Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opencrx.kernel.layer.model
Class AccessControl_1

java.lang.Object
  extended by org.openmdx.application.dataprovider.spi.Layer_1
      extended by org.openmdx.application.dataprovider.layer.model.Standard_1
          extended by org.opencrx.kernel.layer.model.AccessControl_1
All Implemented Interfaces:
Dataprovider_1_0, Port
public class AccessControl_1
extends Standard_1

openCRX access control plugin. Implements the openCRX access control logic.

Nested Class Summary
 class AccessControl_1.LayerInteraction
           
 
Field Summary
protected  List<Object> connectionFactories
           
protected static Path EXTENT_PATTERN
           
protected  List<Path> inheritFromParentTypes
           
protected  Model_1_0 model
           
protected static ConcurrentMap<Path,Object[]> objectCache
           
protected  Path realmIdentity
           
protected  boolean useExtendedAccessLevelBasic
           
protected static Path USER_HOME_PATH_PATTERN
           
 
Fields inherited from class org.openmdx.application.dataprovider.layer.model.Standard_1
NON_PERSISTENT_ATTRIBUTES, optimisticLocking, PERSISTENT_ATTRIBUTES, TIME_OR_DATE_DATATYPES
 
Fields inherited from class org.openmdx.application.dataprovider.spi.Layer_1
compressUID, delegation
 
Constructor Summary
AccessControl_1()
           
 
Method Summary
 void activate(short id, Configuration configuration, Layer_1 delegation)
           
protected  void applyBrowseFilter(Object_2Facade parentFacade, DataproviderRequest request, SecurityContext securityContext, org.opencrx.kernel.layer.model.SecurityContext.CachedPrincipal requestingPrincipal, Path requestingUser)
           
protected  void completeAccessGrantedByParent(ServiceHeader header, MappedRecord object, MappedRecord accessGrantedByParent)
           
protected  void completeObject(ServiceHeader header, MappedRecord object, MappedRecord accessGrantedByParent)
           
protected  void completeOwningUserAndGroup(ServiceHeader header, MappedRecord object)
           
protected  DataproviderReply completeReply(ServiceHeader header, DataproviderReply reply, MappedRecord accessGrantedByParent)
           
protected  MappedRecord createResult(DataproviderRequest request, String structName)
           
protected  Path getGroupIdentity(Path accessPath, String qualifiedPrincipalName)
           
 List<Path> getInheritFromParentTypes()
          Returns a list of types as path patterns of object references which inherit the security settings from the parent object.
 Interaction getInteraction(Connection connection)
           
protected static ConcurrentMap<Path,Object[]> getObjectCache()
           
protected  String getPrincipalName(ServiceHeader header)
           
protected  String getQualifiedPrincipalName(Path principalIdentity)
           
protected  String getQualifiedPrincipalName(Path accessPath, String principalName)
           
protected  ModelElement_1_0 getReferencedType(Path accessPath, FilterProperty[] filter)
           
protected  SecurityContext getSecurityContext(ServiceHeader header, DataproviderRequest request)
          Set the current security context to the requesting principal, i.e.
protected  Path getUser(org.opencrx.kernel.layer.model.SecurityContext.CachedPrincipal principal)
           
protected  Path getUserIdentity(org.opencrx.kernel.layer.model.SecurityContext.CachedPrincipal principal)
           
protected  Path getUserIdentity(String qualifiedPrincipalName)
           
protected  Path getUserIdentity(String realmName, String principalName)
           
protected  boolean hasReadAccess(Object_2Facade objectFacade, Object_2Facade parentFacade, SecurityContext securityContext, org.opencrx.kernel.layer.model.SecurityContext.CachedPrincipal requestingPrincipal, Path requestingUser)
           
protected  boolean isPrincipalGroup(MappedRecord object)
           
protected  boolean isSecureObject(MappedRecord object)
           
protected  boolean isSecureObject(ModelElement_1_0 type)
           
 javax.jdo.PersistenceManager newDelegatingPersistenceManager()
           
 
Methods inherited from class org.openmdx.application.dataprovider.layer.model.Standard_1
attributeIsInstanceOf, completeObject, completeReply, getObjectClass, getObjectClassName, isModified, isTimeDateDuration, notifyPreDelete, removeContexts, removeNonPersistentAttributes, setIdentity, triggeredRemoveDerivedAttributes
 
Methods inherited from class org.openmdx.application.dataprovider.spi.Layer_1
configurationSpecification, deactivate, getConfiguration, getConnectionFactory, getDelegation, getId, getModel, newReplyId, process, terminal, uidAsString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

EXTENT_PATTERN

protected static final Path EXTENT_PATTERN

USER_HOME_PATH_PATTERN

protected static final Path USER_HOME_PATH_PATTERN

connectionFactories

protected List<Object> connectionFactories

inheritFromParentTypes

protected List<Path> inheritFromParentTypes

realmIdentity

protected Path realmIdentity

model

protected Model_1_0 model

useExtendedAccessLevelBasic

protected boolean useExtendedAccessLevelBasic

objectCache

protected static final ConcurrentMap<Path,Object[]> objectCache
Constructor Detail

AccessControl_1

public AccessControl_1()
Method Detail

getInteraction

public Interaction getInteraction(Connection connection)
                           throws ResourceException
Specified by:
getInteraction in interface Port
Overrides:
getInteraction in class Standard_1
Throws:
ResourceException

getUserIdentity

protected Path getUserIdentity(org.opencrx.kernel.layer.model.SecurityContext.CachedPrincipal principal)

getUserIdentity

protected Path getUserIdentity(String qualifiedPrincipalName)

getUserIdentity

protected Path getUserIdentity(String realmName,
                               String principalName)

getUser

protected Path getUser(org.opencrx.kernel.layer.model.SecurityContext.CachedPrincipal principal)
                throws ServiceException
Throws:
ServiceException

hasReadAccess

protected boolean hasReadAccess(Object_2Facade objectFacade,
                                Object_2Facade parentFacade,
                                SecurityContext securityContext,
                                org.opencrx.kernel.layer.model.SecurityContext.CachedPrincipal requestingPrincipal,
                                Path requestingUser)
                         throws ServiceException
Throws:
ServiceException

applyBrowseFilter

protected void applyBrowseFilter(Object_2Facade parentFacade,
                                 DataproviderRequest request,
                                 SecurityContext securityContext,
                                 org.opencrx.kernel.layer.model.SecurityContext.CachedPrincipal requestingPrincipal,
                                 Path requestingUser)
                          throws ServiceException
Throws:
ServiceException

getGroupIdentity

protected Path getGroupIdentity(Path accessPath,
                                String qualifiedPrincipalName)

getQualifiedPrincipalName

protected String getQualifiedPrincipalName(Path accessPath,
                                           String principalName)

getQualifiedPrincipalName

protected String getQualifiedPrincipalName(Path principalIdentity)

completeOwningUserAndGroup

protected void completeOwningUserAndGroup(ServiceHeader header,
                                          MappedRecord object)
                                   throws ServiceException
Throws:
ServiceException

completeAccessGrantedByParent

protected void completeAccessGrantedByParent(ServiceHeader header,
                                             MappedRecord object,
                                             MappedRecord accessGrantedByParent)
                                      throws ServiceException
Throws:
ServiceException

completeObject

protected void completeObject(ServiceHeader header,
                              MappedRecord object,
                              MappedRecord accessGrantedByParent)
                       throws ServiceException
Throws:
ServiceException

completeReply

protected DataproviderReply completeReply(ServiceHeader header,
                                          DataproviderReply reply,
                                          MappedRecord accessGrantedByParent)
                                   throws ServiceException
Throws:
ServiceException

isPrincipalGroup

protected boolean isPrincipalGroup(MappedRecord object)
                            throws ServiceException
Throws:
ServiceException

isSecureObject

protected boolean isSecureObject(MappedRecord object)
                          throws ServiceException
Throws:
ServiceException

isSecureObject

protected boolean isSecureObject(ModelElement_1_0 type)
                          throws ServiceException
Throws:
ServiceException

newDelegatingPersistenceManager

public javax.jdo.PersistenceManager newDelegatingPersistenceManager()

getInheritFromParentTypes

public List<Path> getInheritFromParentTypes()
Returns a list of types as path patterns of object references which inherit the security settings from the parent object. This option should be used only for performance improvements and applied only to business objects which define a self-contained security entity (e.g. contract, its positions, depot references and product configurations). Additional paths can be added by overriding getInheritFromParentTypes. The API exposes the granting parent by the reference SecureObject.accessGrantedByParent and is set by completeObject.

activate

public void activate(short id,
                     Configuration configuration,
                     Layer_1 delegation)
              throws ServiceException
Overrides:
activate in class Standard_1
Throws:
ServiceException

getPrincipalName

protected String getPrincipalName(ServiceHeader header)

getSecurityContext

protected SecurityContext getSecurityContext(ServiceHeader header,
                                             DataproviderRequest request)
                                      throws ServiceException
Set the current security context to the requesting principal, i.e. this.requestingPrincipal, this.currentSecurityContext, this.requestingUser.

Throws:
ServiceException

getReferencedType

protected ModelElement_1_0 getReferencedType(Path accessPath,
                                             FilterProperty[] filter)
                                      throws ServiceException
Throws:
ServiceException

createResult

protected MappedRecord createResult(DataproviderRequest request,
                                    String structName)
                             throws ServiceException
Throws:
ServiceException

getObjectCache

protected static ConcurrentMap<Path,Object[]> getObjectCache()
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
This software is published under the BSD license. Copyright © 2003-2010, CRIXP AG, Switzerland, All rights reserved. Use is subject to license terms.