org.opencrx.kernel.layer.model

Class AccessControl_2

java.lang.Object

org.openmdx.base.rest.spi.AbstractRestPort

org.opencrx.kernel.layer.model.AccessControl_2

All Implemented Interfaces:

org.openmdx.base.resource.spi.Port<org.openmdx.base.rest.cci.RestConnection>

public class AccessControl_2
extends org.openmdx.base.rest.spi.AbstractRestPort

Access control plugin. Implements the openCRX access control logic.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	AccessControl_2.CachedPrincipal CachedPrincipal
class	AccessControl_2.DefaultRealm Default realm implementation.
class	AccessControl_2.RestInteraction RestInteraction

Field Summary

Fields

Modifier and Type	Field and Description
protected static String	ALL_PERMISSION
protected org.openmdx.base.resource.cci.ConnectionFactory	connectionFactory
protected static org.openmdx.base.naming.Path	EXTENT_PATTERN
protected org.openmdx.base.mof.cci.Model_1_0	model
protected static ConcurrentMap<org.openmdx.base.naming.Path,Object[]>	objectCache
protected org.openmdx.base.naming.Path	realmIdentity
protected static ConcurrentMap<org.openmdx.base.naming.Path,org.openmdx.base.naming.Path>	sharedAssociationToCompositeParentPathMap
protected boolean	useExtendedAccessLevelBasic
protected static org.openmdx.base.naming.Path	USER_HOME_PATH_PATTERN

Constructor Summary

Constructors

Constructor and Description
AccessControl_2() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	completeObject(org.openmdx.base.rest.cci.ObjectRecord object) Complete derived attributes for returned objects.
protected void	completeOwningUserAndGroup(org.openmdx.base.rest.cci.ObjectRecord object) Complete derived attributes.
protected void	completeReply(org.openmdx.base.rest.cci.ResultRecord objects) Complete reply.
protected org.openmdx.base.rest.cci.ResultRecord	findObjects(org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor p, org.openmdx.base.naming.Path reference) Find objects.
org.openmdx.base.resource.cci.ConnectionFactory	getConnectionFactory() Deprecated.
protected org.openmdx.base.naming.Path	getGroupIdentity(org.openmdx.base.naming.Path accessPath, String qualifiedPrincipalName) Get group identity for principal.
javax.resource.cci.Interaction	getInteraction(org.openmdx.base.rest.cci.RestConnection connection)
protected static ConcurrentMap<org.openmdx.base.naming.Path,Object[]>	getObjectCache() Get object cache.
protected List<String>	getPrincipalChain(javax.resource.cci.Connection connection) Extract principal name from request header.
protected String	getQualifiedPrincipalName(org.openmdx.base.naming.Path principalIdentity) Get qualified principal name.
protected String	getQualifiedPrincipalName(org.openmdx.base.naming.Path accessPath, String principalName) Get qualified principal name.
protected AccessControl_2.DefaultRealm	getRealm(org.openmdx.base.rest.cci.RequestRecord request, List<String> principalChain, javax.jdo.PersistenceManager pm) Get realm for given request.
org.openmdx.base.naming.Path	getRealmIdentity()
protected org.openmdx.base.mof.cci.ModelElement_1_0	getReferencedType(org.openmdx.base.naming.Path accessPath, List<org.openmdx.application.dataprovider.cci.FilterProperty> filter) Get type referenced by access path.
protected org.openmdx.base.naming.Path	getUser(AccessControl_2.CachedPrincipal principal) Get user identity for principal.
protected org.openmdx.base.naming.Path	getUserIdentity(AccessControl_2.CachedPrincipal principal) Get user identity for given principal.
protected org.openmdx.base.naming.Path	getUserIdentity(String qualifiedPrincipalName) Get user identity for given principal.
protected org.openmdx.base.naming.Path	getUserIdentity(String realmName, String principalName) Get user identity for principal of given realm.
protected boolean	isPrincipalGroup(javax.resource.cci.MappedRecord object) Test whether object is instance of PrincipalGroup.
protected boolean	isSecureObject(javax.resource.cci.MappedRecord object) Test whether object's type is a subclass of SecureObject.
protected boolean	isSecureObject(org.openmdx.base.mof.cci.ModelElement_1_0 type) Test whether type is a subclass of SecureObject.
boolean	isUseExtendedAccessLevelBasic()
protected javax.jdo.PersistenceManager	newDelegatePersistenceManager(org.openmdx.base.rest.cci.RestConnection connection) Get delegate persistence manager.
protected org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor	newDelegateRequestProcessor(org.openmdx.base.rest.cci.RestConnection connection)
protected javax.resource.cci.MappedRecord	newOperationResult(String recordType) Create new operation result.
protected AccessControl_2.DefaultRealm	newRealm(org.openmdx.base.naming.Path realmIdentity) Allows to provide a custom-specific realm implementation.
protected org.openmdx.base.rest.cci.ObjectRecord	retrieveObject(org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor p, org.openmdx.base.naming.Path resourceIdentifier, boolean preferringNotFoundException) Retrieve object with given identity.
void	setConnectionFactory(org.openmdx.base.resource.cci.ConnectionFactory connectionFactory) Deprecated.
void	setRealmIdentity(org.openmdx.base.naming.Path realmIdentity)
void	setUseExtendedAccessLevelBasic(boolean useExtendedAccessLevelBasic)

