Compoze Software API Documentation: Class AccessManager

Overview

Package

Class

Tree

Deprecated

Index

Help

Compoze Software, Inc.

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.compoze.security
Class AccessManager

java.lang.Object
  |
  +--com.compoze.security.AccessManager

All Implemented Interfaces:: java.io.Serializable

public abstract class AccessManager
extends java.lang.Object
implements java.io.Serializable

This class provides the base for managing permissions for users and groups on a particular resource. By associating this manager with a resource, permissions can be granted, revoked and denyied on the principal (User or Group) level.

See Also:: Serialized Form

Constructor Summary

protected AccessManager(User caller, java.lang.String sName, long id)
          Constructor.

protected AccessManager(User caller, java.lang.String sName, long id, com.compoze.ejb.ILocator locator)
          Constructor.

Method Summary

boolean addOwner(java.security.Principal p)
          Adds an owner.

boolean checkPermission(java.security.Principal principal, java.security.acl.Permission p)
          Checks whether or not the specified principal has the specified permission.

boolean denyPermission(java.security.Principal principal, java.security.acl.Permission p)
          Denies the specified principal the specified permission.

protected java.util.List getEntries()
          Gets the entries in the underlying Acl.

java.util.List getPermissions(java.security.Principal principal)
          Gets a list of allowed permissions for the specified principal (representing an entity such as a user or a group).

java.util.List getPrincipals(java.security.acl.Permission p)
          Gets a list of principals for the specified permission.

java.util.List getPrincipals(java.security.acl.Permission p, java.lang.Class principalImplClazz)
          Gets a list of principals of for the specified permission.

boolean grantPermission(java.security.Principal principal, java.security.acl.Permission p)
          Grants the specified permission to the specified principal (either (user or group).

boolean isOwner(java.security.Principal p)
          Checks if the given principal is an owner of the ACL.

boolean removeOwner(java.security.Principal p)
          Deletes the specified principal from the list of owners.

boolean revokePermission(java.security.Principal principal, java.security.acl.Permission p)
          Revokes a particular permission from the specified principal.

void update()
          Updates the access manager (saves the access manager entry).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AccessManager

protected AccessManager(User caller,
                        java.lang.String sName,
                        long id)
                 throws AccessManagerException

Constructor.

Parameters:: caller - the caller; sName - the resource name (may not be null); id - the resource identifier

AccessManager

protected AccessManager(User caller,
                        java.lang.String sName,
                        long id,
                        com.compoze.ejb.ILocator locator)
                 throws AccessManagerException

Constructor.

Parameters:: caller - the caller; sName - the resource name (may not be null); id - the resource identifier; locator - the locator

Method Detail

checkPermission

public boolean checkPermission(java.security.Principal principal,
                               java.security.acl.Permission p)
                        throws AccessManagerException

Checks whether or not the specified principal has the specified permission. If it does, true is returned; otherwise false is returned.

If there is no entry in this access manager for the specified principal, false is returned.

Otherwise, if the principal is a User, the principal's group permission sets are determined. A principal can belong to one or more groups User.groups(), where a group is a group of principals, represented by Group).

The set of permissions granted to the principal is then calculated using the simple rule that user permissions always override the group permissions. That is, the principal's individual negative permission set (specific denial of permissions) overrides the group positive permission set, and the principal's individual positive permission set overrides the group negative permission set.

Parameters:: principal - the principal; p - the permission to be checked for
Returns:: true if the principal has the specified permission; false otherwise
Throws:: AccessManagerException - an error occurs checking the permission

getPrincipals

public java.util.List getPrincipals(java.security.acl.Permission p)
                             throws AccessManagerException

Gets a list of principals for the specified permission.

Parameters:: p - the permission to check for
Returns:: a list of Principal objects specifying the principals that have the specified permission
Throws:: AccessManagerException - an error occurs retrieving the list of principals

getPrincipals

public java.util.List getPrincipals(java.security.acl.Permission p,
                                    java.lang.Class principalImplClazz)
                             throws AccessManagerException

Gets a list of principals of for the specified permission.

Parameters:: p - the permission to check for; principalImplClazz - the principal implmentation class (may not be null and must be subclass of Principal)
Returns:: a list of Principal objects specifying the principals that have the specified permission
Throws:: AccessManagerException - an error occurs retrieving the list of principals

getPermissions

public java.util.List getPermissions(java.security.Principal principal)
                              throws AccessManagerException

Gets a list of allowed permissions for the specified principal (representing an entity such as a user or a group).

Parameters:: principal - the principal whose permission set is to be returned
Returns:: a list specifying the permissions the principal is allowed (Permission)
Throws:: AccessManagerException - an error occurs retrieving the list of permissions

grantPermission

public boolean grantPermission(java.security.Principal principal,
                               java.security.acl.Permission p)
                        throws AccessManagerException,
                               java.security.acl.NotOwnerException

Grants the specified permission to the specified principal (either (user or group).

Parameters:: principal - the principal; p - the permission to be set
Returns:: true on success; false if an entry of the same type (positive or negative) for the same principal is already present
Throws:: java.security.acl.NotOwnerException - if the caller principal is not an owner of the access manager; AccessManagerException - an error occurs granting the principal the permission

revokePermission

public boolean revokePermission(java.security.Principal principal,
                                java.security.acl.Permission p)
                         throws AccessManagerException,
                                java.security.acl.NotOwnerException

Revokes a particular permission from the specified principal. Revoking a permission clears all positive and negative permissions for the specified principal.

Parameters:: principal - the principal from which to revoke the permission; p - the permission to revoke
Returns:: true on success; false if the permission is not granted to the principal
Throws:: java.security.acl.NotOwnerException - if the caller principal is not an owner of the access manager; AccessManagerException - an error occurs revoking the permission





denyPermission
public boolean denyPermission(java.security.Principal principal,
                              java.security.acl.Permission p)
                       throws AccessManagerException,
                              java.security.acl.NotOwnerException

Denies the specified principal the specified permission. A
 negative permission is set for the principal. If the
 principal is a user, a negative permission overrides
 that of the users' group membership.




Parameters:
principal - the principal from which to deny the permission
p - the permission to deny
Returns:
true on success; false if the permission is not denied to the principal
Throws:
AccessManagerException - an error occurs denying the permission for the principal
java.security.acl.NotOwnerException - if the caller principal is not an owner of the access manager






getEntries
protected java.util.List getEntries()

Gets the entries in the underlying Acl.




Returns:
a list of Acl entries AclEntry (un-modifiable)





isOwner
public boolean isOwner(java.security.Principal p)
                throws AccessManagerException

Checks if the given principal is an owner of the ACL.




Parameters:
p - the principal to be checked to determine whether or not it is an owner
Returns:
true if the passed principal is in the list of owners; false if not
Throws:
AccessManagerException - an error occurs processing the request





addOwner
public boolean addOwner(java.security.Principal p)
                 throws AccessManagerException,
                        java.security.acl.NotOwnerException

Adds an owner. Only owners can modify access manager contents.
 The caller must be an owner of the access manager in order to
 invoke this method.




Parameters:
p - the principal that should be added to the list of owners
Returns:
true if successful; false if owner is already an owner
Throws:
java.security.acl.NotOwnerException - if the caller principal is not an owner of the access manager
AccessManagerException - an error occurs processing the request





removeOwner
public boolean removeOwner(java.security.Principal p)
                    throws AccessManagerException,
                           java.security.acl.NotOwnerException,
                           java.security.acl.LastOwnerException

Deletes the specified principal from the list of owners.
 If this is the last owner, an exception is raised. The caller must
 be an owner in order to invoke this method.




Returns:
true if the owner is removed; false if the owner is not part of the list of owners
Throws:
java.security.acl.NotOwnerException - the caller is not an owner
java.security.acl.LastOwnerException - if there is only one owner left, so that removeOwner would leave the access manager owner-less
AccessManagerException - an error occurs processing the request





update
public void update()
            throws AccessManagerException

Updates the access manager (saves the access manager entry).
 This method must be called to commit changes to the access manager.
 If changes have been made to this access manager by another user,
 this method will throw and exception.














  
      Overview 
      Package 
    Class 
      Tree 
      Deprecated 
      Index 
      Help 
  



Compoze Software, Inc.





 PREV CLASS 
 NEXT CLASS

  FRAMES   
 NO FRAMES



  SUMMARY:  INNER | FIELD | CONSTR | METHOD

DETAIL:  FIELD | CONSTR | METHOD





 Copyright �1999-2003 Compoze Software, Inc. All rights reserved.

Constructor Summary
`protected`	`AccessManager(User caller, java.lang.String sName, long id)` Constructor.
`protected`	`AccessManager(User caller, java.lang.String sName, long id, com.compoze.ejb.ILocator locator)` Constructor.

Method Summary
`boolean`	`addOwner(java.security.Principal p)` Adds an owner.
`boolean`	`checkPermission(java.security.Principal principal, java.security.acl.Permission p)` Checks whether or not the specified principal has the specified permission.
`boolean`	`denyPermission(java.security.Principal principal, java.security.acl.Permission p)` Denies the specified principal the specified permission.
`protected java.util.List`	`getEntries()` Gets the entries in the underlying Acl.
`java.util.List`	`getPermissions(java.security.Principal principal)` Gets a list of allowed permissions for the specified principal (representing an entity such as a user or a group).
`java.util.List`	`getPrincipals(java.security.acl.Permission p)` Gets a list of principals for the specified permission.
`java.util.List`	`getPrincipals(java.security.acl.Permission p, java.lang.Class principalImplClazz)` Gets a list of principals of for the specified permission.
`boolean`	`grantPermission(java.security.Principal principal, java.security.acl.Permission p)` Grants the specified permission to the specified principal (either (user or group).
`boolean`	`isOwner(java.security.Principal p)` Checks if the given principal is an owner of the ACL.
`boolean`	`removeOwner(java.security.Principal p)` Deletes the specified principal from the list of owners.
`boolean`	`revokePermission(java.security.Principal principal, java.security.acl.Permission p)` Revokes a particular permission from the specified principal.
`void`	`update()` Updates the access manager (saves the access manager entry).

com.compoze.security Class AccessManager

AccessManager

AccessManager

checkPermission

getPrincipals

getPrincipals

getPermissions

grantPermission

revokePermission

denyPermission

getEntries

isOwner

addOwner

removeOwner

update

com.compoze.security
Class AccessManager