Security Manager interface

The com.endeca.portal.data.security.BddSecurityManager interface represents a Security Manager capable of applying record-level security filters for BDD.

For additional details about BddSecurityManager, see the Component SDK API Reference.

Class Summary Item	Item Value or Description
Abstract base class	com.endeca.portal.data.security.AbstractBddSecurityManager
Concrete implementation class	com.endeca.portal.data.security.AttributeAclSecurityManager
Implementation behavior	The AttributeAclSecurityManager implementation filters records in a data set (collection) according to Access Control List (ACL) multi-assign attributes which have been added to each record during a data ingest. The class assumes that these attributes are named: `__allow_user` for user-permissions `__allow_group` for group-permissions `__allow_role` for role-permissions This implementation requires a collection/data-set to have all three of these attributes if it is to be secured, even if one or more of them is not used. It is also required that each of these attributes must be multi-assign string attributes (i.e., type=mdex:string and isSingleAssign=false). Each record is filtered according to the name of the user and those of the groups/roles held by that user, the names of which need to be assigned to the above attributes.

Class Summary Item

Item Value or Description

Abstract base class

com.endeca.portal.data.security.AbstractBddSecurityManager

Concrete implementation class

com.endeca.portal.data.security.AttributeAclSecurityManager

Implementation behavior

The AttributeAclSecurityManager implementation filters records in a data set (collection) according to Access Control List (ACL) multi-assign attributes which have been added to each record during a data ingest.

The class assumes that these attributes are named:

__allow_user for user-permissions
__allow_group for group-permissions
__allow_role for role-permissions

This implementation requires a collection/data-set to have all three of these attributes if it is to be secured, even if one or more of them is not used. It is also required that each of these attributes must be multi-assign string attributes (i.e., type=mdex:string and isSingleAssign=false). Each record is filtered according to the name of the user and those of the groups/roles held by that user, the names of which need to be assigned to the above attributes.

The SDK package contains a SampleBddSecurityManager.java that is based on AttributeAclSecurityManager. The file is included in the bddsecuritymanager.zip, which is in the components/endeca-extensions directory in the Component SDK.