Class GenericSecuredRepository

  extended by atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      extended by atg.nucleus.GenericService
          extended by
All Implemented Interfaces:
atg.naming.AbsoluteNameable, NameContextBindingListener, NameContextElement, atg.naming.NameContextParentable, NameResolver, AdminableService, atg.nucleus.Configured, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, atg.repository.DisplayableRepository, Repository, RepositoryViewContainer, atg.repository.RepositoryWrapper, SecuredRepository, java.util.EventListener
Direct Known Subclasses:

public class GenericSecuredRepository
extends GenericService
implements SecuredRepository, atg.repository.DisplayableRepository, atg.repository.RepositoryWrapper

An implementation of SecureRepository that wraps a normal Repository, using properties of its items to store access control information as formatted strings. This is a very basic system whose primary purpose is flexibility rather than performance, although some effort has been given towards providing acceptable performance.

This implementation is not intended to provide absolute security, but rather to allow an application the ability to provide security features without having to implement its own access checking.

Field Summary
static java.lang.String CLASS_VERSION
protected mItemCache
          A cache of secured repository items indexed by the repository item.
protected  Repository mRepository
          The repository we're wrapping.
protected  SecurityConfiguration mSecurityConfiguration
          The security configuration of the repository.
protected  javax.transaction.TransactionManager mTransactionManager
          The transaction manager to use for transactions while we do repository work.
Fields inherited from class atg.nucleus.GenericService
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging
Fields inherited from interface atg.nucleus.logging.ApplicationLogging
Constructor Summary
          Creates a secured repository that can be used to wrap a normal repository.
GenericSecuredRepository(Repository pRepository, SecurityConfiguration pConfiguration)
          Creates a secured repository that wraps a normal repository.
Method Summary
protected  void checkAccess(GenericSecuredRepositoryItem pItem, AccessRight pRight)
          Checks to see if the specified access is allowed on an item and, if not, throws a RepositorySecurityException that wraps a PermissionDeniedException.
 void checkAccess(java.lang.String pDescriptorName, AccessRight pRight)
          Checks to see if the current user has the indicated access right for an item descriptor.
protected  void checkAccess(java.lang.String pId, java.lang.String pDescriptorName, AccessRight pRight)
          Looks up a secured repository item and checks to see if the user has the indicated access right on it.
protected  void checkForInvalidRepository()
 void doStartService()
          This is called after a Service has been created, placed into the naming hierarchy, and initialized with its configured property values.
 RepositoryItem[] filterItems(RepositoryItem[] pItems, AccessRight pRight)
          Filters out any repository items returned from a query that the user should not be able to access in the indicated mode.
 java.lang.String getComponentResourceBundleName()
          Get property componentResourceBundleName
 atg.xml.XMLFile getConfigurationFile()
          Returns the configuration template used to configure the repository.
 java.lang.String getDefaultViewName()
          Returns the name of the "default" or "root" RepositoryView
 RepositoryItem getItem(java.lang.String pId)
 RepositoryItem getItem(java.lang.String pId, java.lang.String pDescriptorName)
          Returns an item in the Repository with the given id.
 RepositoryItemDescriptor getItemDescriptor(RepositoryItemDescriptor pDesc)
          Returns a RepositoryItemDescriptor accessed with the name of the given descriptor.
 RepositoryItemDescriptor getItemDescriptor(java.lang.String pName)
          Returns a RepositoryItemDescriptor accessed with the given name.
 java.lang.String[] getItemDescriptorNames()
          Returns an array of the names of the known RepositoryItemDescriptors.
 RepositoryItem[] getItems(java.lang.String[] pIds)
 RepositoryItem[] getItems(java.lang.String[] pIds, java.lang.String pDescriptorName)
          Returns the items with the given ids.
 int getQueryEndIndexFactor()
          Returns the factor by which queries overshoot when trying to get enough results.
 int getQueryMinimumQuerySize()
          Returns the minimum guess size when querying with an end index.
 Repository getRepository()
          Returns the repository that we're wrapping.
 java.lang.String getRepositoryDisplayName()
          Get property repositoryDisplayName
 java.lang.String getRepositoryDisplayNameResource()
          Get property repositoryDisplayNameResource
 java.lang.String getRepositoryName()
          Returns the name of this Repository
 SecurityConfiguration getSecurityConfiguration()
          Returns the security configuration information for the repository.
 SecurityPolicy getSecurityPolicy()
          Returns the security policy used for the repository.
 javax.transaction.TransactionManager getTransactionManager()
          Returns the transaction manager to use for repository interaction.
 RepositoryView getView(RepositoryItemDescriptor pDesc)
          Returns a RepositoryView accessed with the name of the given descriptor.
 RepositoryView getView(java.lang.String pName)
          Returns a RepositoryView accessed with the given name.
 java.lang.String[] getViewNames()
          Returns an array of the names of all contained top-level views
 java.util.Collection getWrappedRepositories()
          Returns the repository that we're wrapping.
 Repository getWrappedRepository()
          Returns the repository that we're wrapping. getXMLToolsFactory()
          Returns the tools factory that creates an XML parser for this user authority.
 boolean hasAccess(java.lang.String pDescriptorName, AccessRight pRight)
          Checks to see if the current user has the indicated access right for an item descriptor.
 boolean isDisableSecurityEnhancements()
 void setComponentResourceBundleName(java.lang.String pComponentResourceBundleName)
          Set property componentResourceBundleName
 void setConfigurationFile(atg.xml.XMLFile pXmlConfiguration)
          Changes the configuration template used to configure the repository.
 void setDisableSecurityEnhancements(boolean pDisableSecurityEnhancements)
 void setQueryEndIndexFactor(int pQueryEndIndexFactor)
          Sets the factor by which queries overshoot when trying to get enough results.
 void setQueryMinimumQuerySize(int pQueryMinimumQuerySize)
          Sets the minimum guess size when querying with an end index.
 void setRepository(Repository pRepository)
          Changes the repository that we're wrapping.
 void setRepositoryDisplayNameResource(java.lang.String pRepositoryDisplayNameResource)
          Set property repositoryDisplayNameResource
 void setRepositoryName(java.lang.String pName)
          Changes the name of the repository.
 void setSecurityConfiguration(SecurityConfiguration pSecurityConfiguration)
          Changes the security configuration for the repository, which affects the production of access control lists.
 void setTransactionManager(javax.transaction.TransactionManager pManager)
          Changes the transaction manager to use for repository interaction.
 void setXMLToolsFactory( pNewFactory)
          Sets the tools factory that will be used to create an XML parser for this user authority.
 java.lang.Object[] unwrapArray(java.lang.Object[] pArray)
          Takes an array and removes the secured wrappers around its contents.
 java.util.List unwrapList(java.util.List pList)
          Takes a List and removes the secured wrappers around its contents.
 java.util.Map unwrapMap(java.util.Map pMap)
          Takes a Map and removes the secured wrappers around its contents.
 java.util.Set unwrapSet(java.util.Set pSet)
          Takes a Set and removes the secured wrappers around its contents.
 java.lang.Object unwrapValue(java.lang.Object pValue)
          Takes a secured repository property value and turns it into an unsecured repository property value so we can store it in the underlying repository.
 RepositoryItem[] wrapItems(RepositoryItem[] pItems)
          Wraps all repository items into a secured object returned from a query
Methods inherited from class atg.nucleus.GenericService
addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail


public static java.lang.String CLASS_VERSION


protected Repository mRepository
The repository we're wrapping.


protected javax.transaction.TransactionManager mTransactionManager
The transaction manager to use for transactions while we do repository work.


protected SecurityConfiguration mSecurityConfiguration
The security configuration of the repository.


protected mItemCache
A cache of secured repository items indexed by the repository item.

Constructor Detail


public GenericSecuredRepository()
Creates a secured repository that can be used to wrap a normal repository.


public GenericSecuredRepository(Repository pRepository,
                                SecurityConfiguration pConfiguration)
Creates a secured repository that wraps a normal repository.

Method Detail


public atg.xml.XMLFile getConfigurationFile()
Returns the configuration template used to configure the repository.


public void setConfigurationFile(atg.xml.XMLFile pXmlConfiguration)
Changes the configuration template used to configure the repository.


public boolean isDisableSecurityEnhancements()
the disableSecurityEnhancements


public void setDisableSecurityEnhancements(boolean pDisableSecurityEnhancements)
pDisableSecurityEnhancements - the disableSecurityEnhancements to set


public Repository getRepository()
Returns the repository that we're wrapping.


public Repository getWrappedRepository()
Returns the repository that we're wrapping.

Specified by:
getWrappedRepository in interface atg.repository.RepositoryWrapper


public java.util.Collection getWrappedRepositories()
Returns the repository that we're wrapping.

Specified by:
getWrappedRepositories in interface atg.repository.RepositoryWrapper


public void setRepository(Repository pRepository)
Changes the repository that we're wrapping. It is an extremely bad idea to change the wrapped repository after using the secured repository in any way.


public void setRepositoryName(java.lang.String pName)
Changes the name of the repository.


public void setSecurityConfiguration(SecurityConfiguration pSecurityConfiguration)
Changes the security configuration for the repository, which affects the production of access control lists. This should never be done after the repository has been used.


public javax.transaction.TransactionManager getTransactionManager()
Returns the transaction manager to use for repository interaction.


public void setTransactionManager(javax.transaction.TransactionManager pManager)
Changes the transaction manager to use for repository interaction.


public getXMLToolsFactory()
Returns the tools factory that creates an XML parser for this user authority.


public void setXMLToolsFactory( pNewFactory)
Sets the tools factory that will be used to create an XML parser for this user authority.


public java.lang.String getRepositoryDisplayName()
Get property repositoryDisplayName

Specified by:
getRepositoryDisplayName in interface atg.repository.DisplayableRepository
the display name of this repository


public void setRepositoryDisplayNameResource(java.lang.String pRepositoryDisplayNameResource)
Set property repositoryDisplayNameResource

pRepositoryDisplayNameResource - the name of the resource that contains the display name for this repository


public java.lang.String getRepositoryDisplayNameResource()
Get property repositoryDisplayNameResource

the name of the resource that contains the display name for this repository


public void setComponentResourceBundleName(java.lang.String pComponentResourceBundleName)
Set property componentResourceBundleName

pComponentResourceBundleName - the name of the resource bundle that holds the display name resource


public java.lang.String getComponentResourceBundleName()
Get property componentResourceBundleName

the name of the resource bundle that holds the display name resource


public void checkAccess(java.lang.String pDescriptorName,
                        AccessRight pRight)
                 throws RepositoryException
Checks to see if the current user has the indicated access right for an item descriptor. If not, it throws a RepositorySecurityException that wraps a PermissionDeniedException.

See Also:
RepositorySecurityException, PermissionDeniedException


public boolean hasAccess(java.lang.String pDescriptorName,
                         AccessRight pRight)
                  throws RepositoryException
Checks to see if the current user has the indicated access right for an item descriptor.



protected void checkAccess(GenericSecuredRepositoryItem pItem,
                           AccessRight pRight)
                    throws RepositoryException
Checks to see if the specified access is allowed on an item and, if not, throws a RepositorySecurityException that wraps a PermissionDeniedException.

If the item is null, this completes successfully. This allows the caller to call through into the real repository to receive the appropriate repository exception.



protected void checkAccess(java.lang.String pId,
                           java.lang.String pDescriptorName,
                           AccessRight pRight)
                    throws RepositoryException
Looks up a secured repository item and checks to see if the user has the indicated access right on it. If not, this throws a RepositorySecurityException that wraps a PermissionDeniedException. If the item does not exist, this completes successfully. This allows the caller to call through into the real repository to receive the appropriate repository exception.



public RepositoryItem[] filterItems(RepositoryItem[] pItems,
                                    AccessRight pRight)
Filters out any repository items returned from a query that the user should not be able to access in the indicated mode.


public RepositoryItem[] wrapItems(RepositoryItem[] pItems)
Wraps all repository items into a secured object returned from a query


public java.lang.Object[] unwrapArray(java.lang.Object[] pArray)
Takes an array and removes the secured wrappers around its contents.


public java.util.List unwrapList(java.util.List pList)
Takes a List and removes the secured wrappers around its contents.


public java.util.Map unwrapMap(java.util.Map pMap)
Takes a Map and removes the secured wrappers around its contents.


public java.util.Set unwrapSet(java.util.Set pSet)
Takes a Set and removes the secured wrappers around its contents.


public java.lang.Object unwrapValue(java.lang.Object pValue)
Takes a secured repository property value and turns it into an unsecured repository property value so we can store it in the underlying repository.


protected void checkForInvalidRepository()
                                  throws ServiceException


public void doStartService()
                    throws ServiceException
Description copied from class: GenericService
This is called after a Service has been created, placed into the naming hierarchy, and initialized with its configured property values. The Service should override this method to start any processes it requires.

doStartService in class GenericService
ServiceException - if the Service had a problem starting up


public java.lang.String getRepositoryName()
Returns the name of this Repository

Specified by:
getRepositoryName in interface Repository


public RepositoryItem getItem(java.lang.String pId)
                       throws RepositoryException

Returns an item in the Repository with the given id. This version retrieves the item from the default item descriptor.

The caller must have READ access on the item descriptor or a RepositorySecurityException will be thrown. They must have LIST access on the item or null is returned.

Specified by:
getItem in interface Repository
pId - the id of the item to retrieve
null if no item can be found
RepositoryException - if there was an error while attempting to return the RepositoryItem


public RepositoryItem getItem(java.lang.String pId,
                              java.lang.String pDescriptorName)
                       throws RepositoryException
Returns an item in the Repository with the given id.

The caller must have READ access on the item descriptor or a RepositorySecurityException will be thrown. They must have LIST access on the item or null is returned.

Specified by:
getItem in interface Repository
pId - the id of the item to retrieve
pDescriptorName - the name of the item descriptor that contains this item.
null if no item can be found
RepositoryException - if there was an error while attempting to return the RepositoryItem


public RepositoryItem[] getItems(java.lang.String[] pIds)
                          throws RepositoryException

Returns the items with the given ids. If requested items are not readable, they are not returned. The caller must have READ access on the item descriptor or a RepositorySecurityException will e thrown. They must have LIST access on each item or null is returned in the slots of the respective items.

The caller must have LIST access on each item that is requested or that item's slot will be set to null following this query.

Specified by:
getItems in interface Repository
null if no items can be found
RepositoryException - if there was an error while attempting to return the RepositoryItems


public RepositoryItem[] getItems(java.lang.String[] pIds,
                                 java.lang.String pDescriptorName)
                          throws RepositoryException
Returns the items with the given ids.

The caller must have READ access on the item descriptor or a RepositorySecurityException will e thrown. They must have LIST access on each item or null is returned in the slots of the respective items.

Specified by:
getItems in interface Repository
pIds - the list of ids
pDescriptorName - the item descriptor containing these ids
null if no items can be found
RepositoryException - if there was an error while attempting to return the RepositoryItems


public java.lang.String getDefaultViewName()
Returns the name of the "default" or "root" RepositoryView

Specified by:
getDefaultViewName in interface Repository


public java.lang.String[] getViewNames()
Returns an array of the names of all contained top-level views

Specified by:
getViewNames in interface Repository
Specified by:
getViewNames in interface RepositoryViewContainer
null if no sub-views exist


public RepositoryView getView(java.lang.String pName)
                       throws RepositoryException
Returns a RepositoryView accessed with the given name.

Specified by:
getView in interface Repository
Specified by:
getView in interface RepositoryViewContainer
pName - the name of the view to find
null if the requested view does not exist
RepositoryException - if there was an error while attempting to return the RepositoryView


public RepositoryView getView(RepositoryItemDescriptor pDesc)
                       throws RepositoryException
Description copied from interface: Repository
Returns a RepositoryView accessed with the name of the given descriptor.

Specified by:
getView in interface Repository
pDesc - the descriptor of the view to find
null if the requested view does not exist
RepositoryException - if there was an error while attempting to return the RepositoryView


public java.lang.String[] getItemDescriptorNames()
Returns an array of the names of the known RepositoryItemDescriptors. There should always be at least one item descriptor per Repository.

Specified by:
getItemDescriptorNames in interface Repository


public RepositoryItemDescriptor getItemDescriptor(java.lang.String pName)
                                           throws RepositoryException
Returns a RepositoryItemDescriptor accessed with the given name.

Specified by:
getItemDescriptor in interface Repository
pName - the name of the descriptor to find
null if the requested descriptor does not exist
RepositoryException - if there was an error while attempting to return the RepositoryItemDescriptor


public RepositoryItemDescriptor getItemDescriptor(RepositoryItemDescriptor pDesc)
                                           throws RepositoryException
Description copied from interface: Repository
Returns a RepositoryItemDescriptor accessed with the name of the given descriptor.

Specified by:
getItemDescriptor in interface Repository
pDesc - the descriptor to find
null if the requested descriptor does not exist
RepositoryException - if there was an error while attempting to return the RepositoryItemDescriptor


public SecurityPolicy getSecurityPolicy()
Returns the security policy used for the repository.

Specified by:
getSecurityPolicy in interface SecuredRepository


public SecurityConfiguration getSecurityConfiguration()
Returns the security configuration information for the repository.

Specified by:
getSecurityConfiguration in interface SecuredRepository


public int getQueryEndIndexFactor()
Returns the factor by which queries overshoot when trying to get enough results.


public void setQueryEndIndexFactor(int pQueryEndIndexFactor)
Sets the factor by which queries overshoot when trying to get enough results.


public int getQueryMinimumQuerySize()
Returns the minimum guess size when querying with an end index.


public void setQueryMinimumQuerySize(int pQueryMinimumQuerySize)
Sets the minimum guess size when querying with an end index.