Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

atg.security
Class GenericSecurityDomain

java.lang.Object
  extended by atg.security.GenericSecurityDomain
All Implemented Interfaces:
SecurityDomain, java.io.Serializable
Direct Known Subclasses:
PathSecurityDomain
public abstract class GenericSecurityDomain
extends java.lang.Object
implements SecurityDomain, java.io.Serializable

A typical implementation of most of the security domain interface, useful for writing other security domains.

A subclass must implement createResourceAsUser() and getResource() at a minimum.

See Also:
Serialized Form

Field Summary
static java.lang.String CLASS_VERSION
           
 
Constructor Summary
GenericSecurityDomain()
           
 
Method Summary
 void addAccessAllowedListener(DataListener pListener)
          Adds a listener for access allowed events.
 void addAccessDeniedListener(DataListener pListener)
          Adds a listener for access denied events.
 void addAccessRight(AccessRight pNewAccessRight)
          Adds a new access right to the security domain.
 SecuredResource createResource(java.lang.Object pObject, java.lang.Object pResourceKey, AccessControlEntry[] pInitialAcl)
          Creates a new SecuredResource object, with the specified key, for the specified object using the specified resource key.
protected  void fireAccessAllowedEvent(User pUser, SecuredResource pResource, AccessRight pRight)
          Fires off an event when an access has been allowed.
protected  void fireAccessDeniedEvent(User pUser, SecuredResource pResource, AccessRight pRight)
          Fires off an event when an access has been denied.
protected  void fireAccessEvent(User pUser, SecuredResource pResource, AccessRight pDesiredAccess, boolean pAllowed)
          Fires an allow or deny access event.
 AccessRight[] getAccessRights()
          Returns a list of all possible access rights in this domain.
 java.lang.String getCreationRightsAttribute()
          Returns the name of the attribute that is used to determine the default access rights to assign to a resource for a given persona when createResource() is called.
protected  AccessControlEntry[] getDefaultAcl(User pUser)
          Utility method for creating the access control list that should be used by default when a resource for the indicated user.
 java.lang.String getSecurityDomainDescription()
          Returns the description of the security domain.
 java.lang.String getSecurityDomainName()
          Returns the name of the security domain.
 UserAuthority getUserAuthority()
          Returns the user authority for this domain.
 boolean hasAccess(AccessRight pDesiredAccess, java.lang.Object pResourceKey)
          Returns true if the current user has the indicated access right for the indicated resource.
 boolean hasAccess(User pUser, AccessRight pDesiredAccess, java.lang.Object pResourceKey)
          Checks the access permissions on a resource for the indicated user.
 boolean hasAccessRight(AccessRight pAccessRight)
          Determines if the given user has the given access right
 boolean hasAccessRight(AccessRight pAccessRight, DirectoryPrincipal pTargetPrincipal)
          Determines if the given user has the given access right within the given principal
 boolean hasAccessRight(User pUser, AccessRight pAccessRight)
          Determines if the given user has the given access right
 boolean hasAccessRight(User pUser, AccessRight pAccessRight, DirectoryPrincipal pTargetPrincipal)
          Determines if the given user has the given access right within the given principal
protected  boolean isRightInPersonae(Persona[] pPersonae, AccessRight pAccessRight, DirectoryPrincipal pTargetPrincipal, UserDirectoryUserAuthority pUserAuthority)
           
 void removeAccessAllowedListener(DataListener pListener)
          Removes a listener for access allowed events.
 void removeAccessDeniedListener(DataListener pListener)
          Removes a listener for access denied events.
 void removeAccessRight(AccessRight pOldAccessRight)
          Removes an existing access right from the security domain.
 void setAccessRights(AccessRight[] pNewAccessRights)
          Changes the set of access rights available in the security domain.
 void setCreationRightsAttribute(java.lang.String pNewName)
          Changes the name of the attribute that is used to determine the default access rights to assign to a resource for a given persona when createResource() is called.
protected  void setInitialAcl(User pUser, SecuredResource pResource, AccessControlEntry[] pInitialAcl)
          Sets the initial ACL for a resource.
 void setSecurityDomainDescription(java.lang.String pNewDescription)
          Changes the description of the security domain.
 void setSecurityDomainName(java.lang.String pNewName)
          Changes the name of the security domain.
 void setUserAuthority(UserAuthority pNewUserAuthority)
          Changes the user authority used to manage roles for this security domain.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface atg.security.SecurityDomain
createResourceAsUser, getResource
 

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION
Constructor Detail

GenericSecurityDomain

public GenericSecurityDomain()
Method Detail

setAccessRights

public void setAccessRights(AccessRight[] pNewAccessRights)
Changes the set of access rights available in the security domain.

addAccessRight

public void addAccessRight(AccessRight pNewAccessRight)
Adds a new access right to the security domain.

removeAccessRight

public void removeAccessRight(AccessRight pOldAccessRight)
Removes an existing access right from the security domain.

getCreationRightsAttribute

public java.lang.String getCreationRightsAttribute()
Returns the name of the attribute that is used to determine the default access rights to assign to a resource for a given persona when createResource() is called.

See Also:
createResource(java.lang.Object, java.lang.Object, atg.security.AccessControlEntry[]), getDefaultAcl(atg.security.User)

setCreationRightsAttribute

public void setCreationRightsAttribute(java.lang.String pNewName)
Changes the name of the attribute that is used to determine the default access rights to assign to a resource for a given persona when createResource() is called.

See Also:
createResource(java.lang.Object, java.lang.Object, atg.security.AccessControlEntry[]), getDefaultAcl(atg.security.User)

setSecurityDomainDescription

public void setSecurityDomainDescription(java.lang.String pNewDescription)
Changes the description of the security domain.

setSecurityDomainName

public void setSecurityDomainName(java.lang.String pNewName)
Changes the name of the security domain.

setUserAuthority

public void setUserAuthority(UserAuthority pNewUserAuthority)
Changes the user authority used to manage roles for this security domain.

fireAccessEvent

protected void fireAccessEvent(User pUser,
                               SecuredResource pResource,
                               AccessRight pDesiredAccess,
                               boolean pAllowed)
Fires an allow or deny access event.

fireAccessAllowedEvent

protected void fireAccessAllowedEvent(User pUser,
                                      SecuredResource pResource,
                                      AccessRight pRight)
Fires off an event when an access has been allowed.

fireAccessDeniedEvent

protected void fireAccessDeniedEvent(User pUser,
                                     SecuredResource pResource,
                                     AccessRight pRight)
Fires off an event when an access has been denied.

getDefaultAcl

protected AccessControlEntry[] getDefaultAcl(User pUser)
Utility method for creating the access control list that should be used by default when a resource for the indicated user. This is constructed by piecing together an ACE for every persona that contains the access rights listed for the Persona in the attribute with the name specified by setCreateRightsAttribute().

Note: This implementation is not terrifically efficient. It takes a string representation of the access rights for a Persona and builds a string representation of an ACE from that for each Persona and sub-Persona. It then concatenates these together to produce the ACL. It then parses the string to get the ACL. It would be a lot more efficient to have the access rights stored as an AccessRight[] in the Persona object, in which case we could build the ACL directly, but this would tie the user authority tightly with the security domain, which we want to avoid in this generic implementation.

See Also:
#setCreateRightsAttribute, Persona.getAttribute(java.lang.String)

setInitialAcl

protected void setInitialAcl(User pUser,
                             SecuredResource pResource,
                             AccessControlEntry[] pInitialAcl)
                      throws InvalidAccessControlEntryException,
                             PermissionDeniedException
Sets the initial ACL for a resource. This is normally used by createResourceAsUser() implementations.

Throws:
InvalidAccessControlEntryException
PermissionDeniedException

getSecurityDomainName

public java.lang.String getSecurityDomainName()
Returns the name of the security domain.

Specified by:
getSecurityDomainName in interface SecurityDomain

getSecurityDomainDescription

public java.lang.String getSecurityDomainDescription()
Returns the description of the security domain.

Specified by:
getSecurityDomainDescription in interface SecurityDomain

getUserAuthority

public UserAuthority getUserAuthority()
Returns the user authority for this domain.

Specified by:
getUserAuthority in interface SecurityDomain

getAccessRights

public AccessRight[] getAccessRights()
Returns a list of all possible access rights in this domain.

Specified by:
getAccessRights in interface SecurityDomain

createResource

public SecuredResource createResource(java.lang.Object pObject,
                                      java.lang.Object pResourceKey,
                                      AccessControlEntry[] pInitialAcl)
                               throws InvalidResourceException,
                                      InvalidAccessControlEntryException,
                                      PermissionDeniedException
Creates a new SecuredResource object, with the specified key, for the specified object using the specified resource key. An optional access control list may be specified.

Specified by:
createResource in interface SecurityDomain
Throws:
InvalidResourceException
InvalidAccessControlEntryException
PermissionDeniedException

hasAccess

public boolean hasAccess(User pUser,
                         AccessRight pDesiredAccess,
                         java.lang.Object pResourceKey)
                  throws InvalidResourceException,
                         InvalidAccessRightException
Checks the access permissions on a resource for the indicated user.

Specified by:
hasAccess in interface SecurityDomain
Throws:
InvalidResourceException
InvalidAccessRightException

hasAccess

public boolean hasAccess(AccessRight pDesiredAccess,
                         java.lang.Object pResourceKey)
                  throws InvalidResourceException,
                         InvalidAccessRightException
Returns true if the current user has the indicated access right for the indicated resource.

Specified by:
hasAccess in interface SecurityDomain
Throws:
InvalidResourceException
InvalidAccessRightException
See Also:
ThreadSecurityManager

hasAccessRight

public boolean hasAccessRight(User pUser,
                              AccessRight pAccessRight)
Determines if the given user has the given access right

Specified by:
hasAccessRight in interface SecurityDomain

hasAccessRight

public boolean hasAccessRight(AccessRight pAccessRight)
Determines if the given user has the given access right

hasAccessRight

public boolean hasAccessRight(AccessRight pAccessRight,
                              DirectoryPrincipal pTargetPrincipal)
Determines if the given user has the given access right within the given principal

hasAccessRight

public boolean hasAccessRight(User pUser,
                              AccessRight pAccessRight,
                              DirectoryPrincipal pTargetPrincipal)
Determines if the given user has the given access right within the given principal

Specified by:
hasAccessRight in interface SecurityDomain

isRightInPersonae

protected boolean isRightInPersonae(Persona[] pPersonae,
                                    AccessRight pAccessRight,
                                    DirectoryPrincipal pTargetPrincipal,
                                    UserDirectoryUserAuthority pUserAuthority)

addAccessAllowedListener

public void addAccessAllowedListener(DataListener pListener)
Adds a listener for access allowed events.

Specified by:
addAccessAllowedListener in interface SecurityDomain

removeAccessAllowedListener

public void removeAccessAllowedListener(DataListener pListener)
Removes a listener for access allowed events.

Specified by:
removeAccessAllowedListener in interface SecurityDomain

addAccessDeniedListener

public void addAccessDeniedListener(DataListener pListener)
Adds a listener for access denied events.

Specified by:
addAccessDeniedListener in interface SecurityDomain

removeAccessDeniedListener

public void removeAccessDeniedListener(DataListener pListener)
Removes a listener for access denied events.

Specified by:
removeAccessDeniedListener in interface SecurityDomain
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD