|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object atg.security.GenericSecurityDomain
public abstract class GenericSecurityDomain
A typical implementation of most of the security domain interface, useful for writing other security domains.
A subclass must implement createResourceAsUser() and getResource() at a minimum.
Field Summary | |
---|---|
static java.lang.String |
CLASS_VERSION
|
Constructor Summary | |
---|---|
GenericSecurityDomain()
|
Method Summary | |
---|---|
void |
addAccessAllowedListener(DataListener pListener)
Adds a listener for access allowed events. |
void |
addAccessDeniedListener(DataListener pListener)
Adds a listener for access denied events. |
void |
addAccessRight(AccessRight pNewAccessRight)
Adds a new access right to the security domain. |
SecuredResource |
createResource(java.lang.Object pObject,
java.lang.Object pResourceKey,
AccessControlEntry[] pInitialAcl)
Creates a new SecuredResource object, with the specified key, for the specified object using the specified resource key. |
protected void |
fireAccessAllowedEvent(User pUser,
SecuredResource pResource,
AccessRight pRight)
Fires off an event when an access has been allowed. |
protected void |
fireAccessDeniedEvent(User pUser,
SecuredResource pResource,
AccessRight pRight)
Fires off an event when an access has been denied. |
protected void |
fireAccessEvent(User pUser,
SecuredResource pResource,
AccessRight pDesiredAccess,
boolean pAllowed)
Fires an allow or deny access event. |
AccessRight[] |
getAccessRights()
Returns a list of all possible access rights in this domain. |
java.lang.String |
getCreationRightsAttribute()
Returns the name of the attribute that is used to determine the default access rights to assign to a resource for a given persona when createResource() is called. |
protected AccessControlEntry[] |
getDefaultAcl(User pUser)
Utility method for creating the access control list that should be used by default when a resource for the indicated user. |
java.lang.String |
getSecurityDomainDescription()
Returns the description of the security domain. |
java.lang.String |
getSecurityDomainName()
Returns the name of the security domain. |
UserAuthority |
getUserAuthority()
Returns the user authority for this domain. |
boolean |
hasAccess(AccessRight pDesiredAccess,
java.lang.Object pResourceKey)
Returns true if the current user has the indicated access right for the indicated resource. |
boolean |
hasAccess(User pUser,
AccessRight pDesiredAccess,
java.lang.Object pResourceKey)
Checks the access permissions on a resource for the indicated user. |
boolean |
hasAccessRight(AccessRight pAccessRight)
Determines if the given user has the given access right |
boolean |
hasAccessRight(AccessRight pAccessRight,
DirectoryPrincipal pTargetPrincipal)
Determines if the given user has the given access right within the given principal |
boolean |
hasAccessRight(User pUser,
AccessRight pAccessRight)
Determines if the given user has the given access right |
boolean |
hasAccessRight(User pUser,
AccessRight pAccessRight,
DirectoryPrincipal pTargetPrincipal)
Determines if the given user has the given access right within the given principal |
protected boolean |
isRightInPersonae(Persona[] pPersonae,
AccessRight pAccessRight,
DirectoryPrincipal pTargetPrincipal,
UserDirectoryUserAuthority pUserAuthority)
|
void |
removeAccessAllowedListener(DataListener pListener)
Removes a listener for access allowed events. |
void |
removeAccessDeniedListener(DataListener pListener)
Removes a listener for access denied events. |
void |
removeAccessRight(AccessRight pOldAccessRight)
Removes an existing access right from the security domain. |
void |
setAccessRights(AccessRight[] pNewAccessRights)
Changes the set of access rights available in the security domain. |
void |
setCreationRightsAttribute(java.lang.String pNewName)
Changes the name of the attribute that is used to determine the default access rights to assign to a resource for a given persona when createResource() is called. |
protected void |
setInitialAcl(User pUser,
SecuredResource pResource,
AccessControlEntry[] pInitialAcl)
Sets the initial ACL for a resource. |
void |
setSecurityDomainDescription(java.lang.String pNewDescription)
Changes the description of the security domain. |
void |
setSecurityDomainName(java.lang.String pNewName)
Changes the name of the security domain. |
void |
setUserAuthority(UserAuthority pNewUserAuthority)
Changes the user authority used to manage roles for this security domain. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface atg.security.SecurityDomain |
---|
createResourceAsUser, getResource |
Field Detail |
---|
public static java.lang.String CLASS_VERSION
Constructor Detail |
---|
public GenericSecurityDomain()
Method Detail |
---|
public void setAccessRights(AccessRight[] pNewAccessRights)
public void addAccessRight(AccessRight pNewAccessRight)
public void removeAccessRight(AccessRight pOldAccessRight)
public java.lang.String getCreationRightsAttribute()
createResource(java.lang.Object, java.lang.Object, atg.security.AccessControlEntry[])
,
getDefaultAcl(atg.security.User)
public void setCreationRightsAttribute(java.lang.String pNewName)
createResource(java.lang.Object, java.lang.Object, atg.security.AccessControlEntry[])
,
getDefaultAcl(atg.security.User)
public void setSecurityDomainDescription(java.lang.String pNewDescription)
public void setSecurityDomainName(java.lang.String pNewName)
public void setUserAuthority(UserAuthority pNewUserAuthority)
protected void fireAccessEvent(User pUser, SecuredResource pResource, AccessRight pDesiredAccess, boolean pAllowed)
protected void fireAccessAllowedEvent(User pUser, SecuredResource pResource, AccessRight pRight)
protected void fireAccessDeniedEvent(User pUser, SecuredResource pResource, AccessRight pRight)
protected AccessControlEntry[] getDefaultAcl(User pUser)
Note: This implementation is not terrifically efficient. It takes a string representation of the access rights for a Persona and builds a string representation of an ACE from that for each Persona and sub-Persona. It then concatenates these together to produce the ACL. It then parses the string to get the ACL. It would be a lot more efficient to have the access rights stored as an AccessRight[] in the Persona object, in which case we could build the ACL directly, but this would tie the user authority tightly with the security domain, which we want to avoid in this generic implementation.
#setCreateRightsAttribute
,
Persona.getAttribute(java.lang.String)
protected void setInitialAcl(User pUser, SecuredResource pResource, AccessControlEntry[] pInitialAcl) throws InvalidAccessControlEntryException, PermissionDeniedException
InvalidAccessControlEntryException
PermissionDeniedException
public java.lang.String getSecurityDomainName()
getSecurityDomainName
in interface SecurityDomain
public java.lang.String getSecurityDomainDescription()
getSecurityDomainDescription
in interface SecurityDomain
public UserAuthority getUserAuthority()
getUserAuthority
in interface SecurityDomain
public AccessRight[] getAccessRights()
getAccessRights
in interface SecurityDomain
public SecuredResource createResource(java.lang.Object pObject, java.lang.Object pResourceKey, AccessControlEntry[] pInitialAcl) throws InvalidResourceException, InvalidAccessControlEntryException, PermissionDeniedException
createResource
in interface SecurityDomain
InvalidResourceException
InvalidAccessControlEntryException
PermissionDeniedException
public boolean hasAccess(User pUser, AccessRight pDesiredAccess, java.lang.Object pResourceKey) throws InvalidResourceException, InvalidAccessRightException
hasAccess
in interface SecurityDomain
InvalidResourceException
InvalidAccessRightException
public boolean hasAccess(AccessRight pDesiredAccess, java.lang.Object pResourceKey) throws InvalidResourceException, InvalidAccessRightException
hasAccess
in interface SecurityDomain
InvalidResourceException
InvalidAccessRightException
ThreadSecurityManager
public boolean hasAccessRight(User pUser, AccessRight pAccessRight)
hasAccessRight
in interface SecurityDomain
public boolean hasAccessRight(AccessRight pAccessRight)
public boolean hasAccessRight(AccessRight pAccessRight, DirectoryPrincipal pTargetPrincipal)
public boolean hasAccessRight(User pUser, AccessRight pAccessRight, DirectoryPrincipal pTargetPrincipal)
hasAccessRight
in interface SecurityDomain
protected boolean isRightInPersonae(Persona[] pPersonae, AccessRight pAccessRight, DirectoryPrincipal pTargetPrincipal, UserDirectoryUserAuthority pUserAuthority)
public void addAccessAllowedListener(DataListener pListener)
addAccessAllowedListener
in interface SecurityDomain
public void removeAccessAllowedListener(DataListener pListener)
removeAccessAllowedListener
in interface SecurityDomain
public void addAccessDeniedListener(DataListener pListener)
addAccessDeniedListener
in interface SecurityDomain
public void removeAccessDeniedListener(DataListener pListener)
removeAccessDeniedListener
in interface SecurityDomain
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |