atg.security

Class StandardSecurityPolicy

java.lang.Object

atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

atg.nucleus.GenericService

atg.security.StandardSecurityPolicy

All Implemented Interfaces:

atg.core.logging.Logging, atg.core.logging.TraceLogging, atg.naming.AbsoluteNameable, NameContextBindingListener, NameContextElement, atg.naming.NameContextParentable, NameResolver, AdminableService, atg.nucleus.Configured, ApplicationLogging, atg.nucleus.logging.ApplicationLoggingSender, atg.nucleus.logging.TraceApplicationLogging, VariableArgumentApplicationLogging, ComponentNameResolver, Service, ServiceListener, SecurityPolicy, java.util.EventListener

Direct Known Subclasses:

IdentitySecurityPolicy, RegisteredUsersSecurityPolicy

public class StandardSecurityPolicy
extends GenericService
implements SecurityPolicy

A security policy that walks an access control list composed of access rights and/or deny rights to determine whether a particular access request should be allowed or denied.

This policy only supports testing against SecuredObjects.

See Also:

SecurityPolicy, StandardAccessRight, DenyRight

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CLASS_VERSION

Fields inherited from class atg.nucleus.GenericService

SERVICE_INFO_KEY

Fields inherited from interface atg.security.SecurityPolicy

DENIED, GRANTED, UNSPECIFIED

Fields inherited from interface atg.nucleus.logging.TraceApplicationLogging

DEFAULT_LOG_TRACE_STATUS

Fields inherited from interface atg.nucleus.logging.ApplicationLogging

DEFAULT_LOG_DEBUG_STATUS, DEFAULT_LOG_ERROR_STATUS, DEFAULT_LOG_INFO_STATUS, DEFAULT_LOG_WARNING_STATUS

Constructor Summary

Constructors

Constructor and Description
StandardSecurityPolicy()

Method Summary

Methods

Modifier and Type	Method and Description
int	checkAccess(java.lang.Object pObject, User pUser, AccessRight pRight) Utility method that works like hasAccess() but returns the different states of getAccess().
int	getAccess(AccessControlList pAcl, java.lang.Object pObject, Persona pPersona, AccessRight pRight, boolean pExactPersona) Returns the access state specified within by the ACL, which is usually a subset of the effective ACL of the specified SecuredObject, for the indicated Persona.
protected Persona	getCompatiblePersona(Persona pPersona, UserAuthority pAuthority) This attempts to find a persona that is compatible with the indicated user authority.
protected Persona[]	getCompatiblePersonae(Persona[] pPersonae, UserAuthority pAuthority) This performs a getCompatiblePersona() call on an array of personae.
protected AccessControlList	getCompleteAccessControlList(Persona pPersona, SecurityConfiguration pConfig) Returns an access control list containing all of the access rights specified in the security configuration.
AccessControlList	getCreationAccessControlList(java.lang.Object pObject) Returns the access control list that should be applied to a new object when it is created.
protected AccessControlList	getCreationAccessControlList(SecuredContainer[] pContainers) Returns the access control list created by concatenating all of the creation access control lists of the specified containers.
Persona	getCreationOwner(java.lang.Object pObject) Determines the owner that should be applied to a new object when it is created.
protected AccessControlList	getCreationOwnerAccessControlList(Persona pOwner, SecuredContainer[] pContainers) Returns the access control list appropriate for the creator of the object, constructed from the creation access control list templates of all of its containers, using the specified persona as the owner.
protected AccessControlList	getCreationSubPersonaeAccessControlList(Persona[] pSubPersonae, SecuredContainer[] pContainers) Returns the access control list appropriate for all of the sub-personae of the object, constructed from the creation access control list templates of all of its containers.
protected User	getCurrentUser() Determines the current user.
AccessControlList	getEffectiveAccessControlList(java.lang.Object pObject) Determines the effective access control list for the indicated object, which is a combination of the object's access control list and any access control lists of its containers.
AccessControlList	getImpliedAccessControlList(java.lang.Object pObject) Determines the access control list fragment that is implied by any containers that the object may be a member of.
protected Persona[]	getUserPersonae(SecurityConfiguration config) Returns the list of personae that apply to the current user.
boolean	hasAccess(java.lang.Object pObject, User pUser, AccessRight pRight) Returns true if the user may perform a particular operation on an object.

Methods inherited from class atg.nucleus.GenericService

addLogListener, createAdminServlet, doStartService, doStopService, getAbsoluteName, getAdminServlet, getAdminServletOutputStreamEncoding, getLoggingForVlogging, getLogListenerCount, getLogListeners, getName, getNameContext, getNucleus, getRoot, getServiceConfiguration, getServiceInfo, isAdminServletUseServletOutputStream, isLoggingDebug, isLoggingError, isLoggingInfo, isLoggingTrace, isLoggingWarning, isRunning, logDebug, logDebug, logDebug, logError, logError, logError, logInfo, logInfo, logInfo, logTrace, logTrace, logTrace, logWarning, logWarning, logWarning, nameContextElementBound, nameContextElementUnbound, removeLogListener, reResolveThis, resolveName, resolveName, resolveName, resolveName, sendLogEvent, setAdminServletOutputStreamEncoding, setAdminServletUseServletOutputStream, setLoggingDebug, setLoggingError, setLoggingInfo, setLoggingTrace, setLoggingWarning, setNucleus, setServiceInfo, startService, stopService

Methods inherited from class atg.nucleus.logging.VariableArgumentApplicationLoggingImpl

vlogDebug, vlogDebug, vlogDebug, vlogDebug, vlogDebugTrace, vlogError, vlogError, vlogError, vlogError, vlogInfo, vlogInfo, vlogInfo, vlogInfo, vlogTrace, vlogTrace, vlogTrace, vlogTrace, vlogWarning, vlogWarning, vlogWarning, vlogWarning

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLASS_VERSION

public static java.lang.String CLASS_VERSION

Constructor Detail

StandardSecurityPolicy

public StandardSecurityPolicy()

Method Detail

checkAccess

public int checkAccess(java.lang.Object pObject,
              User pUser,
              AccessRight pRight)
                throws SecurityException

Utility method that works like hasAccess() but returns the different states of getAccess(). This is particularly useful if you want to see if an ACL specifically describes access or if there's no information.

Throws:

SecurityException

getCompatiblePersona

protected Persona getCompatiblePersona(Persona pPersona,
                           UserAuthority pAuthority)

This attempts to find a persona that is compatible with the indicated user authority. This is done because it's somewhat common to have a persona created by a proxy user authority but that we want to use as the owner or as part of an ACL. If it's possible to get a compatible persona this will do it, otherwise it will return null.

getCompatiblePersonae

protected Persona[] getCompatiblePersonae(Persona[] pPersonae,
                              UserAuthority pAuthority)

This performs a getCompatiblePersona() call on an array of personae.

getCompleteAccessControlList

protected AccessControlList getCompleteAccessControlList(Persona pPersona,
                                             SecurityConfiguration pConfig)

Returns an access control list containing all of the access rights specified in the security configuration.

getCreationAccessControlList

protected AccessControlList getCreationAccessControlList(SecuredContainer[] pContainers)
                                                  throws SecurityException

Returns the access control list created by concatenating all of the creation access control lists of the specified containers.

Throws:

SecurityException

getCreationOwnerAccessControlList

protected AccessControlList getCreationOwnerAccessControlList(Persona pOwner,
                                                  SecuredContainer[] pContainers)
                                                       throws SecurityException

Returns the access control list appropriate for the creator of the object, constructed from the creation access control list templates of all of its containers, using the specified persona as the owner. If there are no containers, null is returned.

This ACL will not have been optimized.

Throws:

SecurityException

getCreationSubPersonaeAccessControlList

protected AccessControlList getCreationSubPersonaeAccessControlList(Persona[] pSubPersonae,
                                                        SecuredContainer[] pContainers)
                                                             throws SecurityException

Returns the access control list appropriate for all of the sub-personae of the object, constructed from the creation access control list templates of all of its containers. If there are no containers, null is returned.

This ACL will not have been optimized.

Throws:

SecurityException

getCurrentUser

protected User getCurrentUser()

Determines the current user. This implementation determines the current user by asking the ThreadSecurityManager what user object is bound to the current thread.

getUserPersonae

protected Persona[] getUserPersonae(SecurityConfiguration config)

Returns the list of personae that apply to the current user. If there is no current user, null is returned.

hasAccess

public boolean hasAccess(java.lang.Object pObject,
                User pUser,
                AccessRight pRight)
                  throws SecurityException

Returns true if the user may perform a particular operation on an object.

This implementation only supports SecuredObjects.

This implementation calls getEffectiveAccessControlList() to determine the ACL for the specified object. It then determines the set of applicable personae from the User object using the user authority specified by the security context object in the SecuredObject. It then calls hasAccess() once for every applicable persona. If any call to hasAccess() returns DENIED, access is denied. If not, and any call returns GRANTED, access is granted. If UNSPECIFIED is returne for all personae, or there are no personae, access is denied.

