|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface SecurityPolicy
An object that provides the following policy decisions:
These controls allow the a standard way to plug in new security policies into existing security domain implementations. Some examples of custom security policies are:
StandardSecurityPolicy
Field Summary | |
---|---|
static java.lang.String |
CLASS_VERSION
|
static int |
DENIED
Returned by getAccess() if access is explicitly denied by the access control list. |
static int |
GRANTED
Returned by getAccess() if access is granted by the access control list. |
static int |
UNSPECIFIED
Returned by getAccess() access is neither explicitly allowed nor denied by the access control list. |
Method Summary | |
---|---|
int |
getAccess(AccessControlList acl,
java.lang.Object object,
Persona persona,
AccessRight right,
boolean exactPersona)
Returns the access state specified within by the ACL, which is usually a subset of the effective ACL of the specified SecuredObject, for the indicated Persona. |
AccessControlList |
getCreationAccessControlList(java.lang.Object object)
Returns the access control list that should be applied to a new object when it is created. |
Persona |
getCreationOwner(java.lang.Object object)
Determines the owner that should be applied to a new object when it is created. |
AccessControlList |
getEffectiveAccessControlList(java.lang.Object object)
Determines the effective access control list for the indicated object, which is a combination of the object's access control list and any access control lists of its containers. |
AccessControlList |
getImpliedAccessControlList(java.lang.Object object)
Determines the access control list fragment that is implied by any containers that the object may be a member of. |
boolean |
hasAccess(java.lang.Object object,
User user,
AccessRight right)
Returns true if a user may perform a particular operation on an object. |
Field Detail |
---|
static final java.lang.String CLASS_VERSION
static final int UNSPECIFIED
static final int GRANTED
static final int DENIED
Method Detail |
---|
boolean hasAccess(java.lang.Object object, User user, AccessRight right) throws SecurityException
SecurityException
int getAccess(AccessControlList acl, java.lang.Object object, Persona persona, AccessRight right, boolean exactPersona) throws SecurityException
This method is often used to perform the basic authorization check by hasAccess(), although it need not be.
This method is also useful for user interfaces that want to present information about rights that are achieved by inheritance or by the persona's inclusion within a group rather than being explicitly assigned to a persona, but may also be used internally by hasAccess().
For example, to determine if READ access is granted, denied, or unspecified to a persona via inheritance you can call:
SecuredObject object = ...; Persona persona = ...; SecurityPolicy policy = ...; AccessControlList acl = object.getImpliedAccessControlList(object); switch (policy.getAccess(acl, object, persona, StandardAccessRights.READ, false)) { case GRANTED: System.out.println("Access was allowed by a container."); break; case DENIED: System.out.println("Access was denied by a container."); break; case UNSPECIFIED: System.out.println("No effect on access by any container."); break; }
To determine if READ access is granted to a persona by the object's ACL you can call:
// retrieve the complete local ACL AccessControlList acl = object.getAccessControlList(); // filter out all ACL entries that are not assigned to the Persona acl = new AccessControlList(acl.getAccessControlEntriesForPersona(persona)); switch (policy.hasAccess(acl, object, persona, StandardAccessRights.READ, true)) { case GRANTED: System.out.println("Access was explicitly granted locally."); break; case DENIED: System.out.println("Access was explicitly denied locally."); break; case UNSPECIFIED: System.out.println("No effect on access locally."); break; }
SecurityException
AccessControlList getImpliedAccessControlList(java.lang.Object object) throws SecurityException
SecurityException
AccessControlList getEffectiveAccessControlList(java.lang.Object object) throws SecurityException
SecurityException
Persona getCreationOwner(java.lang.Object object) throws SecurityException
SecurityException
AccessControlList getCreationAccessControlList(java.lang.Object object) throws SecurityException
SecurityException
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |