13n.entitlements.common.PolicyCreateException

Remove the roles from the given security policy

Parameters: spi - SecurityPolicyItem can be obtained via "getSecurityPolicy()" method in this class; roleList - The list of roles to remove
Throws: com.bea.p13n.entitlements.common.PolicyNotFoundException - If the given policy is not found.; com.bea.p13n.entitlements.common.PolicyCreateException - If the policy change fails.

getSecurityPolicy

public static SecurityPolicyItem getSecurityPolicy(int policyUser,
                                                   String aResourceId,
                                                   String aCapability)

Returns a security policy item given a policyUser, resourceId, and a capability. Will throw a PolicyManagementAccessException if the user is not in an authorized Role (PortalSystemAdministrators/Admin)

Parameters: policyUser - PolicyUser - EntitlementConstants.P13N_APPLICATION_POLICY || EntitlementConstants.P13N_ADMIN_POLICY; aResourceId - Usually the taxonomy of the content resource.; aCapability - The capability required
Returns: SecurityPolicyItem The matching security policy item/

cleanDanglingPolicies

public static void cleanDanglingPolicies(ContentContext context)
                                  throws RepositoryException,
                                         com.bea.p13n.entitlements.common.PolicyRemoveException,
                                         com.bea.p13n.entitlements.common.EntitlementsException,
                                         com.bea.p13n.entitlements.common.PolicyNotFoundException,
                                         com.bea.p13n.delegation.management.DelegationPolicyManagementException

Clean all the dangling policies in CM System for ALL the repositories. Dangling policies are created when a visitor has renamed a node and the security policy has not been updated to reflect the fact. This method will allow cleaning of dangling policies both at the DA Level as well as Visitor Entitlements level. If the user is not in an Admin role, the method will throw an RepositoryException.

Parameters: context - The ContentContext object
Throws: RepositoryException - In case of errors in removing security policies; com.bea.p13n.entitlements.common.PolicyRemoveException - If the policy cannot be removed; com.bea.p13n.entitlements.common.EntitlementsException - In case of error in removing policies; com.bea.p13n.entitlements.common.PolicyNotFoundException - If policy is not found; com.bea.p13n.delegation.management.DelegationPolicyManagementException - If the delegated policy cannot be removed

getSecurityPolicies

public static List<SecurityPolicyItem> getSecurityPolicies(String taxonomyStart,
                                                           int policyUser)
                                                    throws RepositoryException

Gets all the security policies for a given user which start with the given taxonomy. The user should be in a PortalSystemAdministrators/Admin role to use this method, otherwise a PolicyManagementAccessException will be thrown by the system.

Parameters: taxonomyStart - The start of the taxonomy. This method will throw an error if the taxonomy is null.; policyUser - PolicyUser - EntitlementConstants.P13N_APPLICATION_POLICY || EntitlementConstants.P13N_ADMIN_POLICY
Returns: A list of security policy items. This will get all security policies of matching taxonomy from ALL the security providers.
Throws: RepositoryException - for any other error cases.

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.bea.content.federated Class ContentSecurityHelper

MARKER_CAPABILITY

COMMUNITY_URI

getSubject

getUserName

isAnonymousUser

getRootTaxonomy

getTaxonomy

getTaxonomy

getTaxonomy

createVisitorSecurityPolicy

removeVisitorPolicy

createDAPolicy

removeDAPolicy

isAdminRole

addRoles

removeRoles

getSecurityPolicy

cleanDanglingPolicies

getSecurityPolicies

com.bea.content.federated
Class ContentSecurityHelper