Specified by:

hasAccess in interface SecurityPolicy

Throws:

SecurityException

See Also:

getCurrentUser()

getAccess

public int getAccess(AccessControlList pAcl,
            java.lang.Object pObject,
            Persona pPersona,
            AccessRight pRight,
            boolean pExactPersona)
              throws SecurityException

Returns the access state specified within by the ACL, which is usually a subset of the effective ACL of the specified SecuredObject, for the indicated Persona. The value returned is one of GRANTED, DENIED, or UNSPECIFIED.

This method is used by StandardSecurityPolicy.hasAccess() to determine the accessibility of an object by a particular user, as outlined in the descriptor for that method.

In this implementation access is denied if any "deny" access control entry with the requested access right applies to the persona (i.e. deny rights trump allow rights).

This implementation grants ACL_READ and ACL_WRITE access to the owner of the object if the pObject argument is a SecuredObject.

This implementation allows access if the access control list is null (unspecified). The following subclass will reverse that behavior:

 public class DefaultDenySecurityPolicy
      extends StandardSecurityPolicy
 {
   public int getAccess(AccessControlList pAcl,
                        Object pObject,
                        Persona pPersona,
                        AccessRight pRight,
                        boolean pExactPersona)
   {
     if (pAcl == null)
       return DENIED;
     else
       return super.getAccess(pAcl, pObject, pPersona, pRight, pExactPersona);
   }
 }
 

The following subclass will deny access except during the hours of 9 to 5 in the default (local) time zone:

 public class DenyOutsideBusinessHoursSecurityPolicy
      extends StandardSecurityPolicy
 {
   public int getAccess(AccessControlList pAcl,
                        Object pObject,
                        Persona pPersona,
                        AccessRight pRight,
                        boolean pExactPersona)
   {
     Calendar calender = new GregorianCalendar(new Date());
     int hourOfDay = calendar.get(Calendar.HOUR_OF_DAY);
     if ((hourOfDay < 9) || (hourOfDay > 5))
       return DENIED;
     else
       return super.getAccess(pAcl, pObject, pPersona, pRight, pExactPersona);
   }
 }
 

Specified by:

getAccess in interface SecurityPolicy

Throws:

SecurityException

See Also:

SecurityPolicy.hasAccess(java.lang.Object, atg.security.User, atg.security.AccessRight)

getImpliedAccessControlList

public AccessControlList getImpliedAccessControlList(java.lang.Object pObject)
                                              throws SecurityException

Determines the access control list fragment that is implied by any containers that the object may be a member of. This is useful for a user interface, as shown in the example for getAccess(), but may also be used internally by getEffectiveAccessControlList().

In this implementation, the implied access control list is the union of all access control lists of objects returned by SecuredObject.unsecuredGetSecuredContainers() where the owner of the secured container has StandardAccessRights.ACL_WRITE access on the object specified within the object's ACL. The ownership test is performed so that the owner of a container may not adjust access control rights on an object that he would otherwise have no ability to do, for example to deny access to the object's owner or allow access to himself.

Specified by:

getImpliedAccessControlList in interface SecurityPolicy

Throws:

SecurityException

getEffectiveAccessControlList

public AccessControlList getEffectiveAccessControlList(java.lang.Object pObject)
                                                throws SecurityException

Determines the effective access control list for the indicated object, which is a combination of the object's access control list and any access control lists of its containers.

In this implementation the implied access control list and object access control list are simply concatenated.

Specified by:

getEffectiveAccessControlList in interface SecurityPolicy

Throws:

SecurityException

getCreationOwner

public Persona getCreationOwner(java.lang.Object pObject)
                         throws SecurityException

Determines the owner that should be applied to a new object when it is created.

This implementation simply returns the current thread's primary persona for its user authority.

Specified by:

getCreationOwner in interface SecurityPolicy

Throws:

SecurityException

getCreationAccessControlList

public AccessControlList getCreationAccessControlList(java.lang.Object pObject)
                                               throws SecurityException

Returns the access control list that should be applied to a new object when it is created.

If the object has no containers then this will return an ACL allowing all permissions to the creation owner (determined by getCreationOwner()).

If the object has containers then an ACL will be created by concatenating the following ACL fragments created from each of the object containers:

• The base ACL (from SecuredContainer.getCreationAccessControlList()).

• An ACL fragment created according to the owner ACL template (from SecuredContainer.getCreationOwnerAccessControlListTemplate()) using the Persona returned from getCreationOwner() as the owner.
• An ACL created according to the sub-persona ACL template (from SecuredContainer.getCreationSubPersonaAccessControlListTemplate()) for each sub-persona of the owner.

The ACL returned from this method will have been optimized.

Specified by:

getCreationAccessControlList in interface SecurityPolicy

Throws:

SecurityException