oracle.jbo.server.security

Class AbstractDataSecurityProviderImpl

java.lang.Object

oracle.jbo.server.security.AbstractDataSecurityProviderImpl

All Implemented Interfaces:

DataSecurityProvider

Direct Known Subclasses:

JAASDataSecurityProviderImpl, XSDataSecurityProviderImpl

public abstract class AbstractDataSecurityProviderImpl
extends java.lang.Object
implements DataSecurityProvider

Constructor Summary

Constructors

Constructor and Description
AbstractDataSecurityProviderImpl()

Method Summary

Modifier and Type	Method and Description
oracle.adf.share.security.authorization.PrivilegeHolder	checkPrivilege(Row row, java.lang.String privToCheck, AttributeDef attrDef, StructureDef defObject) Checks row instance privilege.
java.util.Map.Entry<java.lang.String,java.lang.Class>	getImplicitSecurityAttrSQLExpressionAndDomain(java.util.List<java.lang.String> privsToCheck, StructureDef defObject) Optional: XDB data security requires additional sql attribute sys_get_aclids(table_alias, privsToCheck) for getting aclids of row instances in the query.
java.lang.String	getPrivilegeFilterWhereClause(java.lang.String privsRequiredToView, StructureDef defObject, java.lang.String entityRefName) Gets the where clause for read restriction.
Transaction	getTransaction()
java.lang.String	getUserActionAllowedCondition(Row row, java.lang.String privToCheck, AttributeDef attrDef, StructureDef defObject) Gets user operation allowed condition.
void	initAndAttachElevatedSession(java.lang.String userName)
void	initElevatedSubject(java.lang.String elevatedUser, javax.security.auth.Subject elevatedSubject)
void	restoreOriginalSession()
void	restoreOriginalSubject(java.lang.String userName, javax.security.auth.Subject subject)
void	setTransaction(DBTransaction dbTransaction) Internal: Applications should not use this method.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractDataSecurityProviderImpl

public AbstractDataSecurityProviderImpl()

Method Detail

getTransaction

@Restricted
public Transaction getTransaction()

Specified by:

getTransaction in interface DataSecurityProvider

Returns:

The DB Transaction that the view or entity object is using.

See Also:

Transaction

setTransaction

@Restricted
public void setTransaction(DBTransaction dbTransaction)

Internal: Applications should not use this method.

checkPrivilege

public oracle.adf.share.security.authorization.PrivilegeHolder checkPrivilege(Row row,
                                                                              java.lang.String privToCheck,
                                                                              AttributeDef attrDef,
                                                                              StructureDef defObject)

Description copied from interface: DataSecurityProvider

Checks row instance privilege. This method is called when evaluating the allows.priv EL. Privilege check for XDB is a DataPermission check of the privilege with the aclids on the row instance. Privilege check for native JAAS case would be AccessConntroller.checkPermission of java permission.

Specified by:

checkPrivilege in interface DataSecurityProvider

Parameters:

row - The row instance to be checked for privilege.

privToCheck - The privilege to be checked.

attrDef - The attribute definition.

defObject - The entity or view def.

Returns:

A PrivilegeHoder for the privilege checked.

See Also:

StructureDef, oracle.jbo.PrivilegeHolder

getPrivilegeFilterWhereClause

public java.lang.String getPrivilegeFilterWhereClause(java.lang.String privsRequiredToView,
                                                      StructureDef defObject,
                                                      java.lang.String entityRefName)

Description copied from interface: DataSecurityProvider

Gets the where clause for read restriction. XDB security with read enabled in the database should return null.

Specified by:

getPrivilegeFilterWhereClause in interface DataSecurityProvider

Parameters:

privsRequiredToView - The row filter privileges for read.

defObject - The definition object in which the filter apply.

entityRefName - The name of the entiry reference in which the filter apply.

Returns:

A string containing the sql expression for read restriction where clause fragment.

See Also:

StructureDef

getImplicitSecurityAttrSQLExpressionAndDomain

public java.util.Map.Entry<java.lang.String,java.lang.Class> getImplicitSecurityAttrSQLExpressionAndDomain(java.util.List<java.lang.String> privsToCheck,
                                                                                                           StructureDef defObject)

Description copied from interface: DataSecurityProvider

Optional: XDB data security requires additional sql attribute sys_get_aclids(table_alias, privsToCheck) for getting aclids of row instances in the query. The return type of this is XMLType and require a special java type to retrieve data from query result. This method is not call unless getImplicitSecurityAttrSQLExpression return an expression.

Specified by:

getImplicitSecurityAttrSQLExpressionAndDomain in interface DataSecurityProvider

Parameters:

privsToCheck - The privileges for the SQL expression.

defObject - The entity or view definition.

Returns:

The a Map of SQL expression and domain class of security attributes.

See Also:

StructureDef

initAndAttachElevatedSession

public void initAndAttachElevatedSession(java.lang.String userName)

restoreOriginalSession

public void restoreOriginalSession()

getUserActionAllowedCondition

public java.lang.String getUserActionAllowedCondition(Row row,
                                                      java.lang.String privToCheck,
                                                      AttributeDef attrDef,
                                                      StructureDef defObject)

Gets user operation allowed condition.

Parameters:

row - he row instance to be checked for privilege.

privToCheck - he privilege to be checked.

attrDef - The attribute definition.

defObject - The entity or view def.

Returns:

the condition clause or null.

initElevatedSubject

@Restricted
public void initElevatedSubject(java.lang.String elevatedUser,
                                            javax.security.auth.Subject elevatedSubject)

Parameters:

elevatedUser - the name of elevated user

elevatedSubject - the elevated user Subject

For internal use only. Application developers should not use this

Not for applications use. For internal framework use only. Initialize elevated subject.

restoreOriginalSubject

@Restricted
public void restoreOriginalSubject(java.lang.String userName,
                                               javax.security.auth.Subject subject)

Parameters:

userName - the user to be restored

subject - the subject to be restored

For internal use only. Application developers should not use this

Not for applications use. For internal framework use only. Restore user subject.