AttributeAclSecurityManager

java.lang.Object
- com.endeca.portal.data.security.AbstractBddSecurityManager
- - com.endeca.portal.data.security.AttributeAclSecurityManager

All Implemented Interfaces:

BddSecurityManager, java.io.Serializable
```
public class AttributeAclSecurityManager
extends AbstractBddSecurityManager
implements BddSecurityManager, java.io.Serializable
```
Example concrete implementation of BddSecurityManager. This implementation filters records in a collection according to access control list (ACL) multi-assign attributes which have been added to each record during data-ingest. This class assumes that these attributes are named:
__allow_user for user-permissions
__allow_group for group-permissions
__allow_role for role-permissions

requires

multi-assign

mdex:string

isSingleAssign=false

Author:: bsrandal
See Also:: Serialized Form

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`protected static class`	`AttributeAclSecurityManager.OrExpressionBuilder` Builder helper that simpifies building a long chain of nested OR expressions, equivalent to A OR B OR C ... etc.

Field Summary

Fields
Modifier and Type	Field and Description
`protected static java.lang.String`	`DEFAULT_ALLOW_GROUP_ACL_ATTRIBUTE_KEY` Default name for the multi-assigned attribute which holds permitted groups for the record.
`protected static java.lang.String`	`DEFAULT_ALLOW_ROLE_ACL_ATTRIBUTE_KEY` Default name for the multi-assigned attribute which holds permitted roles for the record.
`protected static java.lang.String`	`DEFAULT_ALLOW_USER_ACL_ATTRIBUTE_KEY` Default name for the multi-assigned attribute which holds permitted users for the record.

Constructor Summary

Constructors
Constructor and Description

AttributeAclSecurityManager()

Constructors
Constructor and Description
`AttributeAclSecurityManager()`

Method Summary

Methods
Modifier and Type	Method and Description
`protected java.util.List<com.endeca.mdex.conversation.types.EQLFilter>`	`createFilters(javax.portlet.PortletRequest request, MDEXState mdexState, Query query, com.endeca.mdex.conversation.types.State state, com.liferay.portal.model.User user, java.util.List<com.liferay.portal.model.UserGroup> userGroups, java.util.Set<com.liferay.portal.model.Role> roles)` Creates the list of security filters, or returns an empty list if this state/collection should not be filtered.
`protected java.lang.String`	`getAllowGroupAclAttributeKey(com.endeca.mdex.conversation.types.State state)`
`protected java.lang.String`	`getAllowRoleAclAttributeKey(com.endeca.mdex.conversation.types.State state)`
`protected java.lang.String`	`getAllowUserAclAttributeKey(com.endeca.mdex.conversation.types.State state)`
`protected java.lang.String`	`getUserIdentifier(com.liferay.portal.model.User user)`
`protected com.endeca.mdex.eql_parser.types.SetMembershipExpression`	`in(java.lang.String attributeValue, java.lang.String attributeKeyOfSet)` Creates a `SetMembershipExpression` to see if the static value supplied is in the multi-attribute's assignments.

Methods inherited from class com.endeca.portal.data.security.AbstractBddSecurityManager
applyFilters, applySecurity, lookupGroups, lookupRoles, lookupUser

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.endeca.portal.data.security.BddSecurityManager
applySecurity

Field Detail
- DEFAULT_ALLOW_USER_ACL_ATTRIBUTE_KEY
```
protected static final java.lang.String DEFAULT_ALLOW_USER_ACL_ATTRIBUTE_KEY
```
  Default name for the multi-assigned attribute which holds permitted users for the record.
  
  See Also:
  Constant Field Values
- DEFAULT_ALLOW_GROUP_ACL_ATTRIBUTE_KEY
```
protected static final java.lang.String DEFAULT_ALLOW_GROUP_ACL_ATTRIBUTE_KEY
```
  Default name for the multi-assigned attribute which holds permitted groups for the record.
  
  See Also:
  Constant Field Values
- DEFAULT_ALLOW_ROLE_ACL_ATTRIBUTE_KEY
```
protected static final java.lang.String DEFAULT_ALLOW_ROLE_ACL_ATTRIBUTE_KEY
```
  Default name for the multi-assigned attribute which holds permitted roles for the record.
  
  See Also:
  Constant Field Values

Constructor Detail
- AttributeAclSecurityManager
```
public AttributeAclSecurityManager()
```

Method Detail

createFilters

protected java.util.List<com.endeca.mdex.conversation.types.EQLFilter> createFilters(javax.portlet.PortletRequest request,
                                                                         MDEXState mdexState,
                                                                         Query query,
                                                                         com.endeca.mdex.conversation.types.State state,
                                                                         com.liferay.portal.model.User user,
                                                                         java.util.List<com.liferay.portal.model.UserGroup> userGroups,
                                                                         java.util.Set<com.liferay.portal.model.Role> roles)
                                                                              throws BddSecurityException

Creates the list of security filters, or returns an empty list if this state/collection should not be filtered.

Specified by:: createFilters in class AbstractBddSecurityManager
Returns:: list of EQLFilter to secure the current state/collection for this user
Throws:: BddSecurityException

in

protected com.endeca.mdex.eql_parser.types.SetMembershipExpression in(java.lang.String attributeValue,
                                                          java.lang.String attributeKeyOfSet)

Creates a SetMembershipExpression to see if the static value supplied is in the multi-attribute's assignments.

Parameters:: attributeValue -; attributeKeyOfSet -
Returns:: expression to test set membership

getAllowUserAclAttributeKey

protected java.lang.String getAllowUserAclAttributeKey(com.endeca.mdex.conversation.types.State state)

getAllowGroupAclAttributeKey

protected java.lang.String getAllowGroupAclAttributeKey(com.endeca.mdex.conversation.types.State state)

getAllowRoleAclAttributeKey

protected java.lang.String getAllowRoleAclAttributeKey(com.endeca.mdex.conversation.types.State state)

getUserIdentifier

protected java.lang.String getUserIdentifier(com.liferay.portal.model.User user)

Class AttributeAclSecurityManager

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class com.endeca.portal.data.security.AbstractBddSecurityManager

Methods inherited from class java.lang.Object

Methods inherited from interface com.endeca.portal.data.security.BddSecurityManager

Field Detail

DEFAULT_ALLOW_USER_ACL_ATTRIBUTE_KEY

DEFAULT_ALLOW_GROUP_ACL_ATTRIBUTE_KEY

DEFAULT_ALLOW_ROLE_ACL_ATTRIBUTE_KEY

Constructor Detail