com.sssw.fw.security.api
Interface EbiSecurityManager

public interface EbiSecurityManager

This provides an interface for the security manager.

Method Summary

boolean	addAccessRightMeta(EbiContext ctx, EbiAccessRightMeta meta) Adds the access right meta for a supported element type.
boolean	addAcl(EbiContext ctx, String elementIID, String elementType, com.sssw.fw.security.api.Acl acl) adds the acl of a framework element.
boolean	addPrincipalsToAcl(EbiContext ctx, String elementIID, String elementType, String right, Principal[] principals) Add/Update Principals for a permission of an element.
boolean	addPrincipalsToAcl(EbiContext ctx, String elementIID, String elementType, String right, String[] prinUUIDs, String prinType) Add/Update Principals for a permission of an element.
boolean	checkRestrictedAccess(EbiContext ctx, String elementIID, String elementType, String right) Checks to see if an element permission have restricted access.
void	flushRoleCache() Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.
void	flushRoleCache(String role) Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.
EbiAccessRightMeta	getAccessRightMeta(EbiContext ctx, String elementType) Gets an access right meta for a supported element type in readonly mode.
Acl	getAcl(EbiContext ctx, String elementIID, String elementType) Gets an acl object for a framework element.
EbiAccessRightMeta	getClonedAccessRightMeta(EbiContext ctx, String elementType) Gets an access right meta for a supported element type for modify
EbiElementTypeMeta	getClonedElementTypeMeta(EbiContext ctx) Gets the EbiElementTypeMeta object for modify.
EbiPermissionMeta	getClonedPermissionMeta(EbiContext ctx) Gets the permission meta for the framework for modify.
EbiElementTypeMeta	getElementTypeMeta(EbiContext ctx) Gets the EbiElementTypeMeta object in readonly mode.
Collection	getInaccessibleElements(EbiContext context, String elType, String[] rights) For the user whose context is passed in, enumerates all the inaccessbile securable elements of the given type for which the user does not have specific access rights.
EbiPermissionMeta	getPermissionMeta(EbiContext ctx) Gets the permission meta for the framework in readonly mode.
Principal[]	getPrincipalsFromAcl(EbiContext ctx, String elementIID, String elementType, String right) Gets a list of Principals who has a specified permission for a specified element.
EbiRoleInfo	getRoleInfo(EbiContext context, String role) Gets the role info object for the given role
EbiRoleInfo[]	getRoleInfoList(EbiContext context) Gets the entire list of role info objects.
String[]	getSupportedElementTypes(EbiContext ctx) Gets an array of element types that support ACLs.
EbiRoleInfo[]	getUserRoleInfoList(EbiContext context) Gets the list of roles the current user belongs to
boolean	isRole(EbiContext context, String role) Checks if a role is a valid role defined.
boolean	isUserInRole(EbiContext context, String role) Checks to see if the user is in a given security role.
boolean	isUserInRoles(EbiContext context, String[] role) Checks to see if the user is in a given list of roles Returns true if the user is in any of the roles
boolean	modifyAccessRightMeta(EbiContext ctx, EbiAccessRightMeta meta) Modifies the access right meta for a supported element type.
boolean	modifyAcl(EbiContext ctx, String elementIID, String elementType, com.sssw.fw.security.api.Acl acl) Modifies the acl of a framework element.
boolean	modifyElementTypeMeta(EbiContext ctx, EbiElementTypeMeta elemTypeMeta) Modifies the EbiElementTypeMeta object.
boolean	modifyPermissionMeta(EbiContext ctx, EbiPermissionMeta meta) Modifies the permission meta for the framework.
boolean	removeAccessRightMeta(EbiContext ctx, String elementType) Removes the access right meta for a supported element type.
boolean	removeAcl(EbiContext ctx, String elementIID, String elementType) Removes the acl for a framework element.
boolean	removeElementAclForPermission(EbiContext ctx, String elementIID, String elementType, String right, boolean isRestricted) Removes acl completely for a specified element permission.
boolean	removePrincipalFromAcls(EbiContext ctx, String prinIID, String prinType) Removes all permissions for a principal
boolean	removePrincipalsFromAcl(EbiContext ctx, String elementIID, String elementType, String right, Principal[] prinlist) Remove Principals for a permission of an object.
boolean	removePrincipalsFromAcl(EbiContext ctx, String elementIID, String elementType, String right, String[] prinUUIDs, String prinType) Remove Principals for a permission of an object.
boolean	setAcl(EbiContext ctx, String elementIID, String elementType, com.sssw.fw.security.api.Acl acl) Sets the acl for a framework element.
boolean	setRestrictedAccess(EbiContext ctx, String elementIID, String elementType, String right) Sets an element permission to have restricted access.
boolean	setUnRestrictedAccess(EbiContext ctx, String elementIID, String elementType, String right) Resets an element permission to not have restricted access.
boolean	userHasAccessRight(EbiContext context, Principal prin, String right, String elementIID, String elementType) Checks to see if the specified principal has the specified access right for a framework element.
boolean	userHasAccessRight(EbiContext ctx, String right, String elementIID, String elementType) Checks to see if the authenticated user in the current security context has the specified access right for a framework element.
BitSet	userHasAccessRights(EbiContext ctx, Principal prin, String[] elementIIDList, String elementType, String[] rights) Checks to see if a specified principal has access rights to the specified elements.
BitSet	userHasAccessRights(EbiContext ctx, String[] elementIIDList, String elementType, String[] rights) Checks to see if the authenticated user in the current security context has access rights to the specified elements.
boolean	validateElementType(EbiContext ctx, String elementType) Validates a given framework element type.

Method Detail

userHasAccessRight

public boolean userHasAccessRight(EbiContext ctx,
                                  String right,
                                  String elementIID,
                                  String elementType)
                           throws EboUnrecoverableSystemException

Checks to see if the authenticated user in the current security context has the specified access right for a framework element.

Parameters:

ctx - an EbiContext object.

right - an access right permission.

elementIID - a framework element UUID.

elementType - the element type for the element.

Returns:

true if user has the specified access right to access the resource.

userHasAccessRight

public boolean userHasAccessRight(EbiContext context,
                                  Principal prin,
                                  String right,
                                  String elementIID,
                                  String elementType)
                           throws EboUnrecoverableSystemException

Checks to see if the specified principal has the specified access right for a framework element.

Parameters:

context - an EbiContext object.

prin - a Principal object.

right - an access right permission.

elementIID - a framework element UUID.

elementType - the element type for the element.

Returns:

true if user has the specified access right to access the resource.

userHasAccessRights

public BitSet userHasAccessRights(EbiContext ctx,
                                  String[] elementIIDList,
                                  String elementType,
                                  String[] rights)
                           throws EboUnrecoverableSystemException

Checks to see if the authenticated user in the current security context has access rights to the specified elements.

Parameters:

ctx - an Context object.

elementIIDList - a list of element UUIDs.

elementType - a specified element type.

rights - a list of access right permissions to be checked.

Returns:

a bitwise mask where each bit corrresponding to an element in the elementIIDList; if the bit is on, the user has the access, off otherwise. Also the bit is off if user does not have access to any of the rights specified.

userHasAccessRights

public BitSet userHasAccessRights(EbiContext ctx,
                                  Principal prin,
                                  String[] elementIIDList,
                                  String elementType,
                                  String[] rights)
                           throws EboUnrecoverableSystemException

Checks to see if a specified principal has access rights to the specified elements.

Parameters:

ctx - an Context object.

prin - a specified principal.

elementIIDList - a list of element UUIDs.

elementType - a specified element type.

rights - a list of access right permissions to be checked.

Returns:

a bitwise mask where each bit corrresponding to an element in the elementIIDList; if the bit is on, the user has the access, off otherwise. Also the bit is off if user does not have access to any of the rights specified.

validateElementType

public boolean validateElementType(EbiContext ctx,
                                   String elementType)
                            throws EboUnrecoverableSystemException

Validates a given framework element type.

Parameters:

ctx - an EbiContext object.

elementType - a framework element type.

Returns:

true if the framework element type is supported, false otherwise.

getSupportedElementTypes

public String[] getSupportedElementTypes(EbiContext ctx)
                                  throws EboUnrecoverableSystemException

Gets an array of element types that support ACLs.

Parameters:

ctx - an EbiContext object.

Returns:

an array of element types.

getElementTypeMeta

public EbiElementTypeMeta getElementTypeMeta(EbiContext ctx)
                                      throws EboUnrecoverableSystemException

Gets the EbiElementTypeMeta object in readonly mode.

Parameters:

ctx - an EbiContext object.

Returns:

an EbiElementTypeMeta object.

getClonedElementTypeMeta

public EbiElementTypeMeta getClonedElementTypeMeta(EbiContext ctx)
                                            throws EboUnrecoverableSystemException

Gets the EbiElementTypeMeta object for modify.

Parameters:

ctx - an EbiContext object.

Returns:

an EbiElementTypeMeta object.

modifyElementTypeMeta

public boolean modifyElementTypeMeta(EbiContext ctx,
                                     EbiElementTypeMeta elemTypeMeta)
                              throws EboUnrecoverableSystemException,
                                     EboSecurityException

Modifies the EbiElementTypeMeta object.

Parameters:

ctx - an EbiContext object.

elemTypeMeta - a modified EbiElementTypeMeta object.

Returns:

true if the element type meta is updated successfully.

getPermissionMeta

public EbiPermissionMeta getPermissionMeta(EbiContext ctx)
                                    throws EboUnrecoverableSystemException

Gets the permission meta for the framework in readonly mode.

Parameters:

ctx - an EbiContext object.

Returns:

an EbiPermissionMeta object that contains the permission meta for the framework.

getClonedPermissionMeta

public EbiPermissionMeta getClonedPermissionMeta(EbiContext ctx)
                                          throws EboUnrecoverableSystemException

Gets the permission meta for the framework for modify.

Parameters:

ctx - an EbiContext object.

Returns:

an EbiPermissionMeta object that contains the permission meta for the framework.

modifyPermissionMeta

public boolean modifyPermissionMeta(EbiContext ctx,
                                    EbiPermissionMeta meta)
                             throws EboUnrecoverableSystemException,
                                    EboSecurityException

Modifies the permission meta for the framework. (add/modify/remove customized permissions)

Parameters:

ctx - an EbiContext object.

meta - an EbiPermissionMeta object.

Returns:

true if the permission description is modified successfully, false otherwise.

getAccessRightMeta

public EbiAccessRightMeta getAccessRightMeta(EbiContext ctx,
                                             String elementType)
                                      throws EboUnrecoverableSystemException

Gets an access right meta for a supported element type in readonly mode.

Parameters:

ctx - an EbiContext object.

element - type a supported element type.

Returns:

an EbiAccessRightMeta object for the supported element type.

getClonedAccessRightMeta

public EbiAccessRightMeta getClonedAccessRightMeta(EbiContext ctx,
                                                   String elementType)
                                            throws EboUnrecoverableSystemException

Gets an access right meta for a supported element type for modify

Parameters:

ctx - an EbiContext object.

element - type a supported element type.

Returns:

an EbiAccessRightMeta object for the supported element type.

addAccessRightMeta

public boolean addAccessRightMeta(EbiContext ctx,
                                  EbiAccessRightMeta meta)
                           throws EboUnrecoverableSystemException,
                                  EboSecurityException

Adds the access right meta for a supported element type.

Parameters:

ctx - an EbiContext object.

meta - an EbiAccessRightMeta object for the element type.

modifyAccessRightMeta

public boolean modifyAccessRightMeta(EbiContext ctx,
                                     EbiAccessRightMeta meta)
                              throws EboUnrecoverableSystemException,
                                     EboSecurityException

Modifies the access right meta for a supported element type.

Parameters:

ctx - an EbiContext object.

meta - an EbiAccessRightMeta object for the element type.

removeAccessRightMeta

public boolean removeAccessRightMeta(EbiContext ctx,
                                     String elementType)
                              throws EboUnrecoverableSystemException,
                                     EboSecurityException

Removes the access right meta for a supported element type.

Parameters:

ctx - an EbiContext object.

elementType - a supported element type.

checkRestrictedAccess

public boolean checkRestrictedAccess(EbiContext ctx,
                                     String elementIID,
                                     String elementType,
                                     String right)
                              throws EboUnrecoverableSystemException

Checks to see if an element permission have restricted access. (i.e. no one except System administrators can access.

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element Type for the specified element.

right - an access right permission.

Returns:

true if the permission is restricted.

setRestrictedAccess

public boolean setRestrictedAccess(EbiContext ctx,
                                   String elementIID,
                                   String elementType,
                                   String right)
                            throws EboUnrecoverableSystemException,
                                   EboSecurityException

Sets an element permission to have restricted access. (i.e. no one except System administrators can access.

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element Type for the specified element.

right - an access right permission.

Returns:

true if the permission access is set successfully.

setUnRestrictedAccess

public boolean setUnRestrictedAccess(EbiContext ctx,
                                     String elementIID,
                                     String elementType,
                                     String right)
                              throws EboUnrecoverableSystemException,
                                     EboSecurityException

Resets an element permission to not have restricted access. (i.e. remove a restricted access set by setRestrictedAccess() method.)

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element Type for the specified element.

right - an access right permission.

Returns:

true if the permission access is reset successfully.

getPrincipalsFromAcl

public Principal[] getPrincipalsFromAcl(EbiContext ctx,
                                        String elementIID,
                                        String elementType,
                                        String right)
                                 throws EboUnrecoverableSystemException

Gets a list of Principals who has a specified permission for a specified element.

Parameters:

ctx - an EbiContext object

elementIID - an element UUID.

elementType - an element Type for the specified element

right - an access right permission. (e.g., EboPermission.READ)

Returns:

a list of Principal objects that are in the acl for this element.

addPrincipalsToAcl

public boolean addPrincipalsToAcl(EbiContext ctx,
                                  String elementIID,
                                  String elementType,
                                  String right,
                                  Principal[] principals)
                           throws EboUnrecoverableSystemException,
                                  EboSecurityException

Add/Update Principals for a permission of an element.

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element type for the specified element.

right - an access right permission. (e.g., EboPermission.READ)

principals - an array of Principal objects to be added.

Returns:

true if the acl for the element is changed successfully.

addPrincipalsToAcl

public boolean addPrincipalsToAcl(EbiContext ctx,
                                  String elementIID,
                                  String elementType,
                                  String right,
                                  String[] prinUUIDs,
                                  String prinType)
                           throws EboUnrecoverableSystemException,
                                  EboSecurityException

Add/Update Principals for a permission of an element.

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element type for the specified element.

right - an access right permission. (e.g., EboPermission.READ)

prinUUIDs - an array of Principal UUIDs to be added. The principal objects provided in the array must have the principal type specified below.

prinType - a principal type for the list of principal UUIDs, see EbiSecurityConstants.PRINCIPAL_TYPE_XXX

Returns:

true if the acl for the element is changed successfully.

removePrincipalsFromAcl

public boolean removePrincipalsFromAcl(EbiContext ctx,
                                       String elementIID,
                                       String elementType,
                                       String right,
                                       Principal[] prinlist)
                                throws EboUnrecoverableSystemException,
                                       EboSecurityException

Remove Principals for a permission of an object.

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element type for the specified element.

right - an access right permission. (e.g., EboPermission.READ)

principals - an array of Principals be to removed.

Returns:

true if the Principals are removed successfully.

removePrincipalsFromAcl

public boolean removePrincipalsFromAcl(EbiContext ctx,
                                       String elementIID,
                                       String elementType,
                                       String right,
                                       String[] prinUUIDs,
                                       String prinType)
                                throws EboUnrecoverableSystemException,
                                       EboSecurityException

Remove Principals for a permission of an object.

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element type for the specified element.

right - an access right permission. (e.g., EboPermission.READ)

prinUUIDs - an array of Principal UUIDs to be removed. The principal object provided in the array must have the principal type specified below.

prinType - a principal type for the list of principal UUIDs, see EbiSecurityConstants.PRINCIPAL_TYPE_XXX

Returns:

true if the Principals are removed successfully.

See Also:

EbiSecurityConstants.SECURITY_USER_PRINCIPAL_TYPE, EbiSecurityConstants.SECURITY_GROUP_PRINCIPAL_TYPE

removePrincipalFromAcls

public boolean removePrincipalFromAcls(EbiContext ctx,
                                       String prinIID,
                                       String prinType)
                                throws EboUnrecoverableSystemException,
                                       EboSecurityException

Removes all permissions for a principal

Parameters:

ctx - an EbiContext object.

prinIID - a principal UUID.

prinType - a principal type, see EbiSecurityConstants.PRINCIPAL_TYPE_XXX

Returns:

true if the permissions are removed successfully.

removeElementAclForPermission

public boolean removeElementAclForPermission(EbiContext ctx,
                                             String elementIID,
                                             String elementType,
                                             String right,
                                             boolean isRestricted)
                                      throws EboUnrecoverableSystemException,
                                             EboSecurityException

Removes acl completely for a specified element permission.

Parameters:

ctx - an EbiContext object

elementIID - an element UUID.

elementType - an element type for the specified element.

right - an access right permission. (e.g., EboPermission.READ)

isRestricted - change the specified element permission to be restricted.

Returns:

true if the principals for a specified element's permission are removed successfully.

getAcl

public Acl getAcl(EbiContext ctx,
                  String elementIID,
                  String elementType)
           throws EboUnrecoverableSystemException

Gets an acl object for a framework element.

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element type for the specified element.

Returns:

an acl object for specified object.

addAcl

public boolean addAcl(EbiContext ctx,
                      String elementIID,
                      String elementType,
                      com.sssw.fw.security.api.Acl acl)
               throws EboUnrecoverableSystemException,
                      EboSecurityException

adds the acl of a framework element.

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element Type for the specified element.

acl - the acl object for the element.

Returns:

true if the acl for the element is added successfully.

modifyAcl

public boolean modifyAcl(EbiContext ctx,
                         String elementIID,
                         String elementType,
                         com.sssw.fw.security.api.Acl acl)
                  throws EboUnrecoverableSystemException,
                         EboSecurityException

Modifies the acl of a framework element.

Parameters:

ctx - an EbiContext object.

elementIID - an element UUID.

elementType - an element type.

acl - the acl object for the element.

Returns:

true if the acl for the element is changed successfully.

setAcl

public boolean setAcl(EbiContext ctx,
                      String elementIID,
                      String elementType,
                      com.sssw.fw.security.api.Acl acl)
               throws EboUnrecoverableSystemException,
                      EboSecurityException

Sets the acl for a framework element.

Parameters:

ctx - an EbiContext object.

elementIID - an element IID.

elementType - an element type.

acl - the acl object for the element.

Returns:

true if the acl for the element is added successfully, false otherwise.

removeAcl

public boolean removeAcl(EbiContext ctx,
                         String elementIID,
                         String elementType)
                  throws EboUnrecoverableSystemException,
                         EboSecurityException

Removes the acl for a framework element.

Parameters:

ctx - an EbiContext object.

elementIID - an element IID.

elementType - an element type.

Returns:

true if the acl for the element is removed successfully.

isUserInRole

public boolean isUserInRole(EbiContext context,
                            String role)
                     throws EboUnrecoverableSystemException

Checks to see if the user is in a given security role.

Parameters:

context - an EbiContext object containing the user's principal.

role - The name of the role to check against.

isUserInRoles

public boolean isUserInRoles(EbiContext context,
                             String[] role)
                      throws EboUnrecoverableSystemException

Checks to see if the user is in a given list of roles Returns true if the user is in any of the roles

Parameters:

context - an EbiContext object containing the user's principal.

roles - Array of role names

getRoleInfo

public EbiRoleInfo getRoleInfo(EbiContext context,
                               String role)
                        throws EboUnrecoverableSystemException

Gets the role info object for the given role

Parameters:

context - an EbiContext object containing the user's principal.

role - The name of a role.

getRoleInfoList

public EbiRoleInfo[] getRoleInfoList(EbiContext context)
                              throws EboUnrecoverableSystemException

Gets the entire list of role info objects.

Parameters:

context - an EbiContext

getUserRoleInfoList

public EbiRoleInfo[] getUserRoleInfoList(EbiContext context)
                                  throws EboUnrecoverableSystemException

Gets the list of roles the current user belongs to

Parameters:

context - an EbiContext

isRole

public boolean isRole(EbiContext context,
                      String role)
               throws EboUnrecoverableSystemException

Checks if a role is a valid role defined.

Parameters:

context - an EbiContext.

role - the name of a role.

Returns:

true if the specified role is valid, false otherwise.

Since:

v5.0

flushRoleCache

public void flushRoleCache()

Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.

Flushes all of the roles from the role cache.

flushRoleCache

public void flushRoleCache(String role)

Deprecated. Calling this method will have no effect. The role cache is now automatically flushed when the underlying data store changes. This will be removed in the next version.

Flushes the specified role from the role cache

getInaccessibleElements

public Collection getInaccessibleElements(EbiContext context,
                                          String elType,
                                          String[] rights)
                                   throws EboUnrecoverableSystemException

For the user whose context is passed in, enumerates all the inaccessbile securable elements of the given type for which the user does not have specific access rights. Given the list of all the elements of the specified type, it is easy then to figure out what elements are accessible, as the difference of the two sets of elements.

Example 1:

 String[] rights = { EbiPermission.READ, EbiPermission.WRITE };
 Iterator iter = secMgr.getInaccessibleElements(
    context, EbiSharedPageInfo.EL_PORTAL_SHARED_PAGE, rights).iterator();
 while (iter.hasNext()) {
    String uuid = (String)iter.next();
 }
 

Example 2:

 Collection docs = // ... get a list of documents
 Collection inaccDocs = secMgr.getInaccessibleElements(
     context, EbiDocument.EL_DOCUMENT, rights);
 docs.removeAll(inaccDocs); // get the list of accessible docs
 // (this is similar to calling EbiContentMgmtDelegate.getAllAccessible
 // or findElementsFiltered)
 

Parameters:

context - context

elType - securable element type

rights - a list of access rights to be checked, e.g. EbiPermission.READ, EbiPermission.WRITE, EbiPermission.EXECUTE, etc.; note that if multiple rights are specified, the method will treat the list as a Boolean OR and will attempt to find elements that have either READ or WRITE or EXECUTE etc. for the user

Returns:

a Collection of UUID's of inaccessible securable framework elements of the specified type; the Collection is empty if no such elements are found