Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.bea.content.federated
Class ContentSecurityHelper

java.lang.Object
  extended by com.bea.content.federated.ContentSecurityHelper

public class ContentSecurityHelper
extends Object

This class contains helper methods to manage security on content management resources.

Field Summary
static ContextKey COMMUNITY_URI
          optional.
static String MARKER_CAPABILITY
           

 

Method Summary
static void addRoles(SecurityPolicyItem spi, List<String> roleList)
          Adds this list of roles to the security policty
static void cleanDanglingPolicies(ContentContext context)
          Clean all the dangling policies in CM System for ALL the repositories.
static void createDAPolicy(ContentContext context, String taxonomy, List<String> roleList, String capability)
          Create a DA security policy for the given taxonomy and capability.
static void createVisitorSecurityPolicy(ContentContext context, String taxonomy, List<String> roleList, String capability, String providerName)
          Create a visitor security policy for the given taxonomy and capability.
static String getRootTaxonomy(String repositoryName, String resourceType)
          Return the taxonomy of the repository root.
static List<SecurityPolicyItem> getSecurityPolicies(String taxonomyStart, int policyUser)
          Gets all the security policies for a given user which start with the given taxonomy.
static SecurityPolicyItem getSecurityPolicy(int policyUser, String aResourceId, String aCapability)
          Returns a security policy item given a policyUser, resourceId, and a capability.
static Subject getSubject()
          Returns the currently logged in subject
static String getTaxonomy(Node node)
          Return the taxonomy of the node used by the Content Security Layer
static String getTaxonomy(ObjectClass objectClass)
          Return the taxonomy of the type used by the Content Security Layer
static String getTaxonomy(Workflow workflow)
          Return the taxonomy of the workflow object used by the Content Security Layer
static String getUserName()
          Gets the userName of the currently logged in user
static boolean isAdminRole()
           
static void removeDAPolicy(ContentContext context, String taxonomy, String capability)
          Remove the DA Policy set on the content resource
static void removeRoles(SecurityPolicyItem spi, List<String> roleList)
          Remove the roles from the given security policy
static void removeVisitorPolicy(ContentContext context, String taxonomy, String capability, String providerName)
          Remove the visitor Policy set on the content resource

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Field Detail

MARKER_CAPABILITY

public static final String MARKER_CAPABILITY
See Also
Constants Summary

COMMUNITY_URI

public static final ContextKey COMMUNITY_URI
optional. If a groupSpace community, need the community uri for entitlements check

Method Detail

getSubject

public static Subject getSubject()
Returns the currently logged in subject
Returns
logged in subject

getUserName

public static String getUserName()
Gets the userName of the currently logged in user
Returns
The user name.

getRootTaxonomy

public static String getRootTaxonomy(String repositoryName,
                                     String resourceType)
Return the taxonomy of the repository root.

To get the taxonomy of the root of the repository named "WLP Repository" to check the capabilities associated with the repository in general: String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository', ContentEntitlementHelper.RESOURCE_REPOSITORY);

However, when placing entitlements on content within the repository, use the taxonomy of the content node representing the root of the repository named "WLP Repository": String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository', ContentEntitlementHelper.RESOURCE_CONTENT);

Similarly, when placing entitlements on ObjectClasses within the repository, use the taxonomy of the ObjectClass representing the root of the repository named "WLP Repository": String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository', ContentEntitlementHelper.RESOURCE_TYPE);

Parameters
resourceType - The resourceType defined in ContentEntitlementHelper [RESOURCE_CONTENT, RESOURCE_TYPE, RESOURCE_REPOSITORY, RESOURCE_WORKFLOW]
repositoryName - The name of the repository. If it's null, it will return taxonomy of the Virtual Repository
Returns
The taxonomy for that repository. Will throw an IllegalArgumentException if invalid resource type is specified

getTaxonomy

public static String getTaxonomy(Node node)
Return the taxonomy of the node used by the Content Security Layer

Here is an example of using this method to grant all users in the 'MyClients' role view capability on the repository named "WLP Repository" starting at the node with path /WLP Repository/A/B/C: INodeManager nodeManager = ContentManagerFactory.getNodeManager(); ContentContext cc = new ContentContext(); Node node = nodeManager.getNode(cc, "/WLP Repository/A/B/C"); String taxonomy = ContentSecurityHelper.getTaxonomy(node); List<String> roleList = new ArrayList<String>(); roleList.add('MyClients'); String capability = ContentEntitlementHelper.CAN_VISITOR_VIEW; ContentSecurityHelper.createVisitorSecurityPolicy(cc, taxonomy, roleList, capability, null);

