|
Copyright © 2000, 2009, Oracle and/or its affiliates. All rights reserved. | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.bea.content.federated.ContentSecurityHelper
public class ContentSecurityHelper
This class contains helper methods to manage security on content management resources.
Field Summary | |
---|---|
static ContextKey |
COMMUNITY_URI
optional. |
Method Summary | |
---|---|
static void |
addRoles(SecurityPolicyItem spi,
List<String> roleList)
Adds this list of roles to the security policty |
static void |
cleanDanglingPolicies(ContentContext context)
Clean all the dangling policies in CM System for ALL the repositories. |
static void |
createDAPolicy(ContentContext context,
String taxonomy,
List<String> roleList,
String capability)
Create a DA security policy for the given taxonomy and capability. |
static void |
createVisitorSecurityPolicy(ContentContext context,
String taxonomy,
List<String> roleList,
String capability,
String providerName)
Create a visitor security policy for the given taxonomy and capability. |
static String |
getRootTaxonomy(String repositoryName,
String resourceType)
Return the taxonomy of the repository root. |
static List<SecurityPolicyItem> |
getSecurityPolicies(String taxonomyStart,
int policyUser)
Gets all the security policies for a given user which start with the given taxonomy. |
static SecurityPolicyItem |
getSecurityPolicy(int policyUser,
String aResourceId,
String aCapability)
Returns a security policy item given a policyUser, resourceId, and a capability. |
static Subject |
getSubject()
Returns the currently logged in subject |
static String |
getTaxonomy(Node node)
Return the taxonomy of the node used by the Content Security Layer |
static String |
getTaxonomy(ObjectClass objectClass)
Return the taxonomy of the type used by the Content Security Layer |
static String |
getTaxonomy(Workflow workflow)
Return the taxonomy of the workflow object used by the Content Security Layer |
static String |
getUserName()
Gets the userName of the currently logged in user |
static boolean |
isAdminRole()
|
static void |
removeDAPolicy(ContentContext context,
String taxonomy,
String capability)
Remove the DA Policy set on the content resource |
static void |
removeRoles(SecurityPolicyItem spi,
List<String> roleList)
Remove the roles from the given security policy |
static void |
removeVisitorPolicy(ContentContext context,
String taxonomy,
String capability,
String providerName)
Remove the visitor Policy set on the content resource |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final ContextKey COMMUNITY_URI
Method Detail |
---|
public static Subject getSubject()
public static String getUserName()
public static String getRootTaxonomy(String repositoryName, String resourceType)
To get the taxonomy of the root of the repository named "WLP Repository" to check the capabilities
associated with the repository in general:
String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository',
ContentEntitlementHelper.RESOURCE_REPOSITORY);
However, when placing entitlements on content within the repository, use the taxonomy of the content node
representing the root of the repository named "WLP Repository":
String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository',
ContentEntitlementHelper.RESOURCE_CONTENT);
Similarly, when placing entitlements on ObjectClasses within the repository, use the taxonomy of
the ObjectClass representing the root of the repository named "WLP Repository":
String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository',
ContentEntitlementHelper.RESOURCE_TYPE);
resourceType
- The resourceType defined in ContentEntitlementHelper [RESOURCE_CONTENT, RESOURCE_TYPE,
RESOURCE_REPOSITORY, RESOURCE_WORKFLOW]repositoryName
- The name of the repository. If it's null, it will return taxonomy of the Virtual Repository
public static String getTaxonomy(Node node)
Here is an example of using this method to grant all users in the 'MyClients' role view capability on the
repository named "WLP Repository" starting at the node with path /WLP Repository/A/B/C:
INodeManager nodeManager = ContentManagerFactory.getNodeManager();
ContentContext cc = new ContentContext();
Node node = nodeManager.getNode(cc, "/WLP Repository/A/B/C");
String taxonomy = ContentSecurityHelper.getTaxonomy(node);
List
node
- The node object
public static String getTaxonomy(ObjectClass objectClass)
objectClass
- Object class to be checked.
public static String getTaxonomy(Workflow workflow)
workflow
- The workflow object
public static void createVisitorSecurityPolicy(ContentContext context, String taxonomy, List<String> roleList, String capability, String providerName) throws com.bea.p13n.entitlements.common.EntitlementsException, com.bea.p13n.entitlements.common.PolicyCreateException, com.bea.p13n.entitlements.common.PolicyExistsException, RepositoryException
context
- The contentContext objecttaxonomy
- Taxonomy of the resource. Can be generated using
getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow)
for content specific resourcesroleList
- The roleList associated with the security policy itemcapability
- The visitor capability. Should only be a list of valid visitor
capabilities defined in ContentEntitlementHelper - CAN_VISITOR_CREATE/CAN_VISITOR_VIEW etcproviderName
- Optional parameter, needs to be set only if the visitor security policy
is to be created in a different provider. If the policy is to be created in the default provider, this
variable can be set to null.
