ome.security
Class SecuritySystemHolder

java.lang.Object
  extended by ome.security.SecuritySystemHolder
All Implemented Interfaces:
SecuritySystem

public class SecuritySystemHolder
extends Object
implements SecuritySystem

Security dispatcher holding each currently active SecuritySystem instance and allowing dispatching between them.

Since:
3.0-Beta4
Author:
Josh Moore, josh at glencoesoftware.com
See Also:
BasicSecuritySystem, SharingSecuritySystem

Field Summary
protected  BasicSecuritySystem basic
           
protected  ThreadLocal<SecuritySystem> current
           
protected  SharingSecuritySystem sharing
           
 
Constructor Summary
SecuritySystemHolder(BasicSecuritySystem basic, SharingSecuritySystem sharing)
           
 
Method Summary
 ome.model.internal.Details checkManagedDetails(ome.model.IObject object, ome.model.internal.Details trustedDetails)
          checks that a non-privileged user has not attempted to edit the entity's security details.
 SecuritySystem choose()
           
 void disable(String... ids)
          disables components of the backend for the current Thread.
<T extends ome.model.IObject>
T
doAction(SecureAction action, T... objs)
           
 void enable(String... ids)
          enables components of the backend for the current Thread.
 EventContext getEventContext()
          Calls SecuritySystem.getEventContext(boolean) with a false as "refresh".
 EventContext getEventContext(boolean refresh)
          If refresh is false, returns the current EventContext stored in the session.
 Roles getSecurityRoles()
           
 boolean hasPrivilegedToken(ome.model.IObject obj)
          checks that the IObject argument has been granted a Token by the SecuritySystem.
 void invalidateEventContext()
          Clears the content of the EventContextso that the SecuritySystem will no longer return true for SecuritySystem.isReady().
 boolean isDisabled(String id)
          checks if the listed id is disabled for the current Thread.
 boolean isGraphCritical()
          Determines if the current security context has the possibility of corrupting consistent graphs.
 boolean isReady()
          checks if this SecuritySystem instance is in a valid state.
 boolean isSystemType(Class<? extends ome.model.IObject> klass)
          checks if instances of the given type are "System-Types".
 void loadEventContext(boolean isReadyOnly)
          Prepares the current EventContext instance with the current Principal.
 void login(Principal principal)
          stores this Principal instance in the current thread context for authenticating and authorizing all actions.
 int logout()
          clears the top Principal instance from the current thread context.
 ome.model.internal.Details newTransientDetails(ome.model.IObject object)
          creates a new secure details for transient entities.
 void runAsAdmin(AdminAction action)
          Allows actions to be performed with the EventContext.isCurrentUserAdmin() flag enabled but without changing the value of EventContext.getCurrentUserId(), so that ownerships are properly handled.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

basic

protected final BasicSecuritySystem basic

sharing

protected final SharingSecuritySystem sharing

current

protected ThreadLocal<SecuritySystem> current
Constructor Detail

SecuritySystemHolder

public SecuritySystemHolder(BasicSecuritySystem basic,
                            SharingSecuritySystem sharing)
Method Detail

choose

public SecuritySystem choose()

checkManagedDetails

public ome.model.internal.Details checkManagedDetails(ome.model.IObject object,
                                                      ome.model.internal.Details trustedDetails)
                                               throws ome.conditions.ApiUsageException,
                                                      ome.conditions.SecurityViolation
Description copied from interface: SecuritySystem
checks that a non-privileged user has not attempted to edit the entity's security details. Privileged users can set fields on Details as a single-step chmod and chgrp. managedDetails may create a new Details instance and return that if needed. If the returned Details is not equivalent (==) to the argument Details, then values have been changed.

Specified by:
checkManagedDetails in interface SecuritySystem
Parameters:
object - non-null IObject instance. Details for that instance can be null.
trustedDetails - possibly null Details instance. These Details are trusted in the sense that they have already once passed through the SecuritySystem.
Throws:
ome.conditions.ApiUsageException - if SecuritySystem is not ready
ome.conditions.SecurityViolation - if Details instance contains illegal values.

invalidateEventContext

public void invalidateEventContext()
Description copied from interface: SecuritySystem
Clears the content of the EventContextso that the SecuritySystem will no longer return true for SecuritySystem.isReady(). The Principal set during SecuritySystem.login(Principal) is retained.

Specified by:
invalidateEventContext in interface SecuritySystem

disable

public void disable(String... ids)
Description copied from interface: SecuritySystem
disables components of the backend for the current Thread. Further checks to SecuritySystem.isDisabled(String) will return false. It is the responsibility of various security system components to then throw exceptions.

Specified by:
disable in interface SecuritySystem
Parameters:
ids - Non-null, non-empty array of String ids to disable.

doAction

public <T extends ome.model.IObject> T doAction(SecureAction action,
                                                T... objs)
Specified by:
doAction in interface SecuritySystem

enable

public void enable(String... ids)
Description copied from interface: SecuritySystem
enables components of the backend for the current Thread. Further checks to SecuritySystem.isDisabled(String) will return true.

Specified by:
enable in interface SecuritySystem
Parameters:
ids - possibly null array of String ids. A null array specifies that all subsystems are to be enabled. Otherwise, only those subsystems specified by the ids.

getEventContext

public EventContext getEventContext()
Description copied from interface: SecuritySystem
Calls SecuritySystem.getEventContext(boolean) with a false as "refresh". This is the previous, safer logic of the method since consumers are not expecting a long-method run.

Specified by:
getEventContext in interface SecuritySystem
Returns:

getEventContext

public EventContext getEventContext(boolean refresh)
Description copied from interface: SecuritySystem
If refresh is false, returns the current EventContext stored in the session. Otherwise, reloads the context to have the most up-to-date information.

Specified by:
getEventContext in interface SecuritySystem
Returns:
See Also:
ticket:4011

getSecurityRoles

public Roles getSecurityRoles()
Specified by:
getSecurityRoles in interface SecuritySystem

hasPrivilegedToken

public boolean hasPrivilegedToken(ome.model.IObject obj)
Description copied from interface: SecuritySystem
checks that the IObject argument has been granted a Token by the SecuritySystem.

Specified by:
hasPrivilegedToken in interface SecuritySystem

isDisabled

public boolean isDisabled(String id)
Description copied from interface: SecuritySystem
checks if the listed id is disabled for the current Thread.

Specified by:
isDisabled in interface SecuritySystem
Parameters:
id - non-null String representing a backend subsystem.
Returns:
true if the backend subsystem has been previously disabled by calls to SecuritySystem.disable(String[])

isReady

public boolean isReady()
Description copied from interface: SecuritySystem
checks if this SecuritySystem instance is in a valid state. This includes that a user is properly logged in and that a connection is available to all necessary resources, e.g. database handle and mapping session. Not all methods require that the instance is ready.

Specified by:
isReady in interface SecuritySystem
Returns:
true if all methods on this interface are ready to be called.

isSystemType

public boolean isSystemType(Class<? extends ome.model.IObject> klass)
Description copied from interface: SecuritySystem
checks if instances of the given type are "System-Types". Security logic for all system types is significantly different. In general, system types cannot be created, updated, or deleted by regular users, and are visible to all users.

Specified by:
isSystemType in interface SecuritySystem
Parameters:
klass - A class which extends from IObject
Returns:
true if instances of the class argument can be considered system types.

loadEventContext

public void loadEventContext(boolean isReadyOnly)
Description copied from interface: SecuritySystem
Prepares the current EventContext instance with the current Principal. An exception is thrown if there is none.

Specified by:
loadEventContext in interface SecuritySystem

login

public void login(Principal principal)
Description copied from interface: SecuritySystem
stores this Principal instance in the current thread context for authenticating and authorizing all actions. This method does not make any queries and is only a conduit for login information from the outer-most levels. Session bean implementations and other in-JVM clients can fill the Principal. Note, however, a call must first be made to SecuritySystem.loadEventContext(boolean) or #setEventContext(EventContext) for some calls to be made to the SecuritySystem. In general, this means that execution must pass through the EventHandler

Specified by:
login in interface SecuritySystem

logout

public int logout()
Description copied from interface: SecuritySystem
clears the top Principal instance from the current thread context.

Specified by:
logout in interface SecuritySystem
Returns:
the number of remaining instances.

newTransientDetails

public ome.model.internal.Details newTransientDetails(ome.model.IObject object)
                                               throws ome.conditions.ApiUsageException,
                                                      ome.conditions.SecurityViolation
Description copied from interface: SecuritySystem
creates a new secure details for transient entities. Non-privileged users can only edit the Permissions field. Privileged users can use the Details object as a single-step chmod and chgrp. newTransientDetails always returns a non-null Details that is not equivalent (==) to the Details argument. This method can be used from anywhere in the codebase to obtain a valid Details, but passing in an IObject instance with a null Details. However, if the Details is non-null, there is the possibility that this method will throw an exception.

Specified by:
newTransientDetails in interface SecuritySystem
Throws:
ome.conditions.ApiUsageException - if SecuritySystem is not ready
ome.conditions.SecurityViolation - if Details instance contains illegal values.

runAsAdmin

public void runAsAdmin(AdminAction action)
Description copied from interface: SecuritySystem
Allows actions to be performed with the EventContext.isCurrentUserAdmin() flag enabled but without changing the value of EventContext.getCurrentUserId(), so that ownerships are properly handled. The merging of detached entity graphs should be disabled for the extent of the execution. Note: the IUpdate save methods should not be used, since they also accept detached entities, which could pose security risks. Instead load an entity from the database via IQuery, make changes, and save the changes with ome.api.IUpdate#flush().

Specified by:
runAsAdmin in interface SecuritySystem

isGraphCritical

public boolean isGraphCritical()
Description copied from interface: SecuritySystem
Determines if the current security context has the possibility of corrupting consistent graphs. Consistent graphs are enforced by the security context to make sure that all READ actions work smoothly. If an administrator or PI is logged into a private group, or otherwise may create an object linked to an object with lower READ rights, then corruption could occur.

Specified by:
isGraphCritical in interface SecuritySystem
See Also:
1769


OmeroJava Api

Version: 4.3.4-dbcbce5a-b4

Copyright © 2009 The University of Dundee. All Rights Reserved.