org.apache.slide.security
Class SecurityImpl

java.lang.Object
  extended byorg.apache.slide.security.SecurityImpl
All Implemented Interfaces:
Security
Direct Known Subclasses:
ACLSecurityImpl, SecurityImplAllGrant

public class SecurityImpl
extends java.lang.Object
implements Security

Security helper.

Version:
$Revision: 1.62 $

Field Summary
protected  int aclInheritanceType
           
protected static PropertyName GROUP_MEMBER_SET
           
protected  Logger logger
           
protected  Namespace namespace
          Namespace.
protected  NamespaceConfig namespaceConfig
          Namespace configuration.
protected  java.util.Hashtable rolesCache
          Roles cache.
 
Constructor Summary
SecurityImpl()
          Constructor.
SecurityImpl(Namespace namespace, NamespaceConfig namespaceConfig)
          Constructor.
 
Method Summary
 void checkCredentials(SlideToken token, ObjectNode object, ActionNode action)
          Check if the credentials given grants permission to perform the specified action on the specified subject.
 void checkPermission(ObjectNode object, SubjectNode subject, ActionNode action)
          Check whether or not an actor can perform the specified activity on a collection.
 void checkPermission(SlideToken token, ObjectNode object, ActionNode action)
          Check whether or not an actor (principal) can perform the specified activity on the specified resource.
 void denyPermission(SlideToken token, NodePermission permission)
          Deny a new permission.
 void denyPermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action)
          Deny a new permission.
 void denyPermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action, boolean inheritable)
          Deny a new permission.
 java.util.Enumeration enumeratePermissions(SlideToken token, ObjectNode object)
          Enumerates permissions on an object.
 java.util.Enumeration enumeratePermissions(SlideToken token, ObjectNode object, boolean includeInherited)
          Enumerates permissions on an object.
 java.util.Enumeration enumeratePermissions(SlideToken token, java.lang.String object)
          Enumerates permissions on an object.
 java.util.Enumeration enumeratePermissions(SlideToken token, java.lang.String object, boolean includeInherited)
          Enumerates permissions on an object.
 java.util.Map getActionAggregation(SlideToken token)
          Method getActionAggregation
 ObjectNode getPrincipal(SlideToken token)
          Get the SubjectNode associated with the credentials token.
 java.util.Enumeration getRoles(ObjectNode object)
          Return the list of roles the specified node has.
 java.util.Enumeration getRoles(SlideToken token)
          Return the list of roles the specified token has.
 java.util.Enumeration getRoles(SlideToken token, SubjectNode subjectNode)
           
 void grantPermission(SlideToken token, NodePermission permission)
          Grants a new permission.
 void grantPermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action)
          Grants a new permission.
 void grantPermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action, boolean inheritable)
          Grants a new permission.
 boolean hasPermission(ObjectNode object, SubjectNode subject, ActionNode action)
          Check whether or not an actor can perform the specified activity on a collection.
 boolean hasPermission(SlideToken token, ObjectNode object, ActionNode action)
          Check whether or not an actor (principal) can perform the specified activity on the specified resource.
 boolean hasRole(ObjectNode object, java.lang.String role)
          Check whether or not the current user has the specified role.
 boolean hasRole(SlideToken token, java.lang.String role)
          Check whether or not the current user has the specified role.
 void init(Namespace namespace, NamespaceConfig namespaceConfig)
          initialises the security if it has been loaded via reflection
 boolean matchAction(SlideToken token, ActionNode checkAction, ActionNode permAction)
          Return true, if-and-only-if checkAction matches permAction.
 boolean matchPrincipal(SlideToken token, SubjectNode checkSubject, SubjectNode matchSubject)
          Return true, if-and-only-if checkSubject matches permSubject.
 boolean matchPrincipal(SlideToken token, SubjectNode checkSubject, SubjectNode matchSubject, int level)
          Return true, if-and-only-if checkSubject matches permSubject.
 java.util.List retrieveAclSourceNodes(SlideToken token, ObjectNode object)
          Retrieve the list of object nodes from which to get the ACLs.
 void revokePermission(SlideToken token, NodePermission permission)
          Revokes a permission.
 void revokePermission(SlideToken token, ObjectNode object, SubjectNode subject, ActionNode action)
          Revokes a permission.
 void setPermissions(SlideToken token, java.lang.String object, java.util.Enumeration permissions)
          Set a new set of permissions on an object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GROUP_MEMBER_SET

protected static final PropertyName GROUP_MEMBER_SET

logger

protected Logger logger

namespace

protected Namespace namespace
Namespace.


namespaceConfig

protected NamespaceConfig namespaceConfig
Namespace configuration.


rolesCache

protected java.util.Hashtable rolesCache
Roles cache. Role name -> Role interface.


aclInheritanceType

protected int aclInheritanceType
Constructor Detail

SecurityImpl

public SecurityImpl()
Constructor.


SecurityImpl

public SecurityImpl(Namespace namespace,
                    NamespaceConfig namespaceConfig)
Constructor.

Parameters:
namespace - Namespace
namespaceConfig - Namespace configuration
Method Detail

init

public void init(Namespace namespace,
                 NamespaceConfig namespaceConfig)
Description copied from interface: Security
initialises the security if it has been loaded via reflection

Specified by:
init in interface Security
Parameters:
namespace - Namespace
namespaceConfig - Namespace configuration

setPermissions

public void setPermissions(SlideToken token,
                           java.lang.String object,
                           java.util.Enumeration permissions)
                    throws ServiceAccessException,
                           ObjectNotFoundException,
                           AccessDeniedException
Set a new set of permissions on an object.

Specified by:
setPermissions in interface Security
Parameters:
token - Credentials token
object - Object on which permission is granted
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

grantPermission

public void grantPermission(SlideToken token,
                            ObjectNode object,
                            SubjectNode subject,
                            ActionNode action)
                     throws ServiceAccessException,
                            ObjectNotFoundException,
                            AccessDeniedException,
                            VetoException
Grants a new permission.

Specified by:
grantPermission in interface Security
Parameters:
token - Credentials token
object - Object on which permission is granted
subject - The subject to whom the permission is granted.
action - The action which the subject can perform
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

grantPermission

public void grantPermission(SlideToken token,
                            ObjectNode object,
                            SubjectNode subject,
                            ActionNode action,
                            boolean inheritable)
                     throws ServiceAccessException,
                            ObjectNotFoundException,
                            AccessDeniedException,
                            VetoException
Grants a new permission.

Specified by:
grantPermission in interface Security
Parameters:
token - Credentials token
object - Object on which permission is granted
subject - Subject who can perform the action
action - Action which can be performed
inheritable - Create an inheritable permission
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

grantPermission

public void grantPermission(SlideToken token,
                            NodePermission permission)
                     throws ServiceAccessException,
                            ObjectNotFoundException,
                            AccessDeniedException,
                            VetoException
Grants a new permission.

Specified by:
grantPermission in interface Security
Parameters:
token - Credentials token
permission - New permission
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

denyPermission

public void denyPermission(SlideToken token,
                           ObjectNode object,
                           SubjectNode subject,
                           ActionNode action)
                    throws ServiceAccessException,
                           ObjectNotFoundException,
                           AccessDeniedException,
                           VetoException
Deny a new permission.

Specified by:
denyPermission in interface Security
Parameters:
token - Credentials token
object - Object on which permission is denied
subject - The subject to whom a action is denied
action - The action which is denied
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

denyPermission

public void denyPermission(SlideToken token,
                           ObjectNode object,
                           SubjectNode subject,
                           ActionNode action,
                           boolean inheritable)
                    throws ServiceAccessException,
                           ObjectNotFoundException,
                           AccessDeniedException,
                           VetoException
Deny a new permission.

Specified by:
denyPermission in interface Security
Parameters:
token - Credentials token
object - Object on which permission is granted
subject - Subject who can perform the action
action - Action which can be performed
inheritable - Create an inheritable permission
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

denyPermission

public void denyPermission(SlideToken token,
                           NodePermission permission)
                    throws ServiceAccessException,
                           ObjectNotFoundException,
                           AccessDeniedException,
                           VetoException
Deny a new permission.

Specified by:
denyPermission in interface Security
Parameters:
token - Credentials token
permission - New permission
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

revokePermission

public void revokePermission(SlideToken token,
                             ObjectNode object,
                             SubjectNode subject,
                             ActionNode action)
                      throws ServiceAccessException,
                             ObjectNotFoundException,
                             AccessDeniedException,
                             VetoException
Revokes a permission.

