Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

atg.security
Class StandardSecurityPolicy

java.lang.Object
  extended by atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
      extended by atg.nucleus.GenericService
          extended by atg.security.StandardSecurityPolicy
All Implemented Interfaces:
NameContextBindingListener, NameContextElement, NameResolver, AdminableService, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, atg.nucleus.logging.VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, SecurityPolicy, java.util.EventListener
Direct Known Subclasses:
IdentitySecurityPolicy, RegisteredUsersSecurityPolicy
public class StandardSecurityPolicy
extends GenericService
implements SecurityPolicy

A security policy that walks an access control list composed of access rights and/or deny rights to determine whether a particular access request should be allowed or denied.

This policy only supports testing against SecuredObjects.

See Also:
SecurityPolicy, StandardAccessRight, DenyRight

Field Summary
static java.lang.String CLASS_VERSION
           
 
Fields inherited from class atg.nucleus.GenericService
SERVICE_INFO_KEY
 
Fields inherited from interface atg.security.SecurityPolicy
DENIED, GRANTED, UNSPECIFIED
 
Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging
DEFAULT_LOG_TRACE_STATUS
 
Fields inherited from interface atg.nucleus.logging.ApplicationLogging
DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS
 
Constructor Summary
StandardSecurityPolicy()
           
 
Method Summary
 int checkAccess(java.lang.Object pObject, User pUser, AccessRight pRight)
          Utility method that works like hasAccess() but returns the different states of getAccess().
 int getAccess(AccessControlList pAcl, java.lang.Object pObject, Persona pPersona, AccessRight pRight, boolean pExactPersona)
          Returns the access state specified within by the ACL, which is usually a subset of the effective ACL of the specified SecuredObject, for the indicated Persona.
protected  Persona getCompatiblePersona(Persona pPersona, UserAuthority pAuthority)
          This attempts to find a persona that is compatible with the indicated user authority.
protected  Persona[] getCompatiblePersonae(Persona[] pPersonae, UserAuthority pAuthority)
          This performs a getCompatiblePersona() call on an array of personae.
protected  AccessControlList getCompleteAccessControlList(Persona pPersona, SecurityConfiguration pConfig)
          Returns an access control list containing all of the access rights specified in the security configuration.
 AccessControlList getCreationAccessControlList(java.lang.Object pObject)
          Returns the access control list that should be applied to a new object when it is created.
protected  AccessControlList getCreationAccessControlList(SecuredContainer[] pContainers)
          Returns the access control list created by concatenating all of the creation access control lists of the specified containers.
 Persona getCreationOwner(java.lang.Object pObject)
          Determines the owner that should be applied to a new object when it is created.
protected  AccessControlList getCreationOwnerAccessControlList(Persona pOwner, SecuredContainer[] pContainers)
          Returns the access control list appropriate for the creator of the object, constructed from the creation access control list templates of all of its containers, using the specified persona as the owner.
protected  AccessControlList getCreationSubPersonaeAccessControlList(Persona[] pSubPersonae, SecuredContainer[] pContainers)
          Returns the access control list appropriate for all of the sub-personae of the object, constructed from the creation access control list templates of all of its containers.
protected  User getCurrentUser()
          Determines the current user.
 AccessControlList getEffectiveAccessControlList(java.lang.Object pObject)
          Determines the effective access control list for the indicated object, which is a combination of the object's access control list and any access control lists of its containers.
 AccessControlList getImpliedAccessControlList(java.lang.Object pObject)
          Determines the access control list fragment that is implied by any containers that the object may be a member of.
protected  Persona[] getUserPersonae(SecurityConfiguration config)
          Returns the list of personae that apply to the current user.
 boolean hasAccess(java.lang.Object pObject, User pUser, AccessRight pRight)
          Returns true if the user may perform a particular operation on an object.
 
Methods inherited from class atg.nucleus.GenericService
addLogListener, createAdminServlet, doStartService, doStopService, getAbsoluteName, getAdminServlet, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService
 
Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl
vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION
Constructor Detail

StandardSecurityPolicy

public StandardSecurityPolicy()
Method Detail

checkAccess

public int checkAccess(java.lang.Object pObject,
                       User pUser,
                       AccessRight pRight)
                throws SecurityException
Utility method that works like hasAccess() but returns the different states of getAccess(). This is particularly useful if you want to see if an ACL specifically describes access or if there's no information.

Throws:
SecurityException

getCompatiblePersona

protected Persona getCompatiblePersona(Persona pPersona,
                                       UserAuthority pAuthority)
This attempts to find a persona that is compatible with the indicated user authority. This is done because it's somewhat common to have a persona created by a proxy user authority but that we want to use as the owner or as part of an ACL. If it's possible to get a compatible persona this will do it, otherwise it will return null.

getCompatiblePersonae

protected Persona[] getCompatiblePersonae(Persona[] pPersonae,
                                          UserAuthority pAuthority)
This performs a getCompatiblePersona() call on an array of personae.

getCompleteAccessControlList

protected AccessControlList getCompleteAccessControlList(Persona pPersona,
                                                         SecurityConfiguration pConfig)
Returns an access control list containing all of the access rights specified in the security configuration.

getCreationAccessControlList

protected AccessControlList getCreationAccessControlList(SecuredContainer[] pContainers)
                                                  throws SecurityException
Returns the access control list created by concatenating all of the creation access control lists of the specified containers.

Throws:
SecurityException

getCreationOwnerAccessControlList

protected AccessControlList getCreationOwnerAccessControlList(Persona pOwner,
                                                              SecuredContainer[] pContainers)
                                                       throws SecurityException
Returns the access control list appropriate for the creator of the object, constructed from the creation access control list templates of all of its containers, using the specified persona as the owner. If there are no containers, null is returned.

This ACL will not have been optimized.

