Skip navigation links

Oracle Fusion Middleware Java API Reference for Oracle ADF Model
11g Release 2 (11.1.2.2.0)

E17483-03


oracle.jbo.server.security
Class AbstractDataSecurityProviderImpl

java.lang.Object
  extended by oracle.jbo.server.security.AbstractDataSecurityProviderImpl

All Implemented Interfaces:
DataSecurityProvider
Direct Known Subclasses:
JAASDataSecurityProviderImpl, XSDataSecurityProviderImpl

public abstract class AbstractDataSecurityProviderImpl
extends java.lang.Object
implements DataSecurityProvider

Constructor Summary
AbstractDataSecurityProviderImpl()
           

 

Method Summary
 oracle.adf.share.security.authorization.PrivilegeHolder checkPrivilege(Row row, java.lang.String privToCheck, AttributeDef attrDef, StructureDef defObject)
          Checks row instance privilege.
 java.util.Map.Entry<java.lang.String,java.lang.Class> getImplicitSecurityAttrSQLExpressionAndDomain(java.util.List<java.lang.String> privsToCheck, StructureDef defObject)
          Optional: XDB data security requires additional sql attribute sys_get_aclids(table_alias, privsToCheck) for getting aclids of row instances in the query.
 java.lang.String getPrivilegeFilterWhereClause(java.lang.String privsRequiredToView, StructureDef defObject, java.lang.String entityRefName)
          Gets the where clause for read restriction.
 Transaction getTransaction()
           
 void initAndAttachElevatedSession(java.lang.String userName)
           
 void restoreOriginalSession()
           
 void setTransaction(DBTransaction dbTransaction)
          Internal: Applications should not use this method.

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Constructor Detail

AbstractDataSecurityProviderImpl

public AbstractDataSecurityProviderImpl()

Method Detail

getTransaction

public Transaction getTransaction()
Specified by:
getTransaction in interface DataSecurityProvider
Returns:
The DB Transaction that the view or entity object is using.
See Also:
Transaction

setTransaction

public void setTransaction(DBTransaction dbTransaction)
Internal: Applications should not use this method.

checkPrivilege

public oracle.adf.share.security.authorization.PrivilegeHolder checkPrivilege(Row row,
                                                                              java.lang.String privToCheck,
                                                                              AttributeDef attrDef,
                                                                              StructureDef defObject)
Description copied from interface: DataSecurityProvider
Checks row instance privilege. This method is called when evaluating the allows.priv EL. Privilege check for XDB is a DataPermission check of the privilege with the aclids on the row instance. Privilege check for native JAAS case would be AccessConntroller.checkPermission of java permission.
Specified by:
checkPrivilege in interface DataSecurityProvider
Parameters:
row - The row instance to be checked for privilege.
privToCheck - The privilege to be checked.
attrDef - The attribute definition.
defObject - The entity or view def.
Returns:
A PrivilegeHoder for the privilege checked.
See Also:
StructureDef, oracle.jbo.PrivilegeHolder

getPrivilegeFilterWhereClause

public java.lang.String getPrivilegeFilterWhereClause(java.lang.String privsRequiredToView,
                                                      StructureDef defObject,
                                                      java.lang.String entityRefName)
Description copied from interface: DataSecurityProvider
Gets the where clause for read restriction. XDB security with read enabled in the database should return null.
Specified by:
getPrivilegeFilterWhereClause in interface DataSecurityProvider
Parameters:
privsRequiredToView - The row filter privileges for read.
defObject - The definition object in which the filter apply.
entityRefName - The name of the entiry reference in which the filter apply.
Returns:
A string containing the sql expression for read restriction where clause fragment.
See Also:
StructureDef

getImplicitSecurityAttrSQLExpressionAndDomain

public java.util.Map.Entry<java.lang.String,java.lang.Class> getImplicitSecurityAttrSQLExpressionAndDomain(java.util.List<java.lang.String> privsToCheck,
                                                                                                           StructureDef defObject)
Description copied from interface: DataSecurityProvider
Optional: XDB data security requires additional sql attribute sys_get_aclids(table_alias, privsToCheck) for getting aclids of row instances in the query. The return type of this is XMLType and require a special java type to retrieve data from query result. This method is not call unless getImplicitSecurityAttrSQLExpression return an expression.
Specified by:
getImplicitSecurityAttrSQLExpressionAndDomain in interface DataSecurityProvider
Parameters:
privsToCheck - The privileges for the SQL expression.
defObject - The entity or view definition.
Returns:
The a Map of SQL expression and domain class of security attributes.
See Also:
StructureDef

initAndAttachElevatedSession

public void initAndAttachElevatedSession(java.lang.String userName)

restoreOriginalSession

public void restoreOriginalSession()

Skip navigation links

Oracle Fusion Middleware Java API Reference for Oracle ADF Model
11g Release 2 (11.1.2.2.0)

E17483-03


Copyright © 1997, 2012, Oracle. All rights reserved.