Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.endeca.portal.data.security
Class DefaultMDEXSecurityManager

java.lang.Object
  extended by com.endeca.portal.data.security.DefaultMDEXSecurityManager
All Implemented Interfaces:
MDEXSecurityManager, java.io.Serializable
public class DefaultMDEXSecurityManager
extends java.lang.Object
implements MDEXSecurityManager, java.io.Serializable

This is a simple implementation of MDEXSecurityManager, providing role-based security filters via data source configuration. For a given data source, the following properties can be configured:

In short, this object is stored in session and maintains a map of filter sets that should be applied to each data source for the user. The map is initialized on the first call to the applySecurity(PortletRequest, MDEXState, Query) method.

Author:
Endeca Technologies, Inc.
See Also:
Serialized Form

Field Summary
static java.lang.String CONFIG_PROPERTY_ROLE_PERMISSIONS
          JSON key for defining available security roles for filters
static java.lang.String CONFIG_PROPERTY_ROLE_PERMISSIONS_MULTI_OR
          JSON key for specifying multiple filters from multiple roles should be logically OR-ed, default false=multi-roles ANDed
static java.lang.String CONFIG_PROPERTY_SECURITY_ENABLED
          JSON key for toggling security on/off
static java.lang.String CONFIG_PROPERTY_SECURITY_FILTERS
          JSON key for security filters
protected  boolean dirty
           
protected  java.util.Map<java.lang.String,java.util.Map<java.lang.String,DataSourceFilter>> mdexSecurityFilterMap
           
protected  java.util.Set<com.liferay.portal.model.Role> userRoles
           
 
Constructor Summary
DefaultMDEXSecurityManager()
          Default constructor
 
Method Summary
protected  void addFiltersFromRoles(java.lang.String mdexStateId, org.json.JSONObject securityFilters, org.json.JSONObject rolePermissions, java.util.Map<java.lang.String,DataSourceFilter> mdexQueryFilterMap, boolean logicallyOrMultipleRoles, MDEXState mdexState, javax.portlet.PortletRequest request)
          Calculates security filters for the user's Roles, and adds them to the Set of current filters.
 void applySecurity(javax.portlet.PortletRequest request, MDEXState mdexState, Query query)
          See MDEXSecurityManager.applySecurity(PortletRequest, MDEXState, Query)
protected  java.util.Set<QueryFunction> createFilterSetFromJSON(org.json.JSONArray filterRefArray, org.json.JSONObject securityFilters, MDEXState mdexState, javax.portlet.PortletRequest request)
          Searches a set of JSON object representations of filters identified by name in the provided JSONArray.
protected  java.util.Set<com.liferay.portal.model.Role> getRolesForUser(java.lang.String remoteUser, long companyId, long currentGroupId)
          Determines the set of roles and Liferay user groups to which the current user belongs.
protected  void init(javax.portlet.PortletRequest request)
          Initializes an internal map of security filters associated with the user making the request, under any of the following conditions: This is the first time a request is made for the session.
protected  void initMDEXPermissions(MDEXState mdexState, UserSession userSession, javax.portlet.PortletRequest request)
          Initializes a set of security filters for the provided MDEXState, which is then stored in this security manager's internal map of data source-to-filter mappings for the user.
protected  void initRoleBasedSecurityFilters(MDEXState mdexState, UserSession userSession, javax.portlet.PortletRequest request)
          Gets a list of role-based security filters for a specified MDEXState.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

dirty

protected transient boolean dirty

CONFIG_PROPERTY_SECURITY_ENABLED

public static final java.lang.String CONFIG_PROPERTY_SECURITY_ENABLED
JSON key for toggling security on/off

See Also:
Constant Field Values

CONFIG_PROPERTY_ROLE_PERMISSIONS

public static final java.lang.String CONFIG_PROPERTY_ROLE_PERMISSIONS
JSON key for defining available security roles for filters

See Also:
Constant Field Values

CONFIG_PROPERTY_ROLE_PERMISSIONS_MULTI_OR

public static final java.lang.String CONFIG_PROPERTY_ROLE_PERMISSIONS_MULTI_OR
JSON key for specifying multiple filters from multiple roles should be logically OR-ed, default false=multi-roles ANDed

See Also:
Constant Field Values

CONFIG_PROPERTY_SECURITY_FILTERS

public static final java.lang.String CONFIG_PROPERTY_SECURITY_FILTERS
JSON key for security filters

See Also:
Constant Field Values

mdexSecurityFilterMap

protected java.util.Map<java.lang.String,java.util.Map<java.lang.String,DataSourceFilter>> mdexSecurityFilterMap

userRoles

protected transient java.util.Set<com.liferay.portal.model.Role> userRoles
Constructor Detail

DefaultMDEXSecurityManager

public DefaultMDEXSecurityManager()
Default constructor

Method Detail

applySecurity

public void applySecurity(javax.portlet.PortletRequest request,
                          MDEXState mdexState,
                          Query query)
                   throws MDEXSecurityException
See MDEXSecurityManager.applySecurity(PortletRequest, MDEXState, Query)

Specified by:
applySecurity in interface MDEXSecurityManager
Parameters:
request - the PortletRequest
mdexState - the MDEXState object representing the target MDEX and its current state
query - the Query to which security filters should be applied
Throws:
MDEXSecurityException - on error parsing, processing, or applying security
See Also:
Query

init

protected void init(javax.portlet.PortletRequest request)
             throws MDEXSecurityException
Initializes an internal map of security filters associated with the user making the request, under any of the following conditions: For each MDEXState (data source) defined in the user's session, the #initMDEXPermissions(MDEXState, UserSession) method is called.