Throws:
SecurityException

getCreationSubPersonaeAccessControlList

protected AccessControlList getCreationSubPersonaeAccessControlList(Persona[] pSubPersonae,
                                                                    SecuredContainer[] pContainers)
                                                             throws SecurityException
Returns the access control list appropriate for all of the sub-personae of the object, constructed from the creation access control list templates of all of its containers. If there are no containers, null is returned.

This ACL will not have been optimized.

Throws:
SecurityException

getCurrentUser

protected User getCurrentUser()
Determines the current user. This implementation determines the current user by asking the ThreadSecurityManager what user object is bound to the current thread.

getUserPersonae

protected Persona[] getUserPersonae(SecurityConfiguration config)
Returns the list of personae that apply to the current user. If there is no current user, null is returned.

hasAccess

public boolean hasAccess(java.lang.Object pObject,
                         User pUser,
                         AccessRight pRight)
                  throws SecurityException
Returns true if the user may perform a particular operation on an object.

This implementation only supports SecuredObjects.

This implementation calls getEffectiveAccessControlList() to determine the ACL for the specified object. It then determines the set of applicable personae from the User object using the user authority specified by the security context object in the SecuredObject. It then calls hasAccess() once for every applicable persona. If any call to hasAccess() returns DENIED, access is denied. If not, and any call returns GRANTED, access is granted. If UNSPECIFIED is returne for all personae, or there are no personae, access is denied.

Specified by:
hasAccess in interface SecurityPolicy
Throws:
SecurityException
See Also:
getCurrentUser()

getAccess

public int getAccess(AccessControlList pAcl,
                     java.lang.Object pObject,
                     Persona pPersona,
                     AccessRight pRight,
                     boolean pExactPersona)
              throws SecurityException
Returns the access state specified within by the ACL, which is usually a subset of the effective ACL of the specified SecuredObject, for the indicated Persona. The value returned is one of GRANTED, DENIED, or UNSPECIFIED.

This method is used by StandardSecurityPolicy.hasAccess() to determine the accessibility of an object by a particular user, as outlined in the descriptor for that method.

In this implementation access is denied if any "deny" access control entry with the requested access right applies to the persona (i.e. deny rights trump allow rights).

This implementation grants ACL_READ and ACL_WRITE access to the owner of the object if the pObject argument is a SecuredObject.

This implementation allows access if the access control list is null (unspecified). The following subclass will reverse that behavior:

 public class DefaultDenySecurityPolicy
      extends StandardSecurityPolicy
 {
   public int getAccess(AccessControlList pAcl,
                        Object pObject,
                        Persona pPersona,
                        AccessRight pRight,
                        boolean pExactPersona)
   {
     if (pAcl == null)
       return DENIED;
     else
       return super.getAccess(pAcl, pObject, pPersona, pRight, pExactPersona);
   }
 }

The following subclass will deny access except during the hours of 9 to 5 in the default (local) time zone:

 public class DenyOutsideBusinessHoursSecurityPolicy
      extends StandardSecurityPolicy
 {
   public int getAccess(AccessControlList pAcl,
                        Object pObject,
                        Persona pPersona,
                        AccessRight pRight,
                        boolean pExactPersona)
   {
     Calendar calender = new GregorianCalendar(new Date());
     int hourOfDay = calendar.get(Calendar.HOUR_OF_DAY);
     if ((hourOfDay < 9) || (hourOfDay > 5))
       return DENIED;
     else
       return super.getAccess(pAcl, pObject, pPersona, pRight, pExactPersona);
   }
 }

Specified by:
getAccess in interface SecurityPolicy
Throws:
SecurityException
See Also:
SecurityPolicy.hasAccess(java.lang.Object, atg.security.User, atg.security.AccessRight)

getImpliedAccessControlList

public AccessControlList getImpliedAccessControlList(java.lang.Object pObject)
                                              throws SecurityException
Determines the access control list fragment that is implied by any containers that the object may be a member of. This is useful for a user interface, as shown in the example for getAccess(), but may also be used internally by getEffectiveAccessControlList().

In this implementation, the implied access control list is the union of all access control lists of objects returned by SecuredObject.unsecuredGetSecuredContainers() where the owner of the secured container has StandardAccessRights.ACL_WRITE access on the object specified within the object's ACL. The ownership test is performed so that the owner of a container may not adjust access control rights on an object that he would otherwise have no ability to do, for example to deny access to the object's owner or allow access to himself.

Specified by:
getImpliedAccessControlList in interface SecurityPolicy
Throws:
SecurityException

getEffectiveAccessControlList

public AccessControlList getEffectiveAccessControlList(java.lang.Object pObject)
                                                throws SecurityException
Determines the effective access control list for the indicated object, which is a combination of the object's access control list and any access control lists of its containers.

In this implementation the implied access control list and object access control list are simply concatenated.

Specified by:
getEffectiveAccessControlList in interface SecurityPolicy
Throws:
SecurityException

getCreationOwner

public Persona getCreationOwner(java.lang.Object pObject)
                         throws SecurityException
Determines the owner that should be applied to a new object when it is created.

This implementation simply returns the current thread's primary persona for its user authority.

Specified by:
getCreationOwner in interface SecurityPolicy
Throws:
SecurityException

getCreationAccessControlList

public AccessControlList getCreationAccessControlList(java.lang.Object pObject)
                                               throws SecurityException
Returns the access control list that should be applied to a new object when it is created.

If the object has no containers then this will return an ACL allowing all permissions to the creation owner (determined by getCreationOwner()).

If the object has containers then an ACL will be created by concatenating the following ACL fragments created from each of the object containers:

The ACL returned from this method will have been optimized.

Specified by:
getCreationAccessControlList in interface SecurityPolicy
Throws:
SecurityException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD