ome.security.basic
Class BasicSecuritySystem

java.lang.Object
  extended by ome.security.basic.BasicSecuritySystem
All Implemented Interfaces:
SecuritySystem, org.springframework.context.ApplicationContextAware

public class BasicSecuritySystem
extends Object
implements SecuritySystem, org.springframework.context.ApplicationContextAware

simplest implementation of SecuritySystem. Uses an ctor-injected EventContext and the ThreadLocal-based CurrentDetails to provide the security infrastructure.

Since:
3.0-M3
Version:
$Revision: 4446 $, $Date: 2007-06-02 12:31:30 +0200 (Sat, 02 Jun 2007) $
Author:
Josh Moore, josh.moore at gmx.de
See Also:
Token, SecuritySystem, Details, Permissions

Field Summary
protected  CurrentDetails cd
           
protected  OmeroContext ctx
           
protected  OmeroInterceptor interceptor
           
protected  Roles roles
           
protected  SessionManager sessionManager
           
protected  ServiceFactory sf
           
protected  SystemTypes sysTypes
           
protected  TokenHolder tokenHolder
           
 
Constructor Summary
BasicSecuritySystem(OmeroInterceptor interceptor, SystemTypes sysTypes, CurrentDetails cd, SessionManager sessionManager, Roles roles, ServiceFactory sf, TokenHolder tokenHolder)
          Main public constructor for this SecuritySystem implementation.
 
Method Summary
 void addLog(String action, Class klass, Long id)
           
 ome.model.internal.Details checkManagedDetails(ome.model.IObject object, ome.model.internal.Details trustedDetails)
          checks that a non-privileged user has not attempted to edit the entity's security details.
protected  void checkReady(String method)
          calls isReady() and if not throws an ApiUsageException.
 void clearLogs()
           
 void copyToken(ome.model.IObject source, ome.model.IObject copy)
          See {@link TokenHolder#copyToken(IObject, IObject)
 void disable(String... ids)
          disables components of the backend for the current Thread.
 void disableReadFilter(Object session)
          disable this filer.
<T extends ome.model.IObject>
T
doAction(SecureAction action, T... objs)
          It would be better to catch the SecureAction#updateObject(IObject) method in a try/finally block, but since flush can be so poorly controlled that's not possible. instead, we use the one time token which is removed this Object is checked for privileges.
 void enable(String... ids)
          enables components of the backend for the current Thread.
 void enableReadFilter(Object session)
          enables the read filter such that graph queries will have non-visible entities silently removed from the return value.
 EventContext getEventContext()
          Returns the current EventContext.
 List<ome.model.meta.EventLog> getLogs()
           
 Roles getSecurityRoles()
           
 boolean hasPrivilegedToken(ome.model.IObject obj)
          See {@link TokenHolder#hasPrivilegedToken(IObject)
 void invalidateEventContext()
          Clears the content of the EventContextso that the SecuritySystem will no longer return true for SecuritySystem.isReady().
 boolean isDisabled(String id)
          checks if the listed id is disabled for the current Thread.
 boolean isOwnerOrSupervisor(ome.model.IObject iObject)
          tests whether or not the current user is either the owner of this entity, or the superivsor of this entity, for example as root or as group owner.
 boolean isReady()
          implements SecuritySystem.isReady().
 boolean isSystemType(Class<? extends ome.model.IObject> klass)
          classes which cannot be created by regular users.
 void loadEventContext(boolean isReadOnly)
          Prepares the current EventContext instance with the current Principal.
 void login(Principal principal)
          stores this Principal instance in the current thread context for authenticating and authorizing all actions.
 int logout()
          clears the top Principal instance from the current thread context.
 ome.model.internal.Details newTransientDetails(ome.model.IObject object)
          creates a new secure details for transient entities.
 void runAsAdmin(AdminAction action)
          merge event is disabled for runAsAdmin(AdminAction) because passing detached (client-side) entities to this method is particularly dangerous.
static BasicSecuritySystem selfConfigure(SessionManager sm, ServiceFactory sf)
          Simpilifed factory method which generates all the security primitives internally.
 void setApplicationContext(org.springframework.context.ApplicationContext arg0)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

interceptor

protected final OmeroInterceptor interceptor

sysTypes

protected final SystemTypes sysTypes

cd

protected final CurrentDetails cd

tokenHolder

protected final TokenHolder tokenHolder

roles

protected final Roles roles

sessionManager

protected final SessionManager sessionManager

sf

protected final ServiceFactory sf

ctx

protected OmeroContext ctx
Constructor Detail

BasicSecuritySystem

public BasicSecuritySystem(OmeroInterceptor interceptor,
                           SystemTypes sysTypes,
                           CurrentDetails cd,
                           SessionManager sessionManager,
                           Roles roles,
                           ServiceFactory sf,
                           TokenHolder tokenHolder)
Main public constructor for this SecuritySystem implementation.

Method Detail

selfConfigure

public static BasicSecuritySystem selfConfigure(SessionManager sm,
                                                ServiceFactory sf)
Simpilifed factory method which generates all the security primitives internally. Primarily useful for generated testing instances.


setApplicationContext

public void setApplicationContext(org.springframework.context.ApplicationContext arg0)
                           throws org.springframework.beans.BeansException
Specified by:
setApplicationContext in interface org.springframework.context.ApplicationContextAware
Throws:
org.springframework.beans.BeansException

login

public void login(Principal principal)
Description copied from interface: SecuritySystem
stores this Principal instance in the current thread context for authenticating and authorizing all actions. This method does not make any queries and is only a conduit for login information from the outer-most levels. Session bean implementations and other in-JVM clients can fill the Principal. Note, however, a call must first be made to SecuritySystem.loadEventContext(boolean) or #setEventContext(EventContext) for some calls to be made to the SecuritySystem. In general, this means that execution must pass through the EventHandler

Specified by:
login in interface SecuritySystem

logout

public int logout()
Description copied from interface: SecuritySystem
clears the top Principal instance from the current thread context.

Specified by:
logout in interface SecuritySystem
Returns:
the number of remaining instances.

isReady

public boolean isReady()
implements SecuritySystem.isReady(). Simply checks for null values in all the relevant fields of CurrentDetails

Specified by:
isReady in interface SecuritySystem
Returns:
true if all methods on this interface are ready to be called.

isSystemType

public boolean isSystemType(Class<? extends ome.model.IObject> klass)
classes which cannot be created by regular users.

Specified by:
isSystemType in interface SecuritySystem
Parameters:
klass - A class which extends from IObject
Returns:
true if instances of the class argument can be considered system types.
See Also:
ticket156

isOwnerOrSupervisor

public boolean isOwnerOrSupervisor(ome.model.IObject iObject)
tests whether or not the current user is either the owner of this entity, or the superivsor of this entity, for example as root or as group owner.

Parameters:
iObject - Non-null managed entity.
Returns:
true if the current user is owner or supervisor of this entity

enableReadFilter

public void enableReadFilter(Object session)
enables the read filter such that graph queries will have non-visible entities silently removed from the return value. This filter does not apply to single value loads from the database. See #allowLoad(Class, Details) for more. Note: this filter must be disabled on logout, otherwise the necessary parameters (current user, current group, etc.) for building the filters will not be available. Similarly, while enabling this filter, no calls should be made on the given session object.

Parameters:
session - a generic session object which can be used to enable this filter. Each SecuritySystem implementation will require a specific session type.
See Also:
EventHandler.invoke(org.aopalliance.intercept.MethodInvocation)

disableReadFilter

public void disableReadFilter(Object session)
disable this filer. All future queries will have no security context associated with them and all items will be visible.

Parameters:
session - a generic session object which can be used to disable this filter. Each SecuritySystem implementation will require a specifc session type.
See Also:
EventHandler.invoke(org.aopalliance.intercept.MethodInvocation)

disable

public void disable(String... ids)
Description copied from interface: SecuritySystem
disables components of the backend for the current Thread. Further checks to SecuritySystem.isDisabled(String) will return false. It is the responsibility of various security system components to then throw exceptions.

Specified by:
disable in interface SecuritySystem
Parameters:
ids - Non-null, non-empty array of String ids to disable.

enable

public void enable(String... ids)
Description copied from interface: SecuritySystem
enables components of the backend for the current Thread. Further checks to SecuritySystem.isDisabled(String) will return true.

Specified by:
enable in interface SecuritySystem
Parameters:
ids - possibly null array of String ids. A null array specifies that all subsystems are to be enabled. Otherwise, only those subsystems specified by the ids.

isDisabled

public boolean isDisabled(String id)
Description copied from interface: SecuritySystem
checks if the listed id is disabled for the current Thread.

Specified by:
isDisabled in interface SecuritySystem
Parameters:
id - non-null String representing a backend subsystem.
Returns:
true if the backend subsystem has been previously disabled by calls to SecuritySystem.disable(String[])

newTransientDetails

public ome.model.internal.Details newTransientDetails(ome.model.IObject object)
                                               throws ome.conditions.ApiUsageException,
                                                      ome.conditions.SecurityViolation
Description copied from interface: SecuritySystem
creates a new secure details for transient entities. Non-privileged users can only edit the Permissions field. Privileged users can use the Details object as a single-step chmod and chgrp. newTransientDetails always returns a non-null Details that is not equivalent (==) to the Details argument. This method can be used from anywhere in the codebase to obtain a valid Details, but passing in an IObject instance with a null Details. However, if the Details is non-null, there is the possibility that this method will throw an exception.

Specified by:
newTransientDetails in interface SecuritySystem
Throws:
ome.conditions.ApiUsageException - if SecuritySystem is not ready
ome.conditions.SecurityViolation - if Details instance contains illegal values.

checkManagedDetails

public ome.model.internal.Details checkManagedDetails(ome.model.IObject object,
                                                      ome.model.internal.Details trustedDetails)
                                               throws ome.conditions.ApiUsageException,
                                                      ome.conditions.SecurityViolation
Description copied from interface: SecuritySystem
checks that a non-privileged user has not attempted to edit the entity's security details. Privileged users can set fields on Details as a single-step chmod and chgrp. managedDetails may create a new Details instance and return that if needed. If the returned Details is not equivalent (==) to the argument Details, then values have been changed.

Specified by:
checkManagedDetails in interface SecuritySystem
Parameters:
object - non-null IObject instance. Details for that instance can be null.
trustedDetails - possibly null Details instance. These Details are trusted in the sense that they have already once passed through the SecuritySystem.
Throws:
ome.conditions.ApiUsageException - if SecuritySystem is not ready
ome.conditions.SecurityViolation - if Details instance contains illegal values.

loadEventContext

public void loadEventContext(boolean isReadOnly)
Description copied from interface: SecuritySystem
Prepares the current EventContext instance with the current Principal. An exception is thrown if there is none.

Specified by:
loadEventContext in interface SecuritySystem

addLog

public void addLog(String action,
                   Class klass,
                   Long id)

getLogs

public List<ome.model.meta.EventLog> getLogs()

clearLogs

public void clearLogs()

invalidateEventContext

public void invalidateEventContext()
Description copied from interface: SecuritySystem
Clears the content of the EventContextso that the SecuritySystem will no longer return true for SecuritySystem.isReady(). The Principal set during SecuritySystem.login(Principal) is retained.

Specified by:
invalidateEventContext in interface SecuritySystem

doAction

public <T extends ome.model.IObject> T doAction(SecureAction action,
                                                T... objs)
It would be better to catch the SecureAction#updateObject(IObject) method in a try/finally block, but since flush can be so poorly controlled that's not possible. instead, we use the one time token which is removed this Object is checked for privileges.

Specified by:
doAction in interface SecuritySystem
Parameters:
obj - A managed (non-detached) entity. Not null.
action - A code-block that will be given the entity argument with a hasPrivilegedToken(IObject) privileged token}.

runAsAdmin

public void runAsAdmin(AdminAction action)
merge event is disabled for runAsAdmin(AdminAction) because passing detached (client-side) entities to this method is particularly dangerous.

Specified by:
runAsAdmin in interface SecuritySystem

copyToken

public void copyToken(ome.model.IObject source,
                      ome.model.IObject copy)
See {@link TokenHolder#copyToken(IObject, IObject)


hasPrivilegedToken

public boolean hasPrivilegedToken(ome.model.IObject obj)
See {@link TokenHolder#hasPrivilegedToken(IObject)

Specified by:
hasPrivilegedToken in interface SecuritySystem

getSecurityRoles

public Roles getSecurityRoles()
Specified by:
getSecurityRoles in interface SecuritySystem

getEventContext

public EventContext getEventContext()
Description copied from interface: SecuritySystem
Returns the current EventContext. This

Specified by:
getEventContext in interface SecuritySystem
Returns:

checkReady

protected void checkReady(String method)
calls isReady() and if not throws an ApiUsageException. The SecuritySystem must be in a valid state to perform several functions.



OmeroJava Api

Version: Beta-4.1.1-r5927-b91

Copyright © 2009 The University of Dundee. All Rights Reserved.