Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

atg.adapter.secure
Class GenericSecuredRepository

java.lang.Object
  extended by atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      extended by atg.nucleus.GenericService
          extended by atg.adapter.secure.GenericSecuredRepository
All Implemented Interfaces:
NameContextBindingListener, NameContextElement, NameResolver, AdminableService, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, atg.nucleus.logging.VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, atg.repository.DisplayableRepository, Repository, RepositoryViewContainer, SecuredRepository, java.util.EventListener
Direct Known Subclasses:
GenericSecuredMutableRepository
public class GenericSecuredRepository
extends GenericService
implements SecuredRepository, atg.repository.DisplayableRepository

An implementation of SecureRepository that wraps a normal Repository, using properties of its items to store access control information as formatted strings. This is a very basic system whose primary purpose is flexibility rather than performance, although some effort has been given towards providing acceptable performance.

This implementation is not intended to provide absolute security, but rather to allow an application the ability to provide security features without having to implement its own access checking.

Field Summary
static java.lang.String CLASS_VERSION
           
protected  atg.adapter.secure.WeakItemCache mItemCache
          A cache of secured repository items indexed by the repository item.
protected  Repository mRepository
          The repository we're wrapping.
protected  SecurityConfiguration mSecurityConfiguration
          The security configuration of the repository.
protected  javax.transaction.TransactionManager mTransactionManager
          The transaction manager to use for transactions while we do repository work.
 
Fields inherited from class atg.nucleus.GenericService
SERVICE_INFO_KEY
 
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging
DEFAULT_LOG_TRACE_STATUS
 
Fields inherited from interface atg.nucleus.logging.ApplicationLogging
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS
 
Constructor Summary
GenericSecuredRepository()
          Creates a secured repository that can be used to wrap a normal repository.
GenericSecuredRepository(Repository pRepository, SecurityConfiguration pConfiguration)
          Creates a secured repository that wraps a normal repository.
 
Method Summary
protected  void checkAccess(GenericSecuredRepositoryItem pItem, AccessRight pRight)
          Checks to see if the specified access is allowed on an item and, if not, throws a RepositorySecurityException that wraps a PermissionDeniedException.
 void checkAccess(java.lang.String pDescriptorName, AccessRight pRight)
          Checks to see if the current user has the indicated access right for an item descriptor.
protected  void checkAccess(java.lang.String pId, java.lang.String pDescriptorName, AccessRight pRight)
          Looks up a secured repository item and checks to see if the user has the indicated access right on it.
protected  void checkForInvalidRepository()
           
