oracle.jbo.server.security

Class XSDataSecurityProviderImpl

java.lang.Object

oracle.jbo.server.security.AbstractDataSecurityProviderImpl

oracle.jbo.server.security.XSDataSecurityProviderImpl

All Implemented Interfaces:

DataSecurityProvider

public class XSDataSecurityProviderImpl
extends AbstractDataSecurityProviderImpl

Constructor Summary

Constructors

Constructor and Description
XSDataSecurityProviderImpl()

Method Summary

Methods

Modifier and Type	Method and Description
oracle.adf.share.security.authorization.PrivilegeHolder	checkPrivilege(Row row, java.lang.String privToCheck, AttributeDef attrDef, StructureDef defObject) Checks row instance privilege.
java.util.Map.Entry<java.lang.String,java.lang.Class>	getImplicitSecurityAttrSQLExpressionAndDomain(java.util.List<java.lang.String> privsToCheck, StructureDef defObject) Optional: XDB data security requires additional sql attribute sys_get_aclids(table_alias, privsToCheck) for getting aclids of row instances in the query.
java.lang.String	getPrivilegeFilterWhereClause(java.lang.String privsRequiredToView, StructureDef defObject, java.lang.String entityRefName) Gets the where clause for read restriction.

Methods inherited from class oracle.jbo.server.security.AbstractDataSecurityProviderImpl

getTransaction, initAndAttachElevatedSession, restoreOriginalSession, setTransaction

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

XSDataSecurityProviderImpl

public XSDataSecurityProviderImpl()

Method Detail

checkPrivilege

public oracle.adf.share.security.authorization.PrivilegeHolder checkPrivilege(Row row,
                                                                     java.lang.String privToCheck,
                                                                     AttributeDef attrDef,
                                                                     StructureDef defObject)

Description copied from interface: DataSecurityProvider

Checks row instance privilege. This method is called when evaluating the allows.priv EL. Privilege check for XDB is a DataPermission check of the privilege with the aclids on the row instance. Privilege check for native JAAS case would be AccessConntroller.checkPermission of java permission.

Specified by:

checkPrivilege in interface DataSecurityProvider

Overrides:

checkPrivilege in class AbstractDataSecurityProviderImpl

Parameters:

row - The row instance to be checked for privilege.

privToCheck - The privilege to be checked.

attrDef - The attribute definition.

defObject - The entity or view def.

Returns:

A PrivilegeHoder for the privilege checked.

See Also:

StructureDef, oracle.jbo.PrivilegeHolder

getPrivilegeFilterWhereClause

public java.lang.String getPrivilegeFilterWhereClause(java.lang.String privsRequiredToView,
                                             StructureDef defObject,
                                             java.lang.String entityRefName)

Description copied from interface: DataSecurityProvider

Gets the where clause for read restriction. XDB security with read enabled in the database should return null.

Specified by:

getPrivilegeFilterWhereClause in interface DataSecurityProvider

Overrides:

getPrivilegeFilterWhereClause in class AbstractDataSecurityProviderImpl

Parameters:

privsRequiredToView - The row filter privileges for read.

defObject - The definition object in which the filter apply.

entityRefName - The name of the entiry reference in which the filter apply.

Returns:

A string containing the sql expression for read restriction where clause fragment.

See Also:

StructureDef

getImplicitSecurityAttrSQLExpressionAndDomain

public java.util.Map.Entry<java.lang.String,java.lang.Class> getImplicitSecurityAttrSQLExpressionAndDomain(java.util.List<java.lang.String> privsToCheck,
                                                                                                  StructureDef defObject)

Description copied from interface: DataSecurityProvider

Optional: XDB data security requires additional sql attribute sys_get_aclids(table_alias, privsToCheck) for getting aclids of row instances in the query. The return type of this is XMLType and require a special java type to retrieve data from query result. This method is not call unless getImplicitSecurityAttrSQLExpression return an expression.

Specified by:

getImplicitSecurityAttrSQLExpressionAndDomain in interface DataSecurityProvider

Overrides:

getImplicitSecurityAttrSQLExpressionAndDomain in class AbstractDataSecurityProviderImpl

Parameters:

privsToCheck - The privileges for the SQL expression.

defObject - The entity or view definition.

Returns:

The a Map of SQL expression and domain class of security attributes.

See Also:

StructureDef