org.apache.slide.security
Interface Security

All Known Implementing Classes:
SecurityImpl, SecurityImplAllGrant

public interface Security

Security helper.

Version:
$Revision: 1.29 $

Method Summary
 void checkCredentials(SlideToken token, ObjectNode object, ActionNode action)
          Check if the credentials given grants permission to perform the specified action on the specified subject.
 void checkPermission(ObjectNode object, SubjectNode subject, ActionNode action)
          Deprecated. use signature with SlideToken instead
 void checkPermission(SlideToken token, ObjectNode object, ActionNode action)
          Check whether or not an actor (principal) can perform the specified activity on the specified resource.
 void denyPermission(SlideToken token, NodePermission permission)
          Deny a new permission.
 void denyPermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action)
          Deny a new permission.
 void denyPermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action, boolean inheritable)
          Deny a new permission.
 java.util.Enumeration enumeratePermissions(SlideToken token, ObjectNode object)
          Enumerates permissions on an object.
 java.util.Enumeration enumeratePermissions(SlideToken token, ObjectNode object, boolean includeInherited)
          Enumerates permissions on an object.
 java.util.Enumeration enumeratePermissions(SlideToken token, java.lang.String object)
          Enumerates permissions on an object.
 java.util.Enumeration enumeratePermissions(SlideToken token, java.lang.String object, boolean includeInherited)
          Enumerates permissions on an object.
 ObjectNode getPrincipal(SlideToken token)
          Get the principal associated with the credentials token.
 java.util.Enumeration getRoles(ObjectNode object)
          Return the list of roles the specified node has.
 java.util.Enumeration getRoles(SlideToken token)
          Return the list of roles the specified token has.
 java.util.Enumeration getRoles(SlideToken token, SubjectNode subjectNode)
           
 void grantPermission(SlideToken token, NodePermission permission)
          Grants a new permission.
 void grantPermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action)
          Grants a new permission.
 void grantPermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action, boolean inheritable)
          Grants a new permission.
 boolean hasPermission(ObjectNode object, SubjectNode subject, ActionNode action)
          Deprecated. use signature with SlideToken instead
 boolean hasPermission(SlideToken token, ObjectNode object, ActionNode action)
          Check whether or not an actor (principal) can perform the specified activity on the specified resource.
 boolean hasRole(ObjectNode object, java.lang.String role)
          Deprecated. use signature with SlideToken instead
 boolean hasRole(SlideToken token, java.lang.String role)
          Check whether or not the current user has the specified role.
 void init(Namespace namespace, NamespaceConfig namespaceConfig)
          initialises the security if it has been loaded via reflection
 boolean matchAction(SlideToken slideToken, ActionNode checkAction, ActionNode permAction)
          Return true, if-and-only-if checkAction matches permAction.
 boolean matchPrincipal(SlideToken token, SubjectNode checkSubject, SubjectNode permSubject)
          Return true, if-and-only-if checkSubject matches permSubject.
 void revokePermission(SlideToken token, NodePermission permission)
          Revokes a permission.
 void revokePermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action)
          Revokes a permission.
 void setPermissions(SlideToken token, java.lang.String object, java.util.Enumeration permissions)
          Set a new set of permissions on an object.
 

Method Detail

init

public void init(Namespace namespace,
                 NamespaceConfig namespaceConfig)
initialises the security if it has been loaded via reflection

Parameters:
namespace - Namespace
namespaceConfig - Namespace configuration

enumeratePermissions

public java.util.Enumeration enumeratePermissions(SlideToken token,
                                                  ObjectNode object)
                                           throws ServiceAccessException,
                                                  ObjectNotFoundException,
                                                  AccessDeniedException
Enumerates permissions on an object.

Parameters:
token - Credentials token
object - Object on which permission is granted
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

enumeratePermissions

public java.util.Enumeration enumeratePermissions(SlideToken token,
                                                  ObjectNode object,
                                                  boolean includeInherited)
                                           throws ServiceAccessException,
                                                  ObjectNotFoundException,
                                                  AccessDeniedException
Enumerates permissions on an object.

Parameters:
token - a SlideToken
object - an ObjectNode
includeInherited - if true, includes inherited permissions
Returns:
an Enumeration
Throws:
ServiceAccessException
ObjectNotFoundException
AccessDeniedException

enumeratePermissions

public java.util.Enumeration enumeratePermissions(SlideToken token,
                                                  java.lang.String object)
                                           throws ServiceAccessException,
                                                  ObjectNotFoundException,
                                                  AccessDeniedException
Enumerates permissions on an object.

Parameters:
token - Credentials token
object - Object on which permission is granted
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

enumeratePermissions

public java.util.Enumeration enumeratePermissions(SlideToken token,
                                                  java.lang.String object,
                                                  boolean includeInherited)
                                           throws ServiceAccessException,
                                                  ObjectNotFoundException,
                                                  AccessDeniedException
Enumerates permissions on an object.

Parameters:
token - a SlideToken
object - a String
includeInherited - if true, includes inherited permissions
Returns:
an Enumeration
Throws:
ServiceAccessException
ObjectNotFoundException
AccessDeniedException

setPermissions

public void setPermissions(SlideToken token,
                           java.lang.String object,
                           java.util.Enumeration permissions)
                    throws ServiceAccessException,
                           ObjectNotFoundException,
                           AccessDeniedException
Set a new set of permissions on an object.

Parameters:
token - Credentials token
object - Object on which permission is granted
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

grantPermission

public void grantPermission(SlideToken token,
                            ObjectNode object,
                            SubjectNode subject,
                            ActionNode action)
                     throws ServiceAccessException,
                            ObjectNotFoundException,
                            AccessDeniedException,
                            VetoException
Grants a new permission.

Parameters:
token - Credentials token
object - Object on which permission is granted
subject - The actor, which can perform a action
action - Activity which the actor can perform
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

grantPermission

public void grantPermission(SlideToken token,
                            NodePermission permission)
                     throws ServiceAccessException,
                            ObjectNotFoundException,
                            AccessDeniedException,
                            VetoException
Grants a new permission.

Parameters:
token - Credentials token
permission - New permission
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

grantPermission

public void grantPermission(SlideToken token,
                            ObjectNode object,
                            SubjectNode subject,
                            ActionNode action,
                            boolean inheritable)
                     throws ServiceAccessException,
                            ObjectNotFoundException,
                            AccessDeniedException,
                            VetoException
Grants a new permission.

Parameters:
token - Credentials token
object - Object on which permission is granted
subject - Subject who can perform the action
action - Action which can be performed
inheritable - Create an inheritable permission
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

denyPermission

public void denyPermission(SlideToken token,
                           ObjectNode object,
                           SubjectNode subject,
                           ActionNode action)
                    throws ServiceAccessException,
                           ObjectNotFoundException,
                           AccessDeniedException,
                           VetoException
Deny a new permission.

Parameters:
token - Credentials token
object - Object on which permission is granted
subject - Thee actor which can perform the specified action
action - Activity which the actor can can not perform
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

denyPermission

public void denyPermission(SlideToken token,
                           NodePermission permission)
                    throws ServiceAccessException,
                           ObjectNotFoundException,
                           AccessDeniedException,
                           VetoException
Deny a new permission.

Parameters:
token - Credentials token
permission - New permission
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

denyPermission

public void denyPermission(SlideToken token,
                           ObjectNode object,
                           SubjectNode subject,
                           ActionNode action,
                           boolean inheritable)
                    throws ServiceAccessException,
                           ObjectNotFoundException,
                           AccessDeniedException,
                           VetoException
Deny a new permission.

Parameters:
token - Credentials token
object - Object on which permission is granted
subject - Subject who can perform the action
action - Action which can be performed
inheritable - Create an inheritable permission
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

revokePermission

public void revokePermission(SlideToken token,
                             ObjectNode object,
                             SubjectNode subject,
                             ActionNode action)
                      throws ServiceAccessException,
                             ObjectNotFoundException,
                             AccessDeniedException,
                             VetoException
Revokes a permission.

Parameters:
token - Credentials token
object - Object on which permission is revoked
subject - Subject who can perform the action
action - Action which can be performed
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

revokePermission

public void revokePermission(SlideToken token,
                             NodePermission permission)
                      throws ServiceAccessException,
                             ObjectNotFoundException,
                             AccessDeniedException,
                             VetoException
Revokes a permission.

Parameters:
token - Credentials token
permission - Permission to be removed
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

checkCredentials

public void checkCredentials(SlideToken token,
                             ObjectNode object,
                             ActionNode action)
                      throws ServiceAccessException,
                             AccessDeniedException
Check if the credentials given grants permission to perform the specified action on the specified subject.