Specified by:
revokePermission in interface Security
Parameters:
token - Credentials token
object - Object on which permission is revoked
subject - Subject who can perform the action
action - Action which can be performed
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

revokePermission

public void revokePermission(SlideToken token,
                             NodePermission permission)
                      throws ServiceAccessException,
                             ObjectNotFoundException,
                             AccessDeniedException,
                             VetoException
Revokes a permission.

Specified by:
revokePermission in interface Security
Parameters:
token - Credentials token
permission - Permission to be removed
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials
VetoException

checkCredentials

public void checkCredentials(SlideToken token,
                             ObjectNode object,
                             ActionNode action)
                      throws ServiceAccessException,
                             AccessDeniedException
Check if the credentials given grants permission to perform the specified action on the specified subject.

Specified by:
checkCredentials in interface Security
Parameters:
token - Credentials token
object - Object on which the action is performed
action - Action performed
Throws:
ServiceAccessException - DataSource access error
AccessDeniedException - The credentials does not grant the permission to perform the specified action

checkPermission

public void checkPermission(ObjectNode object,
                            SubjectNode subject,
                            ActionNode action)
                     throws ServiceAccessException,
                            AccessDeniedException,
                            ObjectNotFoundException
Check whether or not an actor can perform the specified activity on a collection.

Specified by:
checkPermission in interface Security
Parameters:
object - Object on which access is tested
subject - Subject who seeks to perform the action
action - Action which is to be performed
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

checkPermission

public void checkPermission(SlideToken token,
                            ObjectNode object,
                            ActionNode action)
                     throws ServiceAccessException,
                            AccessDeniedException,
                            ObjectNotFoundException
Check whether or not an actor (principal) can perform the specified activity on the specified resource.

Specified by:
checkPermission in interface Security
Parameters:
token - a SlideToken
object - Object on which access is tested
action - Action which is to be performed
Throws:
ServiceAccessException
AccessDeniedException
ObjectNotFoundException

hasPermission

public boolean hasPermission(ObjectNode object,
                             SubjectNode subject,
                             ActionNode action)
                      throws ServiceAccessException,
                             ObjectNotFoundException
Check whether or not an actor can perform the specified activity on a collection.

Specified by:
hasPermission in interface Security
Parameters:
object - Object on which access is tested
subject - Subject who seeks to perform the action
action - Action which is to be performed
Returns:
true if the action can be performed
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource

hasPermission

public boolean hasPermission(SlideToken token,
                             ObjectNode object,
                             ActionNode action)
                      throws ServiceAccessException,
                             ObjectNotFoundException
Check whether or not an actor (principal) can perform the specified activity on the specified resource.

Specified by:
hasPermission in interface Security
Parameters:
token - a SlideToken
object - Object on which access is tested
action - Action which is to be performed
Returns:
true if the action can be performed
Throws:
ServiceAccessException
ObjectNotFoundException

enumeratePermissions

public java.util.Enumeration enumeratePermissions(SlideToken token,
                                                  ObjectNode object)
                                           throws ServiceAccessException,
                                                  ObjectNotFoundException,
                                                  AccessDeniedException
Enumerates permissions on an object.

Specified by:
enumeratePermissions in interface Security
Parameters:
token - Credentials token
object - Object on which permission is granted
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

enumeratePermissions

public java.util.Enumeration enumeratePermissions(SlideToken token,
                                                  ObjectNode object,
                                                  boolean includeInherited)
                                           throws ServiceAccessException,
                                                  ObjectNotFoundException
Enumerates permissions on an object.

Specified by:
enumeratePermissions in interface Security
Parameters:
token - Credentials token
object - Object on which permission is granted
includeInherited - if true, includes inherited permissions
Returns:
an Enumeration
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

enumeratePermissions

public java.util.Enumeration enumeratePermissions(SlideToken token,
                                                  java.lang.String object)
                                           throws ServiceAccessException,
                                                  ObjectNotFoundException,
                                                  AccessDeniedException
Enumerates permissions on an object.

Specified by:
enumeratePermissions in interface Security
Parameters:
token - Credentials token
object - Object on which permission is granted
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

enumeratePermissions

public java.util.Enumeration enumeratePermissions(SlideToken token,
                                                  java.lang.String object,
                                                  boolean includeInherited)
                                           throws ServiceAccessException,
                                                  ObjectNotFoundException
Enumerates permissions on an object.

Specified by:
enumeratePermissions in interface Security
Parameters:
token - Credentials token
object - Object on which permission is granted
includeInherited - if true, includes inherited permissions
Returns:
an Enumeration
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource
AccessDeniedException - Insufficent credentials

retrieveAclSourceNodes

public java.util.List retrieveAclSourceNodes(SlideToken token,
                                             ObjectNode object)
                                      throws ServiceAccessException,
                                             ObjectNotFoundException
Retrieve the list of object nodes from which to get the ACLs. The specified object is returned as first element of the list.

Parameters:
token - a SlideToken
object - an ObjectNode
Returns:
a List of ObjectNode
Throws:
ServiceAccessException
ObjectNotFoundException

hasRole

public boolean hasRole(SlideToken token,
                       java.lang.String role)
                throws ServiceAccessException,
                       ObjectNotFoundException
Check whether or not the current user has the specified role.

Specified by:
hasRole in interface Security
Parameters:
token - Credentials token
role - Role
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource

hasRole

public boolean hasRole(ObjectNode object,
                       java.lang.String role)
                throws ServiceAccessException,
                       ObjectNotFoundException
Check whether or not the current user has the specified role.

Specified by:
hasRole in interface Security
Parameters:
object - Object node
role - Role
Throws:
ServiceAccessException - DataSource access error
ObjectNotFoundException - Specified object was not found in the DataSource

getRoles

public java.util.Enumeration getRoles(ObjectNode object)
Return the list of roles the specified node has.

Specified by:
getRoles in interface Security
Parameters:
object - Object node

getRoles

public java.util.Enumeration getRoles(SlideToken token)
                               throws ServiceAccessException,
                                      ObjectNotFoundException
Return the list of roles the specified token has.

Specified by:
getRoles in interface Security
Parameters:
token - Credentials token
Throws:
ServiceAccessException
ObjectNotFoundException

getRoles

public java.util.Enumeration getRoles(SlideToken token,
                                      SubjectNode subjectNode)
                               throws ServiceAccessException,
                                      ObjectNotFoundException
Specified by:
getRoles in interface Security
Throws:
ServiceAccessException
ObjectNotFoundException

getPrincipal

public ObjectNode getPrincipal(SlideToken token)
                        throws ServiceAccessException,
                               ObjectNotFoundException
Get the SubjectNode associated with the credentials token.

Specified by:
getPrincipal in interface Security
Parameters:
token - a SlideToken
Returns:
an ObjectNode
Throws:
ServiceAccessException
ObjectNotFoundException

matchAction

public boolean matchAction(SlideToken token,
                           ActionNode checkAction,
                           ActionNode permAction)
                    throws ServiceAccessException
Return true, if-and-only-if checkAction matches permAction.

Specified by:
matchAction in interface Security
Parameters:
checkAction - the "current" action
permAction - the action to check against (from NodePermission or NodeLock)
token - a SlideToken
Returns:
a boolean
Throws:
ServiceAccessException

matchPrincipal

public boolean matchPrincipal(SlideToken token,
                              SubjectNode checkSubject,
                              SubjectNode matchSubject)
                       throws ServiceAccessException
Return true, if-and-only-if checkSubject matches permSubject.

Specified by:
matchPrincipal in interface Security
Parameters:
token - a SlideToken
checkSubject - the "current" principal
matchSubject - the principal to check against (e.g. user or group from NodePermission or NodeLock)
Returns:
a boolean
Throws:
ServiceAccessException

matchPrincipal

public boolean matchPrincipal(SlideToken token,
                              SubjectNode checkSubject,
                              SubjectNode matchSubject,
                              int level)
                       throws ServiceAccessException
Return true, if-and-only-if checkSubject matches permSubject.

Parameters:
token - a SlideToken
checkSubject - the "current" principal
matchSubject - the principal to check against (e.g. user or group from NodePermission or NodeLock)
Returns:
a boolean
Throws:
ServiceAccessException

getActionAggregation

public java.util.Map getActionAggregation(SlideToken token)
Method getActionAggregation

Returns:
a Map: actionNode -> Set-of-aggregated-nodes (direct aggregates)