public interface SecurityPolicy
These controls allow the a standard way to plug in new security policies into existing security domain implementations. Some examples of custom security policies are:
StandardSecurityPolicy
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CLASS_VERSION |
static int |
DENIED
Returned by getAccess() if access is explicitly denied by the
access control list.
|
static int |
GRANTED
Returned by getAccess() if access is granted by the access control
list.
|
static int |
UNSPECIFIED
Returned by getAccess() access is neither explicitly allowed nor
denied by the access control list.
|
Modifier and Type | Method and Description |
---|---|
int |
getAccess(AccessControlList acl,
java.lang.Object object,
Persona persona,
AccessRight right,
boolean exactPersona)
Returns the access state specified within by the ACL, which
is usually a subset of the effective ACL of the specified
SecuredObject, for the indicated Persona.
|
AccessControlList |
getCreationAccessControlList(java.lang.Object object)
Returns the access control list that should be applied to
a new object when it is created.
|
Persona |
getCreationOwner(java.lang.Object object)
Determines the owner that should be applied to a new object
when it is created.
|
AccessControlList |
getEffectiveAccessControlList(java.lang.Object object)
Determines the effective access control list for the indicated
object, which is a combination of the object's access control
list and any access control lists of its containers.
|
AccessControlList |
getImpliedAccessControlList(java.lang.Object object)
Determines the access control list fragment that is implied by
any containers that the object may be a member of.
|
boolean |
hasAccess(java.lang.Object object,
User user,
AccessRight right)
Returns true if a user may perform a particular operation on
an object.
|
static final java.lang.String CLASS_VERSION
static final int UNSPECIFIED
static final int GRANTED
static final int DENIED
boolean hasAccess(java.lang.Object object, User user, AccessRight right) throws SecurityException
SecurityException
int getAccess(AccessControlList acl, java.lang.Object object, Persona persona, AccessRight right, boolean exactPersona) throws SecurityException
This method is often used to perform the basic authorization check by hasAccess(), although it need not be.
This method is also useful for user interfaces that want to present information about rights that are achieved by inheritance or by the persona's inclusion within a group rather than being explicitly assigned to a persona, but may also be used internally by hasAccess().
For example, to determine if READ access is granted, denied, or unspecified to a persona via inheritance you can call:
SecuredObject object = ...; Persona persona = ...; SecurityPolicy policy = ...; AccessControlList acl = object.getImpliedAccessControlList(object); switch (policy.getAccess(acl, object, persona, StandardAccessRights.READ, false)) { case GRANTED: System.out.println("Access was allowed by a container."); break; case DENIED: System.out.println("Access was denied by a container."); break; case UNSPECIFIED: System.out.println("No effect on access by any container."); break; }
To determine if READ access is granted to a persona by the object's ACL you can call:
// retrieve the complete local ACL AccessControlList acl = object.getAccessControlList(); // filter out all ACL entries that are not assigned to the Persona acl = new AccessControlList(acl.getAccessControlEntriesForPersona(persona)); switch (policy.hasAccess(acl, object, persona, StandardAccessRights.READ, true)) { case GRANTED: System.out.println("Access was explicitly granted locally."); break; case DENIED: System.out.println("Access was explicitly denied locally."); break; case UNSPECIFIED: System.out.println("No effect on access locally."); break; }
SecurityException
AccessControlList getImpliedAccessControlList(java.lang.Object object) throws SecurityException
SecurityException
AccessControlList getEffectiveAccessControlList(java.lang.Object object) throws SecurityException
SecurityException
Persona getCreationOwner(java.lang.Object object) throws SecurityException
SecurityException
AccessControlList getCreationAccessControlList(java.lang.Object object) throws SecurityException
SecurityException