|
Oracle Fusion Middleware Java API Reference for Oracle ADF Controller 11g Release 1 (11.1.1.1.0) E10651-02 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface ControllerSecurityManager
Provides a mechanism to check security using EL.
Method Summary | |
---|---|
void |
enforceTransport(TaskFlowId taskFlowId)
Checks whether the request is using the correct transport (http/https), as defined within the taskflow definition. |
java.util.Map<java.lang.String,ActivitySecurity> |
getActivity()
Returns a map of activity security based on permissions. |
oracle.adf.share.security.binding.BindingPermission |
getBindingPermission(TaskFlowId taskFlowId)
Returns the BindingPermission object for this TaskFlowId. |
java.util.Map<java.lang.String,ActivitySecurity> |
getOutcome()
Returns a map of taskflow security based on outcomes. |
java.util.Map<java.lang.String,ActivitySecurity> |
getPermission()
Returns a map of taskflow security based on permissions. |
TaskFlowPermission |
getPermission(TaskFlowId taskFlowId,
java.lang.String action)
Gets the TaskFlowPermission that should be checked for a given taskflow and operation. |
java.util.Map<java.lang.String,ActivitySecurity> |
getTaskflow()
Returns a map of taskflow security based on taskflow id. |
boolean |
isValidTransport(TaskFlowId taskFlowId)
Determines whether the current transport (http/https) is acceptable for the specified taskflow. |
boolean |
isViewAuthorized(TaskFlowId taskFlowId)
Determines whether the subject has authorization to VIEW the specified taskflow. |
Method Detail |
---|
java.util.Map<java.lang.String,ActivitySecurity> getTaskflow()
TaskFlowId
as a string.
ActivitySecurity
.
#{controllerContext.security.taskflow['/WEB-INF/mytask.xml'].viewAuthorized}
java.util.Map<java.lang.String,ActivitySecurity> getOutcome()
ActivitySecurity
.
#{controllerContext.security.outcome.enter.viewAuthorized}
java.util.Map<java.lang.String,ActivitySecurity> getPermission()
ActivitySecurity
.
#{controllerContext.security.permission['/WEB-INF/mytask.xml#mytask'].viewAuthorized}
The primary advantage of this method is that it does not require the taskflow
to be read to determine the permission - we have enough information in
the EL. The primary disadvantage is that it is brittle.
java.util.Map<java.lang.String,ActivitySecurity> getActivity()
The activity must be within the current taskflow.
The object returned is an instance of ActivitySecurity
.
For example, to see whether the view activity 'create-order' is authorized
for the current user, you would use EL of the form
#{controllerContext.security.activity['create-order'].viewAuthorized}
If the activity is a taskflow-call activity, then the value returned reflects the security on the taskflow this activity will invoke.
boolean isViewAuthorized(TaskFlowId taskFlowId)
taskFlowId
- the taskflow to check
true
if the appropriate permission is granted;
false
otherwise.boolean isValidTransport(TaskFlowId taskFlowId)
taskFlowId
- the taskflow to check
true
if the current transport is acceptable
false
otherwise.void enforceTransport(TaskFlowId taskFlowId)
taskFlowId
- The taskflow to check
InvalidTransportException
- when the transport is incorrect.TaskFlowPermission getPermission(TaskFlowId taskFlowId, java.lang.String action)
taskFlowId
- the taskflow identifieraction
- the action to be checked.
oracle.adf.share.security.binding.BindingPermission getBindingPermission(TaskFlowId taskFlowId)
taskFlowId
- the taskflow id
|
Oracle Fusion Middleware Java API Reference for Oracle ADF Controller 11g Release 1 (11.1.1.1.0) E10651-02 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |