ome.security
Interface SecuritySystem

All Known Implementing Classes:
BasicSecuritySystem, SecuritySystemHolder, SharingSecuritySystem

public interface SecuritySystem

central security interface. All queries and actions that deal with a secure context should pass through an implementation of this interface.

Since:
3.0-M3
Version:
$Revision: 6046 $, $Date: 2010-02-08 10:13:38 +0000 (Mon, 08 Feb 2010) $
Author:
Josh Moore, josh.moore at gmx.de
See Also:
Token, Details, Permissions, ACLEventListener

Method Summary
 ome.model.internal.Details checkManagedDetails(ome.model.IObject iObject, ome.model.internal.Details trustedDetails)
          checks that a non-privileged user has not attempted to edit the entity's security details.
 void disable(String... ids)
          disables components of the backend for the current Thread.
<T extends ome.model.IObject>
T
doAction(SecureAction action, T... objs)
           
 void enable(String... ids)
          enables components of the backend for the current Thread.
 EventContext getEventContext()
          Returns the current EventContext.
 Roles getSecurityRoles()
           
 boolean hasPrivilegedToken(ome.model.IObject obj)
          checks that the IObject argument has been granted a Token by the SecuritySystem.
 void invalidateEventContext()
          Clears the content of the EventContextso that the SecuritySystem will no longer return true for isReady().
 boolean isDisabled(String id)
          checks if the listed id is disabled for the current Thread.
 boolean isGraphCritical()
          Determines if the current security context has the possibility of corrupting consistent graphs.
 boolean isReady()
          checks if this SecuritySystem instance is in a valid state.
 boolean isSystemType(Class<? extends ome.model.IObject> klass)
          checks if instances of the given type are "System-Types".
 void loadEventContext(boolean isReadyOnly)
          Prepares the current EventContext instance with the current Principal.
 void login(Principal principal)
          stores this Principal instance in the current thread context for authenticating and authorizing all actions.
 int logout()
          clears the top Principal instance from the current thread context.
 ome.model.internal.Details newTransientDetails(ome.model.IObject iObject)
          creates a new secure details for transient entities.
 void runAsAdmin(AdminAction action)
          Allows actions to be performed with the EventContext.isCurrentUserAdmin() flag enabled but without changing the value of EventContext.getCurrentUserId(), so that ownerships are properly handled.
 

Method Detail

login

void login(Principal principal)
stores this Principal instance in the current thread context for authenticating and authorizing all actions. This method does not make any queries and is only a conduit for login information from the outer-most levels. Session bean implementations and other in-JVM clients can fill the Principal. Note, however, a call must first be made to loadEventContext(boolean) or #setEventContext(EventContext) for some calls to be made to the SecuritySystem. In general, this means that execution must pass through the EventHandler


logout

int logout()
clears the top Principal instance from the current thread context.

Returns:
the number of remaining instances.

getEventContext

EventContext getEventContext()
Returns the current EventContext. This

Returns:

loadEventContext

void loadEventContext(boolean isReadyOnly)
Prepares the current EventContext instance with the current Principal. An exception is thrown if there is none.

Parameters:
isReadyOnly -

invalidateEventContext

void invalidateEventContext()
Clears the content of the EventContextso that the SecuritySystem will no longer return true for isReady(). The Principal set during login(Principal) is retained.


isReady

boolean isReady()
checks if this SecuritySystem instance is in a valid state. This includes that a user is properly logged in and that a connection is available to all necessary resources, e.g. database handle and mapping session. Not all methods require that the instance is ready.

Returns:
true if all methods on this interface are ready to be called.

isSystemType

boolean isSystemType(Class<? extends ome.model.IObject> klass)
checks if instances of the given type are "System-Types". Security logic for all system types is significantly different. In general, system types cannot be created, updated, or deleted by regular users, and are visible to all users.

Parameters:
klass - A class which extends from IObject
Returns:
true if instances of the class argument can be considered system types.

hasPrivilegedToken

boolean hasPrivilegedToken(ome.model.IObject obj)
checks that the IObject argument has been granted a Token by the SecuritySystem.


disable

void disable(String... ids)
disables components of the backend for the current Thread. Further checks to isDisabled(String) will return false. It is the responsibility of various security system components to then throw exceptions.

Parameters:
ids - Non-null, non-empty array of String ids to disable.

enable

void enable(String... ids)
enables components of the backend for the current Thread. Further checks to isDisabled(String) will return true.

Parameters:
ids - possibly null array of String ids. A null array specifies that all subsystems are to be enabled. Otherwise, only those subsystems specified by the ids.

isDisabled

boolean isDisabled(String id)
checks if the listed id is disabled for the current Thread.

Parameters:
id - non-null String representing a backend subsystem.
Returns:
true if the backend subsystem has been previously disabled by calls to disable(String[])

isGraphCritical

boolean isGraphCritical()
Determines if the current security context has the possibility of corrupting consistent graphs. Consistent graphs are enforced by the security context to make sure that all READ actions work smoothly. If an administrator or PI is logged into a private group, or otherwise may create an object linked to an object with lower READ rights, then corruption could occur.

See Also:
1769

newTransientDetails

ome.model.internal.Details newTransientDetails(ome.model.IObject iObject)
                                               throws ome.conditions.ApiUsageException,
                                                      ome.conditions.SecurityViolation
creates a new secure details for transient entities. Non-privileged users can only edit the Permissions field. Privileged users can use the Details object as a single-step chmod and chgrp. newTransientDetails always returns a non-null Details that is not equivalent (==) to the Details argument. This method can be used from anywhere in the codebase to obtain a valid Details, but passing in an IObject instance with a null Details. However, if the Details is non-null, there is the possibility that this method will throw an exception.

Throws:
ome.conditions.ApiUsageException - if SecuritySystem is not ready
ome.conditions.SecurityViolation - if Details instance contains illegal values.

checkManagedDetails

ome.model.internal.Details checkManagedDetails(ome.model.IObject iObject,
                                               ome.model.internal.Details trustedDetails)
                                               throws ome.conditions.ApiUsageException,
                                                      ome.conditions.SecurityViolation
checks that a non-privileged user has not attempted to edit the entity's security details. Privileged users can set fields on Details as a single-step chmod and chgrp. managedDetails may create a new Details instance and return that if needed. If the returned Details is not equivalent (==) to the argument Details, then values have been changed.

Parameters:
iObject - non-null IObject instance. Details for that instance can be null.
trustedDetails - possibly null Details instance. These Details are trusted in the sense that they have already once passed through the SecuritySystem.
Throws:
ome.conditions.ApiUsageException - if SecuritySystem is not ready
ome.conditions.SecurityViolation - if Details instance contains illegal values.

runAsAdmin

void runAsAdmin(AdminAction action)
Allows actions to be performed with the EventContext.isCurrentUserAdmin() flag enabled but without changing the value of EventContext.getCurrentUserId(), so that ownerships are properly handled. The merging of detached entity graphs should be disabled for the extent of the execution. Note: the IUpdate save methods should not be used, since they also accept detached entities, which could pose security risks. Instead load an entity from the database via IQuery, make changes, and save the changes with ome.api.IUpdate#flush().


doAction

<T extends ome.model.IObject> T doAction(SecureAction action,
                                         T... objs)

getSecurityRoles

Roles getSecurityRoles()


OmeroJava Api

Version: Beta4.2.1-r8614-Beta4.2-b41

Copyright © 2009 The University of Dundee. All Rights Reserved.