Here is an example of using this method to grant all users in the 'MyClients' role view capability on the
repository named "WLP Repository":
String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository', ContentEntitlementHelper.RESOURCE_CONTENT);
List
com.bea.p13n.entitlements.common.EntitlementsException
- If an entitlement error occurs
com.bea.p13n.entitlements.common.PolicyCreateException
- if an error occurs in creating a policy
com.bea.p13n.entitlements.common.PolicyExistsException
- if the policy already exists
RepositoryException
- for any other errorpublic static void removeVisitorPolicy(ContentContext context, String taxonomy, String capability, String providerName) throws com.bea.p13n.entitlements.common.EntitlementsException, com.bea.p13n.entitlements.common.PolicyRemoveException, com.bea.p13n.entitlements.common.PolicyNotFoundException, RepositoryException
context
- The contentContext object.taxonomy
- Taxonomy of the resource. Can be generated using
getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow)
for content specific resourcescapability
- The visitor capability. Should only be a list of valid visitor
capabilities defined in ContentEntitlementHelper - CAN_VISITOR_CREATE etc
To remove all capabilities, use the wildcard - *providerName
- Optional parameter, needs to be set only if the visitor security policy
is to be removed for a different provider. If the policy is to be removed in the default provider, this
variable can be set to null. To remove the visitor policy from ALL security providers, specify * as it's value
com.bea.p13n.entitlements.common.EntitlementsException
- If an entitlement error occurs
com.bea.p13n.entitlements.common.PolicyRemoveException
- If the policy cannot be removed
com.bea.p13n.entitlements.common.PolicyNotFoundException
- If the policy was not found
RepositoryException
- For any other errorpublic static void createDAPolicy(ContentContext context, String taxonomy, List<String> roleList, String capability) throws com.bea.p13n.delegation.management.DelegationPolicyManagementException, com.bea.p13n.entitlements.common.EntitlementsException, RepositoryException
context
- The ContentContext object.
Recommended use is only from within admin tools.taxonomy
- Taxonomy of the resource. Can be generated using
getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow)
for content specific resourcesroleList
- A list of roles to associate with the policy.capability
- The DA capability. Should only be a list of valid DA
capabilities defined in ContentEntitlementHelper - CAN_CREATE/CAN_DELETE etc
RepositoryException
- If an error occurs
com.bea.p13n.entitlements.common.EntitlementsException
- If an error occurs with entitlements
com.bea.p13n.delegation.management.DelegationPolicyManagementException
- A wrapper for an exception throw by the underlying entitlements
enginepublic static void removeDAPolicy(ContentContext context, String taxonomy, String capability) throws com.bea.p13n.delegation.management.DelegationPolicyManagementException, com.bea.p13n.entitlements.common.EntitlementsException, RepositoryException
context
- The ContentContext object.
Recommended use is only from within admin tools.taxonomy
- Taxonomy of the resource. Can be generated using
getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow)
for content specific resourcescapability
- The DA capability. Should only be a list of valid DA
capabilities defined in ContentEntitlementHelper - CAN_CREATE/CAN_DELETE etc
To remove all capabilities, use the wildcard - *
RepositoryException
- If an error occurs
com.bea.p13n.delegation.management.DelegationPolicyManagementException
- A wrapper for an exception throw by the underlying entitlements
engine
com.bea.p13n.entitlements.common.EntitlementsException
- If an error occurs with entitlementspublic static boolean isAdminRole()
public static void addRoles(SecurityPolicyItem spi, List<String> roleList) throws com.bea.p13n.entitlements.common.PolicyNotFoundException, com.bea.p13n.entitlements.common.PolicyCreateException
spi
- SecurityPolicyItem can be obtained via "getSecurityPolicy()" method in this classroleList
- The list of new roles
com.bea.p13n.entitlements.common.PolicyNotFoundException
- If the given policy is not found.
com.bea.p13n.entitlements.common.PolicyCreateException
- If the policy change fails.public static void removeRoles(SecurityPolicyItem spi, List<String> roleList) throws com.bea.p13n.entitlements.common.PolicyNotFoundException, com.bea.p13n.entitlements.common.PolicyCreateException
spi
- SecurityPolicyItem can be obtained via "getSecurityPolicy()" method in this classroleList
- The list of roles to remove
com.bea.p13n.entitlements.common.PolicyNotFoundException
- If the given policy is not found.
com.bea.p13n.entitlements.common.PolicyCreateException
- If the policy change fails.public static SecurityPolicyItem getSecurityPolicy(int policyUser, String aResourceId, String aCapability)
policyUser
- PolicyUser - EntitlementConstants.P13N_APPLICATION_POLICY || EntitlementConstants.P13N_ADMIN_POLICYaResourceId
- Usually the taxonomy of the content resource.aCapability
- The capability required
public static void cleanDanglingPolicies(ContentContext context) throws RepositoryException, com.bea.p13n.entitlements.common.PolicyRemoveException, com.bea.p13n.entitlements.common.EntitlementsException, com.bea.p13n.entitlements.common.PolicyNotFoundException, com.bea.p13n.delegation.management.DelegationPolicyManagementException
context
- The ContentContext object
RepositoryException
- In case of errors in removing security policies
com.bea.p13n.entitlements.common.PolicyRemoveException
- If the policy cannot be removed
com.bea.p13n.entitlements.common.EntitlementsException
- In case of error in removing policies
com.bea.p13n.entitlements.common.PolicyNotFoundException
- If policy is not found
com.bea.p13n.delegation.management.DelegationPolicyManagementException
- If the delegated policy cannot be removedpublic static List<SecurityPolicyItem> getSecurityPolicies(String taxonomyStart, int policyUser) throws RepositoryException
taxonomyStart
- The start of the taxonomy. This method will throw an error if the taxonomy is null.policyUser
- PolicyUser - EntitlementConstants.P13N_APPLICATION_POLICY || EntitlementConstants.P13N_ADMIN_POLICY
RepositoryException
- for any other error cases.
|
Copyright © 2000, 2009, Oracle and/or its affiliates. All rights reserved. | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |