Java Doc for GroupPermission.java in » Wiki-Engine » JSPWiki » com » ecyrd » jspwiki » auth » permissions » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation

1.	6.0 JDK Core
2.	6.0 JDK Modules
3.	6.0 JDK Modules com.sun
4.	6.0 JDK Modules com.sun.java
5.	6.0 JDK Modules sun
6.	6.0 JDK Platform
7.	Ajax
8.	Apache Harmony Java SE
9.	Aspect oriented
10.	Authentication Authorization
11.	Blogger System
12.	Build
13.	Byte Code
14.	Cache
15.	Chart
16.	Chat
17.	Code Analyzer
18.	Collaboration
19.	Content Management System
20.	Database Client
21.	Database DBMS
22.	Database JDBC Connection Pool
23.	Database ORM
24.	Development
25.	EJB Server geronimo
26.	EJB Server GlassFish
27.	EJB Server JBoss 4.2.1
28.	EJB Server resin 3.1.5
29.	ERP CRM Financial
30.	ESB
31.	Forum
32.	GIS
33.	Graphic Library
34.	Groupware
35.	HTML Parser
36.	IDE
37.	IDE Eclipse
38.	IDE Netbeans
39.	Installer
40.	Internationalization Localization
41.	Inversion of Control
42.	Issue Tracking
43.	J2EE
44.	JBoss
45.	JMS
46.	JMX
47.	Library
48.	Mail Clients
49.	Net
50.	Parser
51.	PDF
52.	Portal
53.	Profiler
54.	Project Management
55.	Report
56.	RSS RDF
57.	Rule Engine
58.	Science
59.	Scripting
60.	Search Engine
61.	Security
62.	Sevlet Container
63.	Source Control
64.	Swing Library
65.	Template Engine
66.	Test Coverage
67.	Testing
68.	UML
69.	Web Crawler
70.	Web Framework
71.	Web Mail
72.	Web Server
73.	Web Services
74.	Web Services apache cxf 2.0.1
75.	Web Services AXIS2
76.	Wiki Engine
77.	Workflow Engines
78.	XML
79.	XML UI

Java

Java Tutorial

Illustrator Tutorials

GIMP Tutorials

C