|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectome.security.SecuritySystemHolder
public class SecuritySystemHolder
Security dispatcher holding each currently active SecuritySystem
instance and allowing dispatching between them.
BasicSecuritySystem
,
SharingSecuritySystem
Field Summary | |
---|---|
protected BasicSecuritySystem |
basic
|
protected ThreadLocal<SecuritySystem> |
current
|
protected SharingSecuritySystem |
sharing
|
Constructor Summary | |
---|---|
SecuritySystemHolder(BasicSecuritySystem basic,
SharingSecuritySystem sharing)
|
Method Summary | ||
---|---|---|
ome.model.internal.Details |
checkManagedDetails(ome.model.IObject object,
ome.model.internal.Details trustedDetails)
checks that a non-privileged user has not attempted to edit the entity's security details . |
|
SecuritySystem |
choose()
|
|
void |
disable(String... ids)
disables components of the backend for the current Thread. |
|
|
doAction(SecureAction action,
T... objs)
|
|
void |
enable(String... ids)
enables components of the backend for the current Thread. |
|
EventContext |
getEventContext()
Calls SecuritySystem.getEventContext(boolean) with a false as "refresh". |
|
EventContext |
getEventContext(boolean refresh)
If refresh is false, returns the current EventContext stored
in the session. |
|
Roles |
getSecurityRoles()
|
|
boolean |
hasPrivilegedToken(ome.model.IObject obj)
checks that the IObject argument has been granted a Token
by the SecuritySystem . |
|
void |
invalidateEventContext()
Clears the content of the EventContext so that the
SecuritySystem will no longer return true for SecuritySystem.isReady() . |
|
boolean |
isDisabled(String id)
checks if the listed id is disabled for the current Thread. |
|
boolean |
isGraphCritical()
Determines if the current security context has the possibility of corrupting consistent graphs. |
|
boolean |
isReady()
checks if this SecuritySystem instance is in a valid state. |
|
boolean |
isSystemType(Class<? extends ome.model.IObject> klass)
checks if instances of the given type are "System-Types". |
|
void |
loadEventContext(boolean isReadyOnly)
Prepares the current EventContext instance with the current
Principal . |
|
void |
login(Principal principal)
stores this Principal instance in the current thread context for
authenticating and authorizing all actions. |
|
int |
logout()
clears the top Principal instance from the current thread
context. |
|
ome.model.internal.Details |
newTransientDetails(ome.model.IObject object)
creates a new secure details for transient
entities. |
|
void |
runAsAdmin(AdminAction action)
Allows actions to be performed with the EventContext.isCurrentUserAdmin() flag enabled but
without changing the value of
EventContext.getCurrentUserId() , so that ownerships are properly
handled. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected final BasicSecuritySystem basic
protected final SharingSecuritySystem sharing
protected ThreadLocal<SecuritySystem> current
Constructor Detail |
---|
public SecuritySystemHolder(BasicSecuritySystem basic, SharingSecuritySystem sharing)
Method Detail |
---|
public SecuritySystem choose()
public ome.model.internal.Details checkManagedDetails(ome.model.IObject object, ome.model.internal.Details trustedDetails) throws ome.conditions.ApiUsageException, ome.conditions.SecurityViolation
SecuritySystem
security details
. Privileged users can set
fields on Details
as a single-step chmod
and
chgrp
.
managedDetails
may create
a new Details instance and return that if needed. If the returned Details
is not equivalent (==) to the argument Details, then values have been
changed.
checkManagedDetails
in interface SecuritySystem
object
- non-null IObject
instance. Details
for that
instance can be null.trustedDetails
- possibly null Details
instance. These Details
are trusted in the sense that they have already once passed
through the SecuritySystem
.
ome.conditions.ApiUsageException
- if SecuritySystem
is not ready
ome.conditions.SecurityViolation
- if Details
instance contains illegal values.public void invalidateEventContext()
SecuritySystem
EventContext
so that the
SecuritySystem
will no longer return true for SecuritySystem.isReady()
.