Methods inherited from class org.openmdx.base.rest.spi.AbstractRestPort

getDelegate, hasDelegate, newDelegateInteraction, setDelegate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

EXTENT_PATTERN

protected static final org.openmdx.base.naming.Path EXTENT_PATTERN

USER_HOME_PATH_PATTERN

protected static final org.openmdx.base.naming.Path USER_HOME_PATH_PATTERN

ALL_PERMISSION

protected static final String ALL_PERMISSION

See Also:

Constant Field Values

realmIdentity

protected org.openmdx.base.naming.Path realmIdentity

model

protected org.openmdx.base.mof.cci.Model_1_0 model

useExtendedAccessLevelBasic

protected boolean useExtendedAccessLevelBasic

connectionFactory

protected org.openmdx.base.resource.cci.ConnectionFactory connectionFactory

objectCache

protected static final ConcurrentMap<org.openmdx.base.naming.Path,Object[]> objectCache

sharedAssociationToCompositeParentPathMap

protected static final ConcurrentMap<org.openmdx.base.naming.Path,org.openmdx.base.naming.Path> sharedAssociationToCompositeParentPathMap

Constructor Detail

AccessControl_2

public AccessControl_2()

Constructor.

Method Detail

getInteraction

public javax.resource.cci.Interaction getInteraction(org.openmdx.base.rest.cci.RestConnection connection)
                                              throws javax.resource.ResourceException

Throws:

javax.resource.ResourceException

getUserIdentity

protected org.openmdx.base.naming.Path getUserIdentity(AccessControl_2.CachedPrincipal principal)

Get user identity for given principal.

Parameters:

principal -

Returns:

getUserIdentity

protected org.openmdx.base.naming.Path getUserIdentity(String qualifiedPrincipalName)

Get user identity for given principal.

Parameters:

qualifiedPrincipalName -

Returns:

getUserIdentity

protected org.openmdx.base.naming.Path getUserIdentity(String realmName,
                                           String principalName)

Get user identity for principal of given realm.

Parameters:

realmName -

principalName -

Returns:

getUser

protected org.openmdx.base.naming.Path getUser(AccessControl_2.CachedPrincipal principal)
                                        throws org.openmdx.base.exception.ServiceException

Get user identity for principal.

Parameters:

principal -

Returns:

Throws:

org.openmdx.base.exception.ServiceException

getGroupIdentity

protected org.openmdx.base.naming.Path getGroupIdentity(org.openmdx.base.naming.Path accessPath,
                                            String qualifiedPrincipalName)

Get group identity for principal.

Parameters:

accessPath -

qualifiedPrincipalName -

Returns:

getQualifiedPrincipalName

protected String getQualifiedPrincipalName(org.openmdx.base.naming.Path accessPath,
                               String principalName)

Get qualified principal name.

Parameters:

accessPath -

principalName -

Returns:

getQualifiedPrincipalName

protected String getQualifiedPrincipalName(org.openmdx.base.naming.Path principalIdentity)

Get qualified principal name.

Parameters:

principalIdentity -

Returns:

newDelegateRequestProcessor

protected org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor newDelegateRequestProcessor(org.openmdx.base.rest.cci.RestConnection connection)
                                                                                              throws javax.resource.ResourceException

Throws:

javax.resource.ResourceException

newDelegatePersistenceManager

protected javax.jdo.PersistenceManager newDelegatePersistenceManager(org.openmdx.base.rest.cci.RestConnection connection)

Get delegate persistence manager.

Returns:

retrieveObject

protected org.openmdx.base.rest.cci.ObjectRecord retrieveObject(org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor p,
                                                    org.openmdx.base.naming.Path resourceIdentifier,
                                                    boolean preferringNotFoundException)
                                                         throws javax.resource.ResourceException

Retrieve object with given identity.

Parameters:

identity -

preferringNotFoundException -

Returns:

Throws:

org.openmdx.base.exception.ServiceException

javax.resource.ResourceException

newOperationResult

protected javax.resource.cci.MappedRecord newOperationResult(String recordType)
                                                      throws javax.resource.ResourceException

Create new operation result.

