ome.security.basic

Class CurrentDetails

java.lang.Object

ome.security.basic.CurrentDetails

All Implemented Interfaces:

PrincipalHolder

public class CurrentDetails
extends java.lang.Object
implements PrincipalHolder

Stores information related to the security context of the current thread. Code calling into the server must setup CurrentDetails properly. An existing user must be set (the creation of a new user is only allowed if the current user is set to root; root always exists. QED.) The event must also be set. Umask is optional. This information is stored in a Details object, but unlike Details which assumes that an empty value signifies increased security levels, empty values here signify reduced security levels. E.g., Details: user == null ==> object belongs to root CurrentDetails: user == null ==> current user is "nobody" (anonymous)

Constructor Summary

Constructors

Constructor and Description
CurrentDetails() Default constructor.
CurrentDetails(SessionCache cache)
CurrentDetails(SessionCache cache, Roles roles, SystemTypes sysTypes, LightAdminPrivileges adminPrivileges, java.util.Set<java.lang.String> managedRepoUuids, java.util.Set<java.lang.String> scriptRepoUuids)

Method Summary

Modifier and Type	Method and Description
boolean	addAllDisabled(java.lang.String... ids)
void	addCleanup(RegisterServiceCleanupMessage cleanup) Add a RegisterServiceCleanupMessage to the current thread for cleanup by the ServiceHandler on exit.
boolean	addDisabled(java.lang.String id)
void	addLog(java.lang.String action, java.lang.Class klass, java.lang.Long id)
void	applyContext(Details details, boolean changePerms)
protected void	checkDelayedCallContext(BasicEventContext bec)
void	clearDisabled()
void	clearLogs()
Details	createDetails() Creates a Details object for the current security context.
java.util.Set<RegisterServiceCleanupMessage>	emptyCleanups() Returns the current cleanups and resets the Set.
java.util.Set<AdminPrivilege>	getAdminPrivileges()
java.util.Map<java.lang.String,java.lang.String>	getContext()
EventContext	getCurrentEventContext()
Event	getEvent()
ExperimenterGroup	getGroup()
Principal	getLast() Get the last, i.e. currently active, principal.
java.util.List<EventLog>	getLogs()
Experimenter	getOwner()
SessionStats	getStats()
Experimenter	getSudoer()
void	invalidateCurrentEventContext() It suffices to set the Details to a new instance to make this context unusable.
boolean	isCurrentUserGuest()
boolean	isDisabled(java.lang.String id)
boolean	isGraphCritical(Details details)
boolean	isOwnerOrSupervisor(IObject object)
boolean	isReady() Checks if the current Thread has non-null Experimenter, Event, and ExperimenterGroup, required for proper functioning of the security system.
void	loadPermissions(org.hibernate.Session session) Checks the "groupPermissions" map in BasicEventContext which has been filled up by calls to BasicEventContext.setPermissionsForGroup(Long, Permissions) during BasicACLVoter.allowLoad(org.hibernate.Session, Class, Details, long).
void	login(BasicEventContext bec) Login method which can be used by the security system to replace the existing BasicEventContext.
void	login(Principal principal) Add a new principal context to the stack.
int	logout() Pop the last created principal context and return the number of active contexts remaining.
Event	newEvent(Session session, EventType type, TokenHolder tokenHolder)
boolean	removeAllDisabled(java.lang.String... ids)
boolean	removeDisabled(java.lang.String id)
java.util.Map<java.lang.String,java.lang.String>	setContext(java.util.Map<java.lang.String,java.lang.String> ctx)
int	size() Get the number of active principal contexts.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CurrentDetails

public CurrentDetails()

Default constructor. Should only be used for testing, since the stats used will not be correct.

CurrentDetails

public CurrentDetails(SessionCache cache)

CurrentDetails

public CurrentDetails(SessionCache cache,
                      Roles roles,
                      SystemTypes sysTypes,
                      LightAdminPrivileges adminPrivileges,
                      java.util.Set<java.lang.String> managedRepoUuids,
                      java.util.Set<java.lang.String> scriptRepoUuids)

Method Detail

setContext

public java.util.Map<java.lang.String,java.lang.String> setContext(java.util.Map<java.lang.String,java.lang.String> ctx)

getContext

public java.util.Map<java.lang.String,java.lang.String> getContext()

checkDelayedCallContext

protected void checkDelayedCallContext(BasicEventContext bec)

size

public int size()

Description copied from interface: PrincipalHolder

Get the number of active principal contexts.

Specified by:

size in interface PrincipalHolder

Returns:

the number of active principals

getLast

public Principal getLast()

Description copied from interface: PrincipalHolder

Get the last, i.e. currently active, principal.

Specified by:

getLast in interface PrincipalHolder

Returns:

the current principal

login

public void login(Principal principal)

Description copied from interface: PrincipalHolder

Add a new principal context to the stack.

Specified by:

login in interface PrincipalHolder

Parameters:

principal - the principal to add

login

public void login(BasicEventContext bec)

Login method which can be used by the security system to replace the existing BasicEventContext.

Specified by:

login in interface PrincipalHolder

Parameters:

bec - the event context to use

logout

public int logout()

Description copied from interface: PrincipalHolder

Pop the last created principal context and return the number of active contexts remaining.

Specified by:

logout in interface PrincipalHolder

Returns:

the number of active principals after the logout

isReady

public boolean isReady()

Checks if the current Thread has non-null Experimenter, Event, and ExperimenterGroup, required for proper functioning of the security system.

isGraphCritical

public boolean isGraphCritical(Details details)

isOwnerOrSupervisor

public boolean isOwnerOrSupervisor(IObject object)

getCurrentEventContext

public EventContext getCurrentEventContext()

Returns:

the current event context

invalidateCurrentEventContext

public void invalidateCurrentEventContext()

It suffices to set the Details to a new instance to make this context unusable. isReady() will return false.

newEvent

public Event newEvent(Session session,
                      EventType type,
                      TokenHolder tokenHolder)

addLog

public void addLog(java.lang.String action,
                   java.lang.Class klass,
                   java.lang.Long id)

getStats

public SessionStats getStats()

getLogs

public java.util.List<EventLog> getLogs()

clearLogs

public void clearLogs()

createDetails

public Details createDetails()

Creates a Details object for the current security context. The Permissions on the instance are calculated from the current group as well as the user's umask.

Returns:

details for the current security context

See Also:

ticket:1434

applyContext

public void applyContext(Details details,
                         boolean changePerms)

loadPermissions

public void loadPermissions(org.hibernate.Session session)

Checks the "groupPermissions" map in BasicEventContext which has been filled up by calls to BasicEventContext.setPermissionsForGroup(Long, Permissions) during BasicACLVoter.allowLoad(org.hibernate.Session, Class, Details, long).

Parameters:

session - the Hibernate session

getOwner

public Experimenter getOwner()

getSudoer

public Experimenter getSudoer()

getGroup

public ExperimenterGroup getGroup()

getAdminPrivileges

public java.util.Set<AdminPrivilege> getAdminPrivileges()

getEvent

public Event getEvent()

isCurrentUserGuest

public boolean isCurrentUserGuest()

Returns:

if the current user is the system's guest user

addCleanup

public void addCleanup(RegisterServiceCleanupMessage cleanup)

Add a RegisterServiceCleanupMessage to the current thread for cleanup by the ServiceHandler on exit.

emptyCleanups

public java.util.Set<RegisterServiceCleanupMessage> emptyCleanups()

Returns the current cleanups and resets the Set. Instances can most likely only be closed once, so it doesn't make sense to keep them around. The first caller of this method is responsible for closing all of them.

Returns:

a new copy of the current cleanups

addDisabled

public boolean addDisabled(java.lang.String id)

addAllDisabled

public boolean addAllDisabled(java.lang.String... ids)

removeDisabled

public boolean removeDisabled(java.lang.String id)

removeAllDisabled

public boolean removeAllDisabled(java.lang.String... ids)

clearDisabled

public void clearDisabled()

isDisabled

public boolean isDisabled(java.lang.String id)