 void doStartService()
          This is called after a Service has been created, placed into the naming hierarchy, and initialized with its configured property values.
 RepositoryItem[] filterItems(RepositoryItem[] pItems, AccessRight pRight)
          Filters out any repository items returned from a query that the user should not be able to access in the indicated mode.
 java.lang.String getComponentResourceBundleName()
          Get property componentResourceBundleName
 atg.xml.XMLFile getConfigurationFile()
          Returns the configuration template used to configure the repository.
 java.lang.String getDefaultViewName()
          Returns the name of the "default" or "root" RepositoryView
 RepositoryItem getItem(java.lang.String pId)
          Deprecated.  
 RepositoryItem getItem(java.lang.String pId, java.lang.String pDescriptorName)
          Returns an item in the Repository with the given id.
 RepositoryItemDescriptor getItemDescriptor(RepositoryItemDescriptor pDesc)
          Returns a RepositoryItemDescriptor accessed with the name of the given descriptor.
 RepositoryItemDescriptor getItemDescriptor(java.lang.String pName)
          Returns a RepositoryItemDescriptor accessed with the given name.
 java.lang.String[] getItemDescriptorNames()
          Returns an array of the names of the known RepositoryItemDescriptors.
 RepositoryItem[] getItems(java.lang.String[] pIds)
          Deprecated.  
 RepositoryItem[] getItems(java.lang.String[] pIds, java.lang.String pDescriptorName)
          Returns the items with the given ids.
 Repository getRepository()
          Returns the repository that we're wrapping.
 java.lang.String getRepositoryDisplayName()
          Get property repositoryDisplayName
 java.lang.String getRepositoryDisplayNameResource()
          Get property repositoryDisplayNameResource
 java.lang.String getRepositoryName()
          Returns the name of this Repository
 SecurityConfiguration getSecurityConfiguration()
          Returns the security configuration information for the repository.
 SecurityPolicy getSecurityPolicy()
          Returns the security policy used for the repository.
 javax.transaction.TransactionManager getTransactionManager()
          Returns the transaction manager to use for repository interaction.
 RepositoryView getView(RepositoryItemDescriptor pDesc)
          Returns a RepositoryView accessed with the name of the given descriptor.
 RepositoryView getView(java.lang.String pName)
          Returns a RepositoryView accessed with the given name.
 java.lang.String[] getViewNames()
          Returns an array of the names of all contained top-level views
 atg.xml.tools.XMLToolsFactory getXMLToolsFactory()
          Returns the tools factory that creates an XML parser for this user authority.
 boolean hasAccess(java.lang.String pDescriptorName, AccessRight pRight)
          Checks to see if the current user has the indicated access right for an item descriptor.
 void setComponentResourceBundleName(java.lang.String pComponentResourceBundleName)
          Set property componentResourceBundleName
 void setConfigurationFile(atg.xml.XMLFile pXmlConfiguration)
          Changes the configuration template used to configure the repository.
 void setRepository(Repository pRepository)
          Changes the repository that we're wrapping.
 void setRepositoryDisplayNameResource(java.lang.String pRepositoryDisplayNameResource)
          Set property repositoryDisplayNameResource
 void setRepositoryName(java.lang.String pName)
          Changes the name of the repository.
 void setSecurityConfiguration(SecurityConfiguration pSecurityConfiguration)
          Changes the security configuration for the repository, which affects the production of access control lists.
 void setTransactionManager(javax.transaction.TransactionManager pManager)
          Changes the transaction manager to use for repository interaction.
 void setXMLToolsFactory(atg.xml.tools.XMLToolsFactory pNewFactory)
          Sets the tools factory that will be used to create an XML parser for this user authority.
 java.lang.Object[] unwrapArray(java.lang.Object[] pArray)
          Takes an array and removes the secured wrappers around its contents.
 java.util.List unwrapList(java.util.List pList)
          Takes a List and removes the secured wrappers around its contents.
 java.util.Map unwrapMap(java.util.Map pMap)
          Takes a Map and removes the secured wrappers around its contents.
 java.util.Set unwrapSet(java.util.Set pSet)
          Takes a Set and removes the secured wrappers around its contents.
 java.lang.Object unwrapValue(java.lang.Object pValue)
          Takes a secured repository property value and turns it into an unsecured repository property value so we can store it in the underlying repository.
 
Methods inherited from class atg.nucleus.GenericService
addLogListener, createAdminServlet, doStopService, getAbsoluteName, getAdminServlet, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
 
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION

mRepository

protected Repository mRepository
The repository we're wrapping.

mTransactionManager

protected javax.transaction.TransactionManager mTransactionManager
The transaction manager to use for transactions while we do repository work.

mSecurityConfiguration

protected SecurityConfiguration mSecurityConfiguration
The security configuration of the repository.

mItemCache

protected atg.adapter.secure.WeakItemCache mItemCache
A cache of secured repository items indexed by the repository item.

Constructor Detail

GenericSecuredRepository

public GenericSecuredRepository()
Creates a secured repository that can be used to wrap a normal repository.

GenericSecuredRepository

public GenericSecuredRepository(Repository pRepository,
                                SecurityConfiguration pConfiguration)
Creates a secured repository that wraps a normal repository.

Method Detail

getConfigurationFile

public atg.xml.XMLFile getConfigurationFile()
Returns the configuration template used to configure the repository.

setConfigurationFile

public void setConfigurationFile(atg.xml.XMLFile pXmlConfiguration)
Changes the configuration template used to configure the repository.

getRepository

public Repository getRepository()
Returns the repository that we're wrapping.

setRepository

public void setRepository(Repository pRepository)
Changes the repository that we're wrapping. It is an extremely bad idea to change the wrapped repository after using the secured repository in any way.

setRepositoryName

public void setRepositoryName(java.lang.String pName)
Changes the name of the repository.

setSecurityConfiguration

public void setSecurityConfiguration(SecurityConfiguration pSecurityConfiguration)
Changes the security configuration for the repository, which affects the production of access control lists. This should never be done after the repository has been used.

getTransactionManager

public javax.transaction.TransactionManager getTransactionManager()
Returns the transaction manager to use for repository interaction.

setTransactionManager

public void setTransactionManager(javax.transaction.TransactionManager pManager)
Changes the transaction manager to use for repository interaction.

getXMLToolsFactory

public atg.xml.tools.XMLToolsFactory getXMLToolsFactory()
Returns the tools factory that creates an XML parser for this user authority.

setXMLToolsFactory

public void setXMLToolsFactory(atg.xml.tools.XMLToolsFactory pNewFactory)
Sets the tools factory that will be used to create an XML parser for this user authority.

