|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface SecuritySystem
central security interface. All queries and actions that deal with a secure context should pass through an implementation of this interface.
Token
,
Details
,
Permissions
,
ACLEventListener
Method Summary | ||
---|---|---|
ome.model.internal.Details |
checkManagedDetails(ome.model.IObject iObject,
ome.model.internal.Details trustedDetails)
checks that a non-privileged user has not attempted to edit the entity's security details . |
|
void |
disable(String... ids)
disables components of the backend for the current Thread. |
|
|
doAction(SecureAction action,
T... objs)
|
|
void |
enable(String... ids)
enables components of the backend for the current Thread. |
|
EventContext |
getEventContext()
Returns the current EventContext . |
|
Roles |
getSecurityRoles()
|
|
boolean |
hasPrivilegedToken(ome.model.IObject obj)
checks that the IObject argument has been granted a Token
by the SecuritySystem . |
|
void |
invalidateEventContext()
Clears the content of the EventContext so that the
SecuritySystem will no longer return true for isReady() . |
|
boolean |
isDisabled(String id)
checks if the listed id is disabled for the current Thread. |
|
boolean |
isGraphCritical()
Determines if the current security context has the possibility of corrupting consistent graphs. |
|
boolean |
isReady()
checks if this SecuritySystem instance is in a valid state. |
|
boolean |
isSystemType(Class<? extends ome.model.IObject> klass)
checks if instances of the given type are "System-Types". |
|
void |
loadEventContext(boolean isReadyOnly)
Prepares the current EventContext instance with the current
Principal . |
|
void |
login(Principal principal)
stores this Principal instance in the current thread context for
authenticating and authorizing all actions. |
|
int |
logout()
clears the top Principal instance from the current thread
context. |
|
ome.model.internal.Details |
newTransientDetails(ome.model.IObject iObject)
creates a new secure details for transient
entities. |
|
void |
runAsAdmin(AdminAction action)
Allows actions to be performed with the EventContext.isCurrentUserAdmin() flag enabled but
without changing the value of
EventContext.getCurrentUserId() , so that ownerships are properly
handled. |
Method Detail |
---|
void login(Principal principal)
Principal
instance in the current thread context for
authenticating and authorizing all actions. This method does not
make any queries and is only a conduit for login information from the
outer-most levels. Session bean implementations and other in-JVM clients
can fill the Principal
. Note, however, a call must first be made
to loadEventContext(boolean)
or
#setEventContext(EventContext)
for some calls to be made to the
SecuritySystem
. In general, this means that execution must pass
through the EventHandler
int logout()
Principal
instance from the current thread
context.
EventContext getEventContext()
EventContext
. This
void loadEventContext(boolean isReadyOnly)
EventContext
instance with the current
Principal
. An exception is thrown if there is none.
isReadyOnly
- void invalidateEventContext()
EventContext
so that the
SecuritySystem
will no longer return true for isReady()
.
The Principal
set during login(Principal)
is retained.
boolean isReady()
SecuritySystem
instance is in a valid state. This
includes that a user is properly logged in and that a connection is
available to all necessary resources, e.g. database handle and mapping
session.
Not all methods require that the instance is ready.
boolean isSystemType(Class<? extends ome.model.IObject> klass)
klass
- A class which extends from IObject
boolean hasPrivilegedToken(ome.model.IObject obj)
IObject
argument has been granted a Token
by the SecuritySystem
.
void disable(String... ids)
isDisabled(String)
will return false. It is the
responsibility of various security system components to then throw
exceptions.
ids
- Non-null, non-empty array of String ids to disable.void enable(String... ids)
isDisabled(String)
will return true.
ids
- possibly null array of String ids. A null array specifies that
all subsystems are to be enabled. Otherwise, only those
subsystems specified by the ids.boolean isDisabled(String id)
id
- non-null String representing a backend subsystem.
disable(String[])
boolean isGraphCritical()
ome.model.internal.Details newTransientDetails(ome.model.IObject iObject) throws ome.conditions.ApiUsageException, ome.conditions.SecurityViolation
details
for transient
entities. Non-privileged users can only edit the
Permissions
field. Privileged users can
use the Details
object as a single-step chmod
and
chgrp
.
newTransientDetails
always returns
a non-null Details that is not equivalent (==) to the Details argument.
This method can be used from anywhere in the codebase to obtain a valid
Details
, but passing in an IObject
instance with a null
Details
. However, if the Details
is non-null, there is
the possibility that this method will throw an exception.
ome.conditions.ApiUsageException
- if SecuritySystem
is not ready
ome.conditions.SecurityViolation
- if Details
instance contains illegal values.ome.model.internal.Details checkManagedDetails(ome.model.IObject iObject, ome.model.internal.Details trustedDetails) throws ome.conditions.ApiUsageException, ome.conditions.SecurityViolation
security details
. Privileged users can set
fields on Details
as a single-step chmod
and
chgrp
.
managedDetails
may create
a new Details instance and return that if needed. If the returned Details
is not equivalent (==) to the argument Details, then values have been
changed.
iObject
- non-null IObject
instance. Details
for that
instance can be null.trustedDetails
- possibly null Details
instance. These Details
are trusted in the sense that they have already once passed
through the SecuritySystem
.
ome.conditions.ApiUsageException
- if SecuritySystem
is not ready
ome.conditions.SecurityViolation
- if Details
instance contains illegal values.void runAsAdmin(AdminAction action)
EventContext.isCurrentUserAdmin()
flag enabled but
without changing the value of
EventContext.getCurrentUserId()
, so that ownerships are properly
handled. The merging of detached entity graphs should be disabled for the
extent of the execution.
Note: the IUpdate
save methods should not be used, since
they also accept detached entities, which could pose security risks.
Instead load an entity from the database via IQuery
,
make changes, and save the changes with ome.api.IUpdate#flush()
.
<T extends ome.model.IObject> T doAction(SecureAction action, T... objs)
Roles getSecurityRoles()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Version: Beta-4.2.0-r7571-b29
Copyright © 2009 The University of Dundee. All Rights Reserved.