Parameters:

recordType -

Returns:

Throws:

javax.resource.ResourceException

findObjects

protected org.openmdx.base.rest.cci.ResultRecord findObjects(org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor p,
                                                 org.openmdx.base.naming.Path reference)
                                                      throws javax.resource.ResourceException

Find objects.

Parameters:

reference -

Returns:

Throws:

org.openmdx.base.exception.ServiceException

javax.resource.ResourceException

completeOwningUserAndGroup

protected void completeOwningUserAndGroup(org.openmdx.base.rest.cci.ObjectRecord object)
                                   throws javax.resource.ResourceException

Complete derived attributes.

Parameters:

header -

object -

Throws:

org.openmdx.base.exception.ServiceException

javax.resource.ResourceException

completeObject

protected void completeObject(org.openmdx.base.rest.cci.ObjectRecord object)
                       throws javax.resource.ResourceException

Complete derived attributes for returned objects.

Parameters:

header -

object -

Throws:

org.openmdx.base.exception.ServiceException

javax.resource.ResourceException

completeReply

protected void completeReply(org.openmdx.base.rest.cci.ResultRecord objects)
                      throws javax.resource.ResourceException

Complete reply.

Parameters:

header -

reply -

Throws:

org.openmdx.base.exception.ServiceException

javax.resource.ResourceException

isPrincipalGroup

protected boolean isPrincipalGroup(javax.resource.cci.MappedRecord object)
                            throws org.openmdx.base.exception.ServiceException

Test whether object is instance of PrincipalGroup.

Parameters:

object -

Returns:

Throws:

org.openmdx.base.exception.ServiceException

isSecureObject

protected boolean isSecureObject(javax.resource.cci.MappedRecord object)
                          throws javax.resource.ResourceException

Test whether object's type is a subclass of SecureObject.

Parameters:

object -

Returns:

Throws:

org.openmdx.base.exception.ServiceException

javax.resource.ResourceException

isSecureObject

protected boolean isSecureObject(org.openmdx.base.mof.cci.ModelElement_1_0 type)
                          throws org.openmdx.base.exception.ServiceException

Test whether type is a subclass of SecureObject.

Parameters:

type -

Returns:

Throws:

org.openmdx.base.exception.ServiceException

getPrincipalChain

protected List<String> getPrincipalChain(javax.resource.cci.Connection connection)
                                  throws javax.resource.ResourceException

Extract principal name from request header.

Parameters:

header -

Returns:

Throws:

javax.resource.ResourceException

newRealm

protected AccessControl_2.DefaultRealm newRealm(org.openmdx.base.naming.Path realmIdentity)
                                         throws javax.resource.ResourceException

Allows to provide a custom-specific realm implementation.

Throws:

javax.resource.ResourceException

getRealm

protected AccessControl_2.DefaultRealm getRealm(org.openmdx.base.rest.cci.RequestRecord request,
                                    List<String> principalChain,
                                    javax.jdo.PersistenceManager pm)
                                         throws javax.resource.ResourceException

Get realm for given request.

Parameters:

header -

request -

Returns:

Throws:

org.openmdx.base.exception.ServiceException

javax.resource.ResourceException

getReferencedType

protected org.openmdx.base.mof.cci.ModelElement_1_0 getReferencedType(org.openmdx.base.naming.Path accessPath,
                                                          List<org.openmdx.application.dataprovider.cci.FilterProperty> filter)
                                                               throws org.openmdx.base.exception.ServiceException

Get type referenced by access path.

Parameters:

accessPath -

filter -

Returns:

Throws:

org.openmdx.base.exception.ServiceException

getObjectCache

protected static ConcurrentMap<org.openmdx.base.naming.Path,Object[]> getObjectCache()

Get object cache.

Returns:

getRealmIdentity

public org.openmdx.base.naming.Path getRealmIdentity()

Returns:

the realmIdentity

setRealmIdentity

public void setRealmIdentity(org.openmdx.base.naming.Path realmIdentity)

Parameters:

realmIdentity - the realmIdentity to set

isUseExtendedAccessLevelBasic

public boolean isUseExtendedAccessLevelBasic()

Returns:

the useExtendedAccessLevelBasic

setUseExtendedAccessLevelBasic

public void setUseExtendedAccessLevelBasic(boolean useExtendedAccessLevelBasic)

Parameters:

useExtendedAccessLevelBasic - the useExtendedAccessLevelBasic to set

getConnectionFactory

public org.openmdx.base.resource.cci.ConnectionFactory getConnectionFactory()

Deprecated.

Returns:

the connectionFactory

setConnectionFactory

public void setConnectionFactory(org.openmdx.base.resource.cci.ConnectionFactory connectionFactory)

Deprecated.

Parameters:

connectionFactory - the connectionFactory to set