Novell exteNd Director 5.2 API: Interface EbiSecurityDelegate

Overview

Package

Class

Tree

Deprecated

Index

Help

Novell exteNd
Director 5.2 API

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sssw.fw.security.api
Interface EbiSecurityDelegate

All Superinterfaces:: EbiDelegate

public interface EbiSecurityDelegate
extends EbiDelegate

The security delegate is provided as a facade for performing run-time acl-based security or role-based seucurity checking either through the local security manager or through the remote security service EJB

Fields inherited from interface com.sssw.fw.api.EbiDelegate

SERVICE_LOCAL, SERVICE_REMOTE

Method Summary

void flushRoleCache()
          Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.

void flushRoleCache(String role)
          Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.

Collection getInaccessibleElements(EbiContext context, String elType, String[] rights)
          For the user whose context is passed in, enumerates all the inaccessbile securable elements of the given type for which the user does not have specific access rights.

boolean isRole(EbiContext context, String role)
          Checks if a role is a valid role defined.

boolean isUserInRole(EbiContext context, String role)
          Checks to see if the user is in a given security role.

boolean isUserInRoles(EbiContext context, String[] role)
          Checks to see if the user is in a given list of roles Returns true if the user is in any of the roles

boolean userHasAccessRight(EbiContext context, Principal prin, String right, String elementIID, String elementType)
          Checks to see if the specified principal has the specified access right for a framework element.

boolean userHasAccessRight(EbiContext context, String right, String elementIID, String elementType)
          Checks to see if the authenticated user in the current security context has the specified access right for a framework element.

BitSet userHasAccessRights(EbiContext context, Principal prin, String[] elementIIDList, String elementType, String[] rights)
          Checks to see if the specified principal has access rights to the specified elements.

BitSet userHasAccessRights(EbiContext context, String[] elementIIDList, String elementType, String[] rights)
          Checks to see if the authenticated user in the current security context has access rights to the specified elements.

Methods implemented from interface com.sssw.fw.api.EbiDelegate

getName

Method Detail

userHasAccessRight

public boolean userHasAccessRight(EbiContext context,
                                  String right,
                                  String elementIID,
                                  String elementType)
                           throws EboUnrecoverableSystemException

Checks to see if the authenticated user in the current security context has the specified access right for a framework element.

Parameters:: context - an EbiContext object.; right - an access right permission.; elementIID - a framework element UUID.; elementType - the element type for the element.
Returns:: true if user has the specified access right to access the resource.

userHasAccessRight

public boolean userHasAccessRight(EbiContext context,
                                  Principal prin,
                                  String right,
                                  String elementIID,
                                  String elementType)
                           throws EboUnrecoverableSystemException

Checks to see if the specified principal has the specified access right for a framework element.

Parameters:: context - an EbiContext object.; prin - a Principal object.; right - an access right permission.; elementIID - a framework element UUID.; elementType - the element type for the element.
Returns:: true if user has the specified access right to access the resource.

userHasAccessRights

public BitSet userHasAccessRights(EbiContext context,
                                  String[] elementIIDList,
                                  String elementType,
                                  String[] rights)
                           throws EboUnrecoverableSystemException

Checks to see if the authenticated user in the current security context has access rights to the specified elements.

Parameters:: context - an Context object.; elementIIDList - a list of element UUIDs.; elementType - a specified element type.; rights - a list of access right permissions to be checked.
Returns:: a bitwise mask where each bit corrresponds to a member in the permIDs array; if the bit is on, the user has the access right, off otherwise.

userHasAccessRights

public BitSet userHasAccessRights(EbiContext context,
                                  Principal prin,
                                  String[] elementIIDList,
                                  String elementType,
                                  String[] rights)
                           throws EboUnrecoverableSystemException

Checks to see if the specified principal has access rights to the specified elements.

Parameters:: context - an Context object.; prin - a Principal object.; elementIIDList - a list of element UUIDs.; elementType - a specified element type.; rights - a list of access right permissions to be checked.
Returns:: a bitwise mask where each bit corrresponds to a member in the permIDs array; if the bit is on, the user has the access right, off otherwise.

isUserInRole

public boolean isUserInRole(EbiContext context,
                            String role)
                     throws EboUnrecoverableSystemException

Checks to see if the user is in a given security role.

Parameters:: context - an EbiContext object containing the user's principal.; role - The name of the role to check against.

isUserInRoles

public boolean isUserInRoles(EbiContext context,
                             String[] role)
                      throws EboUnrecoverableSystemException

Checks to see if the user is in a given list of roles Returns true if the user is in any of the roles

Parameters:: context - an EbiContext object containing the user's principal.; roles - Array of role names

isRole

public boolean isRole(EbiContext context,
                      String role)
               throws EboUnrecoverableSystemException

Checks if a role is a valid role defined.

Parameters:: context - an EbiContext.; role - the name of a role.
Returns:: true if the specified role is valid, false otherwise.
Since:: v5.0

flushRoleCache

public void flushRoleCache()

Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.

Flushes all of the roles from the role cache

flushRoleCache

public void flushRoleCache(String role)

Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.

Flushes the specified role from the role cache

getInaccessibleElements

public Collection getInaccessibleElements(EbiContext context,
                                          String elType,
                                          String[] rights)
                                   throws EboUnrecoverableSystemException

For the user whose context is passed in, enumerates all the inaccessbile securable elements of the given type for which the user does not have specific access rights. Given the list of all the elements of the specified type, it is easy then to figure out what elements are accessible, as the difference of the two sets of elements.

Example 1:

 String[] rights = { EbiPermission.READ, EbiPermission.WRITE };
 Iterator iter = secMgr.getInaccessibleElements(
    context, EbiSharedPageInfo.EL_PORTAL_SHARED_PAGE, rights).iterator();
 while (iter.hasNext()) {
    String uuid = (String)iter.next();
 }

Example 2:

 Collection docs = // ... get a list of documents
 Collection inaccDocs = secMgr.getInaccessibleElements(
     context, EbiDocument.EL_DOCUMENT, rights);
 docs.removeAll(inaccDocs); // get the list of accessible docs
 // (this is similar to calling EbiContentMgmtDelegate.getAllAccessible
 // or findElementsFiltered)

Parameters:: context - context; elType - securable element type; rights - a list of access rights to be checked, e.g. EbiPermission.READ, EbiPermission.WRITE, EbiPermission.EXECUTE, etc.; note that if multiple rights are specified, the method will treat the list as a Boolean OR and will attempt to find elements that have either READ or WRITE or EXECUTE etc. for the user
Returns:: a Collection of UUID's of inaccessible securable framework elements of the specified type; the Collection is empty if no such elements are found

Overview

Package

Class

Tree

Deprecated

Index

Help

Novell exteNd
Director 5.2 API

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Method Summary
`void`	`flushRoleCache()` Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.
`void`	`flushRoleCache(String role)` Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.
`Collection`	`getInaccessibleElements(EbiContext context, String elType, String[] rights)` For the user whose context is passed in, enumerates all the inaccessbile securable elements of the given type for which the user does not have specific access rights.
`boolean`	`isRole(EbiContext context, String role)` Checks if a role is a valid role defined.
`boolean`	`isUserInRole(EbiContext context, String role)` Checks to see if the user is in a given security role.
`boolean`	`isUserInRoles(EbiContext context, String[] role)` Checks to see if the user is in a given list of roles Returns true if the user is in any of the roles
`boolean`	`userHasAccessRight(EbiContext context, Principal prin, String right, String elementIID, String elementType)` Checks to see if the specified principal has the specified access right for a framework element.
`boolean`	`userHasAccessRight(EbiContext context, String right, String elementIID, String elementType)` Checks to see if the authenticated user in the current security context has the specified access right for a framework element.
`BitSet`	`userHasAccessRights(EbiContext context, Principal prin, String[] elementIIDList, String elementType, String[] rights)` Checks to see if the specified principal has access rights to the specified elements.
`BitSet`	`userHasAccessRights(EbiContext context, String[] elementIIDList, String elementType, String[] rights)` Checks to see if the authenticated user in the current security context has access rights to the specified elements.

com.sssw.fw.security.api Interface EbiSecurityDelegate

userHasAccessRight

userHasAccessRight

userHasAccessRights

userHasAccessRights

isUserInRole

isUserInRoles

isRole

flushRoleCache

flushRoleCache

getInaccessibleElements

com.sssw.fw.security.api
Interface EbiSecurityDelegate