Parameters
node - The node object
Returns
The taxonomy

getTaxonomy

public static String getTaxonomy(ObjectClass objectClass)
Return the taxonomy of the type used by the Content Security Layer
Parameters
objectClass - Object class to be checked.
Returns
The taxonomy

getTaxonomy

public static String getTaxonomy(Workflow workflow)
Return the taxonomy of the workflow object used by the Content Security Layer
Parameters
workflow - The workflow object
Returns
The taxonomy

createVisitorSecurityPolicy

public static void createVisitorSecurityPolicy(ContentContext context,
                                               String taxonomy,
                                               List<String> roleList,
                                               String capability,
                                               String providerName)
                                        throws com.bea.p13n.entitlements.common.EntitlementsException,
                                               com.bea.p13n.entitlements.common.PolicyCreateException,
                                               com.bea.p13n.entitlements.common.PolicyExistsException,
                                               RepositoryException
Create a visitor security policy for the given taxonomy and capability.
Parameters
context - The contentContext object
taxonomy - Taxonomy of the resource. Can be generated using getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow) for content specific resources
roleList - The roleList associated with the security policy item
capability - The visitor capability. Should only be a list of valid visitor capabilities defined in ContentEntitlementHelper - CAN_VISITOR_CREATE/CAN_VISITOR_VIEW etc
providerName - Optional parameter, needs to be set only if the visitor security policy is to be created in a different provider. If the policy is to be created in the default provider, this variable can be set to null.

Here is an example of using this method to grant all users in the 'MyClients' role view capability on the repository named "WLP Repository": String taxonomy = ContentSecurityHelper.getRootTaxonomy('WLP Repository', ContentEntitlementHelper.RESOURCE_CONTENT); List<String> roleList = new ArrayList<String>(); roleList.add('MyClients'); String capability = ContentEntitlementHelper.CAN_VISITOR_VIEW; ContentSecurityHelper.createVisitorSecurityPolicy(new ContentContext(), taxonomy, roleList, capability, null);

Throws
com.bea.p13n.entitlements.common.EntitlementsException - If an entitlement error occurs
com.bea.p13n.entitlements.common.PolicyCreateException - if an error occurs in creating a policy
com.bea.p13n.entitlements.common.PolicyExistsException - if the policy already exists
RepositoryException - for any other error

removeVisitorPolicy

public static void removeVisitorPolicy(ContentContext context,
                                       String taxonomy,
                                       String capability,
                                       String providerName)
                                throws com.bea.p13n.entitlements.common.EntitlementsException,
                                       com.bea.p13n.entitlements.common.PolicyRemoveException,
                                       com.bea.p13n.entitlements.common.PolicyNotFoundException,
                                       RepositoryException
Remove the visitor Policy set on the content resource
Parameters
context - The contentContext object.
taxonomy - Taxonomy of the resource. Can be generated using getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow) for content specific resources
capability - The visitor capability. Should only be a list of valid visitor capabilities defined in ContentEntitlementHelper - CAN_VISITOR_CREATE etc To remove all capabilities, use the wildcard - *
providerName - Optional parameter, needs to be set only if the visitor security policy is to be removed for a different provider. If the policy is to be removed in the default provider, this variable can be set to null. To remove the visitor policy from ALL security providers, specify * as it's value
Throws
com.bea.p13n.entitlements.common.EntitlementsException - If an entitlement error occurs
com.bea.p13n.entitlements.common.PolicyRemoveException - If the policy cannot be removed
com.bea.p13n.entitlements.common.PolicyNotFoundException - If the policy was not found
RepositoryException - For any other error

createDAPolicy

public static void createDAPolicy(ContentContext context,
                                  String taxonomy,
                                  List<String> roleList,
                                  String capability)
                           throws com.bea.p13n.delegation.management.DelegationPolicyManagementException,
                                  com.bea.p13n.entitlements.common.EntitlementsException,
                                  RepositoryException
Create a DA security policy for the given taxonomy and capability.
Parameters
context - The ContentContext object. Recommended use is only from within admin tools.
taxonomy - Taxonomy of the resource. Can be generated using getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow) for content specific resources
roleList - A list of roles to associate with the policy.
capability - The DA capability. Should only be a list of valid DA capabilities defined in ContentEntitlementHelper - CAN_CREATE/CAN_DELETE etc
Throws
RepositoryException - If an error occurs
com.bea.p13n.entitlements.common.EntitlementsException - If an error occurs with entitlements
com.bea.p13n.delegation.management.DelegationPolicyManagementException - A wrapper for an exception throw by the underlying entitlements engine

