001: /*
002: * $Id: Security.java,v 1.1 2003/08/17 04:39:05 ajzeneski Exp $
003: *
004: * Copyright (c) 2001, 2002 The Open For Business Project - www.ofbiz.org
005: *
006: * Permission is hereby granted, free of charge, to any person obtaining a
007: * copy of this software and associated documentation files (the "Software"),
008: * to deal in the Software without restriction, including without limitation
009: * the rights to use, copy, modify, merge, publish, distribute, sublicense,
010: * and/or sell copies of the Software, and to permit persons to whom the
011: * Software is furnished to do so, subject to the following conditions:
012: *
013: * The above copyright notice and this permission notice shall be included
014: * in all copies or substantial portions of the Software.
015: *
016: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
017: * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
018: * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
019: * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
020: * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
021: * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
022: * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
023: *
024: */
025: package org.ofbiz.security;
026:
027: import java.util.Iterator;
028: import java.util.List;
029:
030: import javax.servlet.http.HttpSession;
031:
032: import org.ofbiz.base.util.UtilCache;
033: import org.ofbiz.entity.GenericDelegator;
034: import org.ofbiz.entity.GenericValue;
035:
036: /**
037: * Security handler: This class is an abstract implementation for all commononly used security aspects.
038: *
039: * @author <a href="mailto:jonesde@ofbiz.org">David E. Jones</a>
040: * @author <a href="mailto:hermanns@aixcept.de">Rainer Hermanns</a>
041: * @author <a href="mailto:jaz@ofbiz.org">Andy Zeneski</a>
042: * @version $Revision: 1.1 $
043: * @since 2.0
044: */
045: public abstract class Security {
046:
047: /**
048: * UtilCache to cache a Collection of UserLoginSecurityGroup entities for each UserLogin, by userLoginId.
049: */
050: public static UtilCache userLoginSecurityGroupByUserLoginId = new UtilCache(
051: "security.UserLoginSecurityGroupByUserLoginId");
052:
053: /**
054: * UtilCache to cache whether or not a certain SecurityGroupPermission row exists or not.
055: * For each SecurityGroupPermissionPK there is a Boolean in the cache specifying whether or not it exists.
056: * In this way the cache speeds things up whether or not the user has a permission.
057: */
058: public static UtilCache securityGroupPermissionCache = new UtilCache(
059: "security.SecurityGroupPermissionCache");
060:
061: GenericDelegator delegator = null;
062:
063: public GenericDelegator getDelegator() {
064: return delegator;
065: }
066:
067: public void setDelegator(GenericDelegator delegator) {
068: this .delegator = delegator;
069: }
070:
071: /**
072: * Uses userLoginSecurityGroupByUserLoginId cache to speed up the finding of the userLogin's security group list.
073: *
074: * @param userLoginId The userLoginId to find security groups by
075: * @return An iterator made from the Collection either cached or retrieved from the database through the
076: * UserLoginSecurityGroup Delegator.
077: */
078: public abstract Iterator findUserLoginSecurityGroupByUserLoginId(
079: String userLoginId);
080:
081: /**
082: * Finds whether or not a SecurityGroupPermission row exists given a groupId and permission.
083: * Uses the securityGroupPermissionCache to speed this up.
084: * The groupId,permission pair is cached instead of the userLoginId,permission pair to keep the cache small and to
085: * make it more changeable.
086: *
087: * @param groupId The ID of the group
088: * @param permission The name of the permission
089: * @return boolean specifying whether or not a SecurityGroupPermission row exists
090: */
091: public abstract boolean securityGroupPermissionExists(
092: String groupId, String permission);
093:
094: /**
095: * Checks to see if the currently logged in userLogin has the passed permission.
096: *
097: * @param permission Name of the permission to check.
098: * @param session The current HTTP session, contains the logged in userLogin as an attribute.
099: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
100: */
101: public abstract boolean hasPermission(String permission,
102: HttpSession session);
103:
104: /**
105: * Checks to see if the userLogin has the passed permission.
106: *
107: * @param permission Name of the permission to check.
108: * @param userLogin The userLogin object for user to check against.
109: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
110: */
111: public abstract boolean hasPermission(String permission,
112: GenericValue userLogin);
113:
114: /**
115: * Like hasPermission above, except it has functionality specific to Entity permissions. Checks the entity for the
116: * specified action, as well as for "_ADMIN" to allow for simplified general administration permission.
117: *
118: * @param entity The name of the Entity corresponding to the desired permission.
119: * @param action The action on the Entity corresponding to the desired permission.
120: * @param session The current HTTP session, contains the logged in userLogin as an attribute.
121: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
122: */
123: public abstract boolean hasEntityPermission(String entity,
124: String action, HttpSession session);
125:
126: /**
127: * Like hasPermission above, except it has functionality specific to Entity permissions. Checks the entity for the
128: * specified action, as well as for "_ADMIN" to allow for simplified general administration permission.
129: *
130: * @param entity The name of the Entity corresponding to the desired permission.
131: * @param action The action on the Entity corresponding to the desired permission.
132: * @param userLogin The userLogin object for user to check against.
133: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
134: */
135: public abstract boolean hasEntityPermission(String entity,
136: String action, GenericValue userLogin);
137:
138: /**
139: * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
140: * general administration permission, but also checks action_ROLE and validates the user is a member for the
141: * application.
142: *
143: * @param application The name of the application corresponding to the desired permission.
144: * @param action The action on the application corresponding to the desired permission.
145: * @param primaryKey The primary key for the role check.
146: * @param role The roleTypeId which the user must validate with.
147: * @param session The current HTTP session, contains the logged in userLogin as an attribute.
148: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
149: */
150: public abstract boolean hasRolePermission(String application,
151: String action, String primaryKey, String role,
152: HttpSession session);
153:
154: /**
155: * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
156: * general administration permission, but also checks action_ROLE and validates the user is a member for the
157: * application.
158: *
159: * @param application The name of the application corresponding to the desired permission.
160: * @param action The action on the application corresponding to the desired permission.
161: * @param primaryKey The primary key for the role check.
162: * @param role The roleTypeId which the user must validate with.
163: * @param userLogin The userLogin object for user to check against.
164: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
165: */
166: public abstract boolean hasRolePermission(String application,
167: String action, String primaryKey, String role,
168: GenericValue userLogin);
169:
170: /**
171: * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
172: * general administration permission, but also checks action_ROLE and validates the user is a member for the
173: * application.
174: *
175: * @param application The name of the application corresponding to the desired permission.
176: * @param action The action on the application corresponding to the desired permission.
177: * @param primaryKey The primary key for the role check.
178: * @param roles List of roleTypeId of which the user must validate with (ORed).
179: * @param userLogin The userLogin object for user to check against.
180: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
181: */
182: public abstract boolean hasRolePermission(String application,
183: String action, String primaryKey, List roles,
184: GenericValue userLogin);
185:
186: /**
187: * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
188: * general administration permission, but also checks action_ROLE and validates the user is a member for the
189: * application.
190: *
191: * @param application The name of the application corresponding to the desired permission.
192: * @param action The action on the application corresponding to the desired permission.
193: * @param primaryKey The primary key for the role check.
194: * @param roles List of roleTypeId of which the user must validate with (ORed).
195: * @param session The current HTTP session, contains the logged in userLogin as an attribute.
196: * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
197: */
198: public abstract boolean hasRolePermission(String application,
199: String action, String primaryKey, List roles,
200: HttpSession session);
201:
202: }
|