Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opencrx.kernel.layer.model
Class AccessControl_1.DefaultRealm

java.lang.Object
  extended by org.opencrx.kernel.layer.model.AccessControl_1.DefaultRealm
Enclosing class:
AccessControl_1
public class AccessControl_1.DefaultRealm
extends Object

Default realm implementation. Overload for custom-specific policies.

Constructor Summary
AccessControl_1.DefaultRealm(Path realmIdentity)
          Constructor
 
Method Summary
protected  Set<String> getPermissions(DataproviderRequest request, AccessControl_1.CachedPrincipal principal, Path userIdentity, short accessLevel, SecurityKeys.Action action)
          Get permissions for given principal and access level.
protected  Path getPrimaryGroup(AccessControl_1.CachedPrincipal principal)
          Get primary group for given principal.
protected  AccessControl_1.CachedPrincipal getPrincipal(String principalName)
          Retrieve principal for given principal name.
 Path getRealmIdentity()
          Get identity of realm.
 org.opencrx.kernel.layer.model.AccessControl_1.GetRunAsPrincipalResult getRunAsPrincipal(ServiceHeader header, DataproviderRequest request, AccessControl_1.LayerInteraction interaction)
          Get runAs principal according to service header and available runAs permissions.
 boolean hasPermission(DataproviderRequest request, Object_2Facade secureObject, Object_2Facade parent, AccessControl_1.CachedPrincipal principal, Path userIdentity, SecurityKeys.Action action, Set<String> grantedPermissions, AccessControl_1.LayerInteraction interaction)
          Return true if principal has permission to perform the request.
 void restrictQuery(DataproviderRequest request, Object_2Facade object, AccessControl_1.CachedPrincipal principal, Path userIdentity)
          Restrict query according to permissions of given principal.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AccessControl_1.DefaultRealm

public AccessControl_1.DefaultRealm(Path realmIdentity)
                             throws ServiceException
Constructor

Parameters:
realmIdentity -
Throws:
ServiceException
Method Detail

getPrincipal

protected AccessControl_1.CachedPrincipal getPrincipal(String principalName)
                                                throws ServiceException
Retrieve principal for given principal name.

Parameters:
principalName -
Returns:
Throws:
ServiceException

getRunAsPrincipal

public org.opencrx.kernel.layer.model.AccessControl_1.GetRunAsPrincipalResult getRunAsPrincipal(ServiceHeader header,
                                                                                                DataproviderRequest request,
                                                                                                AccessControl_1.LayerInteraction interaction)
                                                                                         throws ServiceException
Get runAs principal according to service header and available runAs permissions.

Parameters:
header -
request -
interaction -
Returns:
Throws:
ServiceException

getPrimaryGroup

protected Path getPrimaryGroup(AccessControl_1.CachedPrincipal principal)
                        throws ServiceException
Get primary group for given principal.

Parameters:
principal -
Returns:
Throws:
ServiceException

getPermissions

protected Set<String> getPermissions(DataproviderRequest request,
                                     AccessControl_1.CachedPrincipal principal,
                                     Path userIdentity,
                                     short accessLevel,
                                     SecurityKeys.Action action)
Get permissions for given principal and access level.

Parameters:
request -
principal -
userIdentity -
accessLevel -
action -
Returns:

getRealmIdentity

public Path getRealmIdentity()
Get identity of realm.

Returns:

hasPermission

public boolean hasPermission(DataproviderRequest request,
                             Object_2Facade secureObject,
                             Object_2Facade parent,
                             AccessControl_1.CachedPrincipal principal,
                             Path userIdentity,
                             SecurityKeys.Action action,
                             Set<String> grantedPermissions,
                             AccessControl_1.LayerInteraction interaction)
                      throws ServiceException
Return true if principal has permission to perform the request.

Parameters:
request -
secureObject -
parent -
principal -
userIdentity -
action -
grantedPermissions -
interaction -
Returns:
Throws:
ServiceException

restrictQuery

public void restrictQuery(DataproviderRequest request,
                          Object_2Facade object,
                          AccessControl_1.CachedPrincipal principal,
                          Path userIdentity)
                   throws ServiceException
Restrict query according to permissions of given principal.

Parameters:
request -
object -
principal -
userIdentity -
Throws:
ServiceException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
This software is published under the BSD license. Copyright © 2003-2012, CRIXP AG, Switzerland, All rights reserved. Use is subject to license terms.