removeDAPolicy

public static void removeDAPolicy(ContentContext context,
                                  String taxonomy,
                                  String capability)
                           throws com.bea.p13n.delegation.management.DelegationPolicyManagementException,
                                  com.bea.p13n.entitlements.common.EntitlementsException,
                                  RepositoryException
Remove the DA Policy set on the content resource
Parameters
context - The ContentContext object. Recommended use is only from within admin tools.
taxonomy - Taxonomy of the resource. Can be generated using getTaxonomy(Node), getTaxonomy(ObjectClass) or getTaxonomy(Workflow) for content specific resources
capability - The DA capability. Should only be a list of valid DA capabilities defined in ContentEntitlementHelper - CAN_CREATE/CAN_DELETE etc To remove all capabilities, use the wildcard - *
Throws
RepositoryException - If an error occurs
com.bea.p13n.delegation.management.DelegationPolicyManagementException - A wrapper for an exception throw by the underlying entitlements engine
com.bea.p13n.entitlements.common.EntitlementsException - If an error occurs with entitlements

isAdminRole

public static boolean isAdminRole()

addRoles

public static void addRoles(SecurityPolicyItem spi,
                            List<String> roleList)
                     throws com.bea.p13n.entitlements.common.PolicyNotFoundException,
                            com.bea.p13n.entitlements.common.PolicyCreateException
Adds this list of roles to the security policty
Parameters
spi - SecurityPolicyItem can be obtained via "getSecurityPolicy()" method in this class
roleList - The list of new roles
Throws
com.bea.p13n.entitlements.common.PolicyNotFoundException - If the given policy is not found.
com.bea.p13n.entitlements.common.PolicyCreateException - If the policy change fails.

removeRoles

public static void removeRoles(SecurityPolicyItem spi,
                               List<String> roleList)
                        throws com.bea.p13n.entitlements.common.PolicyNotFoundException,
                               com.bea.p13n.entitlements.common.PolicyCreateException
Remove the roles from the given security policy
Parameters
spi - SecurityPolicyItem can be obtained via "getSecurityPolicy()" method in this class
roleList - The list of roles to remove
Throws
com.bea.p13n.entitlements.common.PolicyNotFoundException - If the given policy is not found.
com.bea.p13n.entitlements.common.PolicyCreateException - If the policy change fails.

getSecurityPolicy

public static SecurityPolicyItem getSecurityPolicy(int policyUser,
                                                   String aResourceId,
                                                   String aCapability)
Returns a security policy item given a policyUser, resourceId, and a capability. Will throw a PolicyManagementAccessException if the user is not in an authorized Role (PortalSystemAdministrators/Admin)
Parameters
policyUser - PolicyUser - EntitlementConstants.P13N_APPLICATION_POLICY || EntitlementConstants.P13N_ADMIN_POLICY
aResourceId - Usually the taxonomy of the content resource.
aCapability - The capability required
Returns
SecurityPolicyItem The matching security policy item/

cleanDanglingPolicies

public static void cleanDanglingPolicies(ContentContext context)
                                  throws RepositoryException,
                                         com.bea.p13n.entitlements.common.PolicyRemoveException,
                                         com.bea.p13n.entitlements.common.EntitlementsException,
                                         com.bea.p13n.entitlements.common.PolicyNotFoundException,
                                         com.bea.p13n.delegation.management.DelegationPolicyManagementException
Clean all the dangling policies in CM System for ALL the repositories. Dangling policies are created when a visitor has renamed a node and the security policy has not been updated to reflect the fact. This method will allow cleaning of dangling policies both at the DA Level as well as Visitor Entitlements level. If the user is not in an Admin role, the method will throw an RepositoryException.
Parameters
context - The ContentContext object
Throws
RepositoryException - In case of errors in removing security policies
com.bea.p13n.entitlements.common.PolicyRemoveException - If the policy cannot be removed
com.bea.p13n.entitlements.common.EntitlementsException - In case of error in removing policies
com.bea.p13n.entitlements.common.PolicyNotFoundException - If policy is not found
com.bea.p13n.delegation.management.DelegationPolicyManagementException - If the delegated policy cannot be removed

getSecurityPolicies

public static List<SecurityPolicyItem> getSecurityPolicies(String taxonomyStart,
                                                           int policyUser)
                                                    throws RepositoryException
Gets all the security policies for a given user which start with the given taxonomy. The user should be in a PortalSystemAdministrators/Admin role to use this method, otherwise a PolicyManagementAccessException will be thrown by the system.
Parameters
taxonomyStart - The start of the taxonomy. This method will throw an error if the taxonomy is null.
policyUser - PolicyUser - EntitlementConstants.P13N_APPLICATION_POLICY || EntitlementConstants.P13N_ADMIN_POLICY
Returns
A list of security policy items. This will get all security policies of matching taxonomy from ALL the security providers.
Throws
RepositoryException - for any other error cases.

Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2010, Oracle. All rights reserved.