getRepositoryDisplayName

public java.lang.String getRepositoryDisplayName()
Get property repositoryDisplayName

Specified by:
getRepositoryDisplayName in interface atg.repository.DisplayableRepository
Returns:
the display name of this repository

setRepositoryDisplayNameResource

public void setRepositoryDisplayNameResource(java.lang.String pRepositoryDisplayNameResource)
Set property repositoryDisplayNameResource

Parameters:
pRepositoryDisplayNameResource - the name of the resource that contains the display name for this repository

getRepositoryDisplayNameResource

public java.lang.String getRepositoryDisplayNameResource()
Get property repositoryDisplayNameResource

Returns:
the name of the resource that contains the display name for this repository

setComponentResourceBundleName

public void setComponentResourceBundleName(java.lang.String pComponentResourceBundleName)
Set property componentResourceBundleName

Parameters:
pComponentResourceBundleName - the name of the resource bundle that holds the display name resource

getComponentResourceBundleName

public java.lang.String getComponentResourceBundleName()
Get property componentResourceBundleName

Returns:
the name of the resource bundle that holds the display name resource

checkAccess

public void checkAccess(java.lang.String pDescriptorName,
                        AccessRight pRight)
                 throws RepositoryException
Checks to see if the current user has the indicated access right for an item descriptor. If not, it throws a RepositorySecurityException that wraps a PermissionDeniedException.

Throws:
RepositoryException
See Also:
RepositorySecurityException, PermissionDeniedException

hasAccess

public boolean hasAccess(java.lang.String pDescriptorName,
                         AccessRight pRight)
                  throws RepositoryException
Checks to see if the current user has the indicated access right for an item descriptor.

Throws:
RepositoryException

checkAccess

protected void checkAccess(GenericSecuredRepositoryItem pItem,
                           AccessRight pRight)
                    throws RepositoryException
Checks to see if the specified access is allowed on an item and, if not, throws a RepositorySecurityException that wraps a PermissionDeniedException.

If the item is null, this completes successfully. This allows the caller to call through into the real repository to receive the appropriate repository exception.

Throws:
RepositoryException

checkAccess

protected void checkAccess(java.lang.String pId,
                           java.lang.String pDescriptorName,
                           AccessRight pRight)
                    throws RepositoryException
Looks up a secured repository item and checks to see if the user has the indicated access right on it. If not, this throws a RepositorySecurityException that wraps a PermissionDeniedException. If the item does not exist, this completes successfully. This allows the caller to call through into the real repository to receive the appropriate repository exception.

Throws:
RepositoryException

filterItems

public RepositoryItem[] filterItems(RepositoryItem[] pItems,
                                    AccessRight pRight)
Filters out any repository items returned from a query that the user should not be able to access in the indicated mode.

unwrapArray

public java.lang.Object[] unwrapArray(java.lang.Object[] pArray)
Takes an array and removes the secured wrappers around its contents.

unwrapList

public java.util.List unwrapList(java.util.List pList)
Takes a List and removes the secured wrappers around its contents.

unwrapMap

public java.util.Map unwrapMap(java.util.Map pMap)
Takes a Map and removes the secured wrappers around its contents.

unwrapSet

public java.util.Set unwrapSet(java.util.Set pSet)
Takes a Set and removes the secured wrappers around its contents.

unwrapValue

public java.lang.Object unwrapValue(java.lang.Object pValue)
Takes a secured repository property value and turns it into an unsecured repository property value so we can store it in the underlying repository.

checkForInvalidRepository

protected void checkForInvalidRepository()
                                  throws ServiceException
Throws:
ServiceException

doStartService

public void doStartService()
                    throws ServiceException
Description copied from class: GenericService
This is called after a Service has been created, placed into the naming hierarchy, and initialized with its configured property values. The Service should override this method to start any processes it requires.

Overrides:
doStartService in class GenericService
Throws:
ServiceException - if the Service had a problem starting up

getRepositoryName

public java.lang.String getRepositoryName()
Returns the name of this Repository

Specified by:
getRepositoryName in interface Repository

getItem

public RepositoryItem getItem(java.lang.String pId)
                       throws RepositoryException
Deprecated. 

Returns an item in the Repository with the given id. This version retrieves the item from the default item descriptor.

The caller must have READ access on the item descriptor or a RepositorySecurityException will be thrown. They must have LIST access on the item or null is returned.

Specified by:
getItem in interface Repository
Parameters:
pId - the id of the item to retrieve
Returns:
null if no item can be found
Throws:
RepositoryException - if there was an error while attempting to return the RepositoryItem

getItem

public RepositoryItem getItem(java.lang.String pId,
                              java.lang.String pDescriptorName)
                       throws RepositoryException
Returns an item in the Repository with the given id.

The caller must have READ access on the item descriptor or a RepositorySecurityException will be thrown. They must have LIST access on the item or null is returned.

Specified by:
getItem in interface Repository
Parameters:
pId - the id of the item to retrieve
pDescriptorName - the name of the item descriptor that contains this item.
Returns:
null if no item can be found
Throws:
RepositoryException - if there was an error while attempting to return the RepositoryItem

getItems

public RepositoryItem[] getItems(java.lang.String[] pIds)
                          throws RepositoryException
Deprecated. 

Returns the items with the given ids. If requested items are not readable, they are not returned. The caller must have READ access on the item descriptor or a RepositorySecurityException will e thrown. They must have LIST access on each item or null is returned in the slots of the respective items.

The caller must have LIST access on each item that is requested or that item's slot will be set to null following this query.

Specified by:
getItems in interface Repository
Returns:
null if no items can be found
Throws:
RepositoryException - if there was an error while attempting to return the RepositoryItems

getItems

public RepositoryItem[] getItems(java.lang.String[] pIds,
                                 java.lang.String pDescriptorName)
                          throws RepositoryException
Returns the items with the given ids.

The caller must have READ access on the item descriptor or a RepositorySecurityException will e thrown. They must have LIST access on each item or null is returned in the slots of the respective items.

Specified by:
getItems in interface Repository
Parameters:
pIds - the list of ids
pDescriptorName - the item descriptor containing these ids
Returns:
null if no items can be found
Throws:
RepositoryException - if there was an error while attempting to return the RepositoryItems

getDefaultViewName

public java.lang.String getDefaultViewName()
Returns the name of the "default" or "root" RepositoryView

Specified by:
getDefaultViewName in interface Repository

getViewNames

public java.lang.String[] getViewNames()
Returns an array of the names of all contained top-level views

Specified by:
getViewNames in interface Repository
Specified by:
getViewNames in interface RepositoryViewContainer
Returns:
null if no sub-views exist

getView

public RepositoryView getView(java.lang.String pName)
                       throws RepositoryException
Returns a RepositoryView accessed with the given name.

Specified by:
getView in interface Repository
Specified by:
getView in interface RepositoryViewContainer
Parameters:
pName - the name of the view to find
Returns:
null if the requested view does not exist
Throws:
RepositoryException - if there was an error while attempting to return the RepositoryView

getView

public RepositoryView getView(RepositoryItemDescriptor pDesc)
                       throws RepositoryException
Description copied from interface: Repository
Returns a RepositoryView accessed with the name of the given descriptor.

Specified by:
getView in interface Repository
Parameters:
pDesc - the descriptor of the view to find
Returns:
null if the requested view does not exist
Throws:
RepositoryException - if there was an error while attempting to return the RepositoryView

getItemDescriptorNames

public java.lang.String[] getItemDescriptorNames()
Returns an array of the names of the known RepositoryItemDescriptors. There should always be at least one item descriptor per Repository.

Specified by:
getItemDescriptorNames in interface Repository

getItemDescriptor

public RepositoryItemDescriptor getItemDescriptor(java.lang.String pName)
                                           throws RepositoryException
Returns a RepositoryItemDescriptor accessed with the given name.

Specified by:
getItemDescriptor in interface Repository
Parameters:
pName - the name of the descriptor to find
Returns:
null if the requested descriptor does not exist
Throws:
RepositoryException - if there was an error while attempting to return the RepositoryItemDescriptor

getItemDescriptor

public RepositoryItemDescriptor getItemDescriptor(RepositoryItemDescriptor pDesc)
                                           throws RepositoryException
Description copied from interface: Repository
Returns a RepositoryItemDescriptor accessed with the name of the given descriptor.

Specified by:
getItemDescriptor in interface Repository
Parameters:
pDesc - the descriptor to find
Returns:
null if the requested descriptor does not exist
Throws:
RepositoryException - if there was an error while attempting to return the RepositoryItemDescriptor

getSecurityPolicy

public SecurityPolicy getSecurityPolicy()
Returns the security policy used for the repository.

Specified by:
getSecurityPolicy in interface SecuredRepository

getSecurityConfiguration

public SecurityConfiguration getSecurityConfiguration()
Returns the security configuration information for the repository.

Specified by:
getSecurityConfiguration in interface SecuredRepository
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD