Overview  Package   Class  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware
Java API Reference for Oracle PDK Java
11g Release 1 (11.1.1)
E10691-01
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.portal.provider.v2.security
Class PortletSecurityManager

java.lang.Object
  extended by oracle.portal.provider.v2.security.PortletSecurityManager
Direct Known Subclasses:
AuthLevelSecurityManager, DenyAllSecurityManager, GroupSecurityManager
public abstract class PortletSecurityManager
extends java.lang.Object

A PortletSecurityManager is the access controller for a portlet. If the Portlet restricts its capabilities in any manner it implements a PortletSecurityManager. The manager is responsible for authorizing (but not authenticating) the user. There are two authorization levels. The first level checks whether the user is authorized to use this Portlet. The second level checks whether the user is authorized to use a particular instance of this Portlet.

Constructor Summary
PortletSecurityManager()
           
 
Method Summary
abstract  boolean hasAccess(PortletReference ref, ProviderUser user)
          Verifies whether the user is authorized to use this particular portlet instance.
abstract  boolean hasAccess(ProviderInstance pi, PortletDefinition p, ProviderUser user)
          Verifies whether the user is authorized to use this Portlet.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PortletSecurityManager

public PortletSecurityManager()
Method Detail

hasAccess

public abstract boolean hasAccess(ProviderInstance pi,
                                  PortletDefinition p,
                                  ProviderUser user)
Verifies whether the user is authorized to use this Portlet. That is does this user have the necessary privileges to create, get, copy, and destroy instances of this Portlet.

Parameters:
pi - the provider instance from which the portlet is being accessed.
p - the definition of the portlet which we want to authorize access to.
user - the current user we are being asked to authorize.
Returns:
true is this user is authorized to access this portlet.

hasAccess

public abstract boolean hasAccess(PortletReference ref,
                                  ProviderUser user)
                           throws PortletNotFoundException
Verifies whether the user is authorized to use this particular portlet instance. Generally, this check will only be made of the default instance as it is assumed you cannot be denied access to the default while having access to the customized instance, and in turn must always have access to your customized version if you have access to the default. However, if asked to authorize a particular instance the PortletNotFoundException should be thrown if that instance doesn't exist (even if the default does).

Parameters:
ref - portlet reference
user - the current user we are being asked to authorize.
Returns:
true is this user is authorized to access this portlet instance.
Throws:
PortletNotFoundException
Overview  Package   Class  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware
Java API Reference for Oracle PDK Java
11g Release 1 (11.1.1)
E10691-01
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright (c) 1999, 2009, Oracle and/or its affiliates. All rights reserved.