The Principal
set during SecuritySystem.login(Principal)
is retained.
invalidateEventContext
in interface SecuritySystem
public void disable(String... ids)
SecuritySystem
SecuritySystem.isDisabled(String)
will return false. It is the
responsibility of various security system components to then throw
exceptions.
disable
in interface SecuritySystem
ids
- Non-null, non-empty array of String ids to disable.public <T extends ome.model.IObject> T doAction(SecureAction action, T... objs)
doAction
in interface SecuritySystem
public void enable(String... ids)
SecuritySystem
SecuritySystem.isDisabled(String)
will return true.
enable
in interface SecuritySystem
ids
- possibly null array of String ids. A null array specifies that
all subsystems are to be enabled. Otherwise, only those
subsystems specified by the ids.public EventContext getEventContext()
SecuritySystem
SecuritySystem.getEventContext(boolean)
with a false as "refresh".
This is the previous, safer logic of the method since consumers
are not expecting a long-method run.
getEventContext
in interface SecuritySystem
public EventContext getEventContext(boolean refresh)
SecuritySystem
EventContext
stored
in the session. Otherwise, reloads the context to have the most
up-to-date information.
getEventContext
in interface SecuritySystem
ticket:4011
public Roles getSecurityRoles()
getSecurityRoles
in interface SecuritySystem
public boolean hasPrivilegedToken(ome.model.IObject obj)
SecuritySystem
IObject
argument has been granted a Token
by the SecuritySystem
.
hasPrivilegedToken
in interface SecuritySystem
public boolean isDisabled(String id)
SecuritySystem
isDisabled
in interface SecuritySystem
id
- non-null String representing a backend subsystem.
SecuritySystem.disable(String[])
public boolean isReady()
SecuritySystem
SecuritySystem
instance is in a valid state. This
includes that a user is properly logged in and that a connection is
available to all necessary resources, e.g. database handle and mapping
session.
Not all methods require that the instance is ready.
isReady
in interface SecuritySystem
public boolean isSystemType(Class<? extends ome.model.IObject> klass)
SecuritySystem
isSystemType
in interface SecuritySystem
klass
- A class which extends from IObject
public void loadEventContext(boolean isReadyOnly)
SecuritySystem
EventContext
instance with the current
Principal
. An exception is thrown if there is none.
loadEventContext
in interface SecuritySystem
public void login(Principal principal)
SecuritySystem
Principal
instance in the current thread context for
authenticating and authorizing all actions. This method does not
make any queries and is only a conduit for login information from the
outer-most levels. Session bean implementations and other in-JVM clients
can fill the Principal
. Note, however, a call must first be made
to SecuritySystem.loadEventContext(boolean)
or
#setEventContext(EventContext)
for some calls to be made to the
SecuritySystem
. In general, this means that execution must pass
through the EventHandler
login
in interface SecuritySystem
public int logout()
SecuritySystem
Principal
instance from the current thread
context.
logout
in interface SecuritySystem
public ome.model.internal.Details newTransientDetails(ome.model.IObject object) throws ome.conditions.ApiUsageException, ome.conditions.SecurityViolation
SecuritySystem
details
for transient
entities. Non-privileged users can only edit the
Permissions
field. Privileged users can
use the Details
object as a single-step chmod
and
chgrp
.
newTransientDetails
always returns
a non-null Details that is not equivalent (==) to the Details argument.
This method can be used from anywhere in the codebase to obtain a valid
Details
, but passing in an IObject
instance with a null
Details
. However, if the Details
is non-null, there is
the possibility that this method will throw an exception.
newTransientDetails
in interface SecuritySystem
ome.conditions.ApiUsageException
- if SecuritySystem
is not ready
ome.conditions.SecurityViolation
- if Details
instance contains illegal values.public void runAsAdmin(AdminAction action)
SecuritySystem
EventContext.isCurrentUserAdmin()
flag enabled but
without changing the value of
EventContext.getCurrentUserId()
, so that ownerships are properly
handled. The merging of detached entity graphs should be disabled for the
extent of the execution.
Note: the IUpdate
save methods should not be used, since
they also accept detached entities, which could pose security risks.
Instead load an entity from the database via IQuery
,
make changes, and save the changes with ome.api.IUpdate#flush()
.
runAsAdmin
in interface SecuritySystem
public boolean isGraphCritical()
SecuritySystem
isGraphCritical
in interface SecuritySystem
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Version: 4.3.4-dbcbce5a-b4
Copyright © 2009 The University of Dundee. All Rights Reserved.