Parameters:
request - the PortletRequest
Throws:
MDEXSecurityException

getRolesForUser

protected java.util.Set<com.liferay.portal.model.Role> getRolesForUser(java.lang.String remoteUser,
                                                                       long companyId,
                                                                       long currentGroupId)
                                                                throws java.lang.NumberFormatException,
                                                                       com.liferay.portal.PortalException,
                                                                       com.liferay.portal.SystemException
Determines the set of roles and Liferay user groups to which the current user belongs. Of note is that if the current user is unauthenticated/anonymous, this method will return a single role of "Guest" for that user. This behavior mimics how Liferay works at runtime.

Parameters:
remoteUser - String representing the id of the current user, or null if the user is unauthenticated. This param should be generated by PortletRequest.getRemoteUser().
companyId - the Liferay company id for the current request
Returns:
the set of all roles and user groups to which this user belongs
Throws:
java.lang.NumberFormatException
com.liferay.portal.PortalException
com.liferay.portal.SystemException

initMDEXPermissions

protected void initMDEXPermissions(MDEXState mdexState,
                                   UserSession userSession,
                                   javax.portlet.PortletRequest request)
                            throws MDEXSecurityException
Initializes a set of security filters for the provided MDEXState, which is then stored in this security manager's internal map of data source-to-filter mappings for the user.

Parameters:
mdexState - the MDEXState
userSession - the UserSession instance for this session
Throws:
MDEXSecurityException

initRoleBasedSecurityFilters

protected void initRoleBasedSecurityFilters(MDEXState mdexState,
                                            UserSession userSession,
                                            javax.portlet.PortletRequest request)
                                     throws MDEXSecurityException
Gets a list of role-based security filters for a specified MDEXState. If security is disabled or no security filters are found for the MDEXState, an empty list will be returned.

Parameters:
mdexState - the MDEXState
userSession - the UserSession instance for this session
Throws:
MDEXSecurityException

addFiltersFromRoles

protected void addFiltersFromRoles(java.lang.String mdexStateId,
                                   org.json.JSONObject securityFilters,
                                   org.json.JSONObject rolePermissions,
                                   java.util.Map<java.lang.String,DataSourceFilter> mdexQueryFilterMap,
                                   boolean logicallyOrMultipleRoles,
                                   MDEXState mdexState,
                                   javax.portlet.PortletRequest request)
                            throws MDEXSecurityException
Calculates security filters for the user's Roles, and adds them to the Set of current filters. By default, the following logic applies in the case of multiple security filters:
    • Multiple filters for a single Role held by the user are logically ANDed with each other
      Filters ensuing from multiple Roles held by the user are ANDed together
  • The last of these, multi-role filters, may be configured to instead logically OR multiple filter-sets generated through the user obtaining filters from multiple roles. This is done by setting the boolean rolePermissionsMultiOr JSON property to true.

    Parameters:
    mdexStateId -
    securityFilters -
    rolePermissions -
    mdexQueryFilterMap -
    logicallyOrMultipleRoles -
    Throws:
    MDEXSecurityException

    • createFilterSetFromJSON

    protected java.util.Set<QueryFunction> createFilterSetFromJSON(org.json.JSONArray filterRefArray,
                                                               org.json.JSONObject securityFilters,
                                                               MDEXState mdexState,
                                                               javax.portlet.PortletRequest request)
                                                        throws org.json.JSONException,
                                                               MDEXSecurityException
    Searches a set of JSON object representations of filters identified by name in the provided JSONArray. For each of those that match, filter is constructed (anything that implements QueryFunction) and added to the set that will be returned.

    JSONArray of names: 

     
 ["filter1","filter2"]

    List of security filters: 

     
 {
        "filter1": {
                "class":"com.endeca.portal.data.functions.DataSourceFilter",
                "filterString":"Region='Bordeaux' or Region='Burgundy'"
        },
        "filter2": {
                "class":"com.endeca.portal.data.functions.DataSourceFilter",
                "filterString":"Region='Sonoma'"
        }
 }

    Parameters:
    filterRefArray - a JSON Array of filter names to look for
    securityFilters - a JSON Object storing a list of filters
    Returns:
    a set of filters
    Throws:
    org.json.JSONException
    MDEXSecurityException
    Overview  Package   Class  Tree  Deprecated  Index  Help 
     PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
    SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD