com.sssw.fw.security.api
Interface EbiSecurityDelegate

All Superinterfaces:

EbiDelegate

public interface EbiSecurityDelegate

extends EbiDelegate

The security delegate is provided as a facade for performing run-time acl-based security or role-based seucurity checking either through the local security manager or through the remote security service EJB

Fields inherited from interface com.sssw.fw.api.EbiDelegate

SERVICE_LOCAL, SERVICE_REMOTE

Method Summary

void	flushRoleCache() Flushes all of the roles from the role cache
void	flushRoleCache(String role) Flushes the specified role from the role cache
Collection	getInaccessibleElements(EbiContext context, String elType, String[] rights) For the user whose context is passed in, enumerates all the inaccessbile securable elements of the given type for which the user does not have specific access rights.
boolean	isRole(EbiContext context, String role) Checks if a role is a valid role defined.
boolean	isUserInRole(EbiContext context, String role) Checks to see if the user is in a given security role.
boolean	isUserInRoles(EbiContext context, String[] role) Checks to see if the user is in a given list of roles Returns true if the user is in any of the roles
boolean	userHasAccessRight(EbiContext context, Principal prin, String right, String elementIID, String elementType) Checks to see if the specified principal has the specified access right for a framework element.
boolean	userHasAccessRight(EbiContext context, String right, String elementIID, String elementType) Checks to see if the authenticated user in the current security context has the specified access right for a framework element.
BitSet	userHasAccessRights(EbiContext context, Principal prin, String[] elementIIDList, String elementType, String[] rights) Checks to see if the specified principal has access rights to the specified elements.
BitSet	userHasAccessRights(EbiContext context, String[] elementIIDList, String elementType, String[] rights) Checks to see if the authenticated user in the current security context has access rights to the specified elements.

Methods implemented from interface com.sssw.fw.api.EbiDelegate

getName

Method Detail

userHasAccessRight

public boolean userHasAccessRight(EbiContext context,
                                  String right,
                                  String elementIID,
                                  String elementType)
                           throws EboUnrecoverableSystemException

Checks to see if the authenticated user in the current security context has the specified access right for a framework element.

Parameters:

context - an EbiContext object.

right - an access right permission.

elementIID - a framework element UUID.

elementType - the element type for the element.

Returns:

true if user has the specified access right to access the resource.

userHasAccessRight

public boolean userHasAccessRight(EbiContext context,
                                  Principal prin,
                                  String right,
                                  String elementIID,
                                  String elementType)
                           throws EboUnrecoverableSystemException

Checks to see if the specified principal has the specified access right for a framework element.

Parameters:

context - an EbiContext object.

prin - a Principal object.

right - an access right permission.

elementIID - a framework element UUID.

elementType - the element type for the element.

Returns:

true if user has the specified access right to access the resource.

userHasAccessRights

public BitSet userHasAccessRights(EbiContext context,
                                  String[] elementIIDList,
                                  String elementType,
                                  String[] rights)
                           throws EboUnrecoverableSystemException

Checks to see if the authenticated user in the current security context has access rights to the specified elements.

Parameters:

context - an Context object.

elementIIDList - a list of element UUIDs.

elementType - a specified element type.

rights - a list of access right permissions to be checked.

Returns:

a bitwise mask where each bit corrresponds to a member in the permIDs array; if the bit is on, the user has the access right, off otherwise.

userHasAccessRights

public BitSet userHasAccessRights(EbiContext context,
                                  Principal prin,
                                  String[] elementIIDList,
                                  String elementType,
                                  String[] rights)
                           throws EboUnrecoverableSystemException

Checks to see if the specified principal has access rights to the specified elements.

Parameters:

context - an Context object.

prin - a Principal object.

elementIIDList - a list of element UUIDs.

elementType - a specified element type.

rights - a list of access right permissions to be checked.

Returns:

a bitwise mask where each bit corrresponds to a member in the permIDs array; if the bit is on, the user has the access right, off otherwise.

isUserInRole

public boolean isUserInRole(EbiContext context,
                            String role)
                     throws EboUnrecoverableSystemException

Checks to see if the user is in a given security role.

Parameters:

context - an EbiContext object containing the user's principal.

role - The name of the role to check against.

isUserInRoles

public boolean isUserInRoles(EbiContext context,
                             String[] role)
                      throws EboUnrecoverableSystemException

Checks to see if the user is in a given list of roles Returns true if the user is in any of the roles

Parameters:

context - an EbiContext object containing the user's principal.

roles - Array of role names

isRole

public boolean isRole(EbiContext context,
                      String role)
               throws EboUnrecoverableSystemException

Checks if a role is a valid role defined.

Parameters:

context - an EbiContext.

role - the name of a role.

Returns:

true if the specified role is valid, false otherwise.

Since:

v5.0

flushRoleCache

public void flushRoleCache()

Flushes all of the roles from the role cache

flushRoleCache

public void flushRoleCache(String role)

Flushes the specified role from the role cache

getInaccessibleElements

public Collection getInaccessibleElements(EbiContext context,
                                          String elType,
                                          String[] rights)
                                   throws EboUnrecoverableSystemException

For the user whose context is passed in, enumerates all the inaccessbile securable elements of the given type for which the user does not have specific access rights. Given the list of all the elements of the specified type, it is easy then to figure out what elements are accessible, as the difference of the two sets of elements.

Example 1:

 String[] rights = { EbiPermission.READ, EbiPermission.WRITE };
 Iterator iter = secMgr.getInaccessibleElements(
    context, EbiSharedPageInfo.EL_PORTAL_SHARED_PAGE, rights).iterator();
 while (iter.hasNext()) {
    String uuid = (String)iter.next();
 }
 

Example 2:

 Collection docs = // ... get a list of documents
 Collection inaccDocs = secMgr.getInaccessibleElements(
     context, EbiDocument.EL_DOCUMENT, rights);
 docs.removeAll(inaccDocs); // get the list of accessible docs
 // (this is similar to calling EbiContentMgmtDelegate.getAllAccessible
 // or findElementsFiltered)
 

Parameters:

context - context

elType - securable element type

rights - a list of access rights to be checked, e.g. EbiPermission.READ, EbiPermission.WRITE, EbiPermission.EXECUTE, etc.; note that if multiple rights are specified, the method will treat the list as a Boolean OR and will attempt to find elements that have either READ or WRITE or EXECUTE etc. for the user

Returns:

a Collection of UUID's of inaccessible securable framework elements of the specified type; the Collection is empty if no such elements are found