Parameters:
token - Credentials token
object - Object on which the action is performed
action - Action performed
Throws:
ServiceAccessException - DataSource access error
AccessDeniedException - The credentials does not grant the permission to perform the specified action

checkPermission

public void checkPermission(ObjectNode object,
                            SubjectNode subject,
                            ActionNode action)
                     throws ServiceAccessException,
                            AccessDeniedException,
                            ObjectNotFoundException
Deprecated. use signature with SlideToken instead

Check whether or not an actor can perform the specified activity on a collection.

Parameters:
object - Object on which access is tested
subject - Subject who seeks to perform the action
action - Action which is to be performed
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

checkPermission

public void checkPermission(SlideToken token,
                            ObjectNode object,
                            ActionNode action)
                     throws ServiceAccessException,
                            AccessDeniedException,
                            ObjectNotFoundException
Check whether or not an actor (principal) can perform the specified activity on the specified resource.

Parameters:
token - a SlideToken
object - Object on which access is tested
action - Action which is to be performed
Throws:
ServiceAccessException
AccessDeniedException
ObjectNotFoundException

hasPermission

public boolean hasPermission(ObjectNode object,
                             SubjectNode subject,
                             ActionNode action)
                      throws ServiceAccessException,
                             ObjectNotFoundException
Deprecated. use signature with SlideToken instead

Check whether or not an actor can perform the specified activity on a collection.

Parameters:
object - Object on which access is tested
subject - Subject who seeks to perform the action
action - Action which is to be performed
Returns:
true if the action can be performed
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource

hasPermission

public boolean hasPermission(SlideToken token,
                             ObjectNode object,
                             ActionNode action)
                      throws ServiceAccessException,
                             ObjectNotFoundException
Check whether or not an actor (principal) can perform the specified activity on the specified resource.

Parameters:
token - a SlideToken
object - Object on which access is tested
action - Action which is to be performed
Returns:
true if the action can be performed
Throws:
ServiceAccessException
ObjectNotFoundException

hasRole

public boolean hasRole(SlideToken token,
                       java.lang.String role)
                throws ServiceAccessException,
                       ObjectNotFoundException
Check whether or not the current user has the specified role.

Parameters:
token - Credentials token
role - Role
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource

hasRole

public boolean hasRole(ObjectNode object,
                       java.lang.String role)
                throws ServiceAccessException,
                       ObjectNotFoundException
Deprecated. use signature with SlideToken instead

Check whether or not the current user has the specified role.

Parameters:
object - Object node
role - Role
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource

getRoles

public java.util.Enumeration getRoles(ObjectNode object)
Return the list of roles the specified node has.

Parameters:
object - Object node

getRoles

public java.util.Enumeration getRoles(SlideToken token)
                               throws ServiceAccessException,
                                      ObjectNotFoundException
Return the list of roles the specified token has.

Parameters:
token - Credentials token
Throws:
ServiceAccessException
ObjectNotFoundException

getRoles

public java.util.Enumeration getRoles(SlideToken token,
                                      SubjectNode subjectNode)
                               throws ServiceAccessException,
                                      ObjectNotFoundException
Throws:
ServiceAccessException
ObjectNotFoundException

getPrincipal

public ObjectNode getPrincipal(SlideToken token)
                        throws ServiceAccessException,
                               ObjectNotFoundException
Get the principal associated with the credentials token.

Parameters:
token - Creadentials token
Throws:
ServiceAccessException
ObjectNotFoundException

matchAction

public boolean matchAction(SlideToken slideToken,
                           ActionNode checkAction,
                           ActionNode permAction)
                    throws ServiceAccessException
Return true, if-and-only-if checkAction matches permAction.

Parameters:
slideToken - a SlideToken
checkAction - an ActionNode
permAction - an ActionNode
Returns:
a boolean
Throws:
ServiceAccessException

matchPrincipal

public boolean matchPrincipal(SlideToken token,
                              SubjectNode checkSubject,
                              SubjectNode permSubject)
                       throws ServiceAccessException
Return true, if-and-only-if checkSubject matches permSubject.

Parameters:
token - a SlideToken
checkSubject - the "current" principal
permSubject - the principal to check against (e.g. user or group from NodePermission or NodeLock)
Returns:
a boolean
Throws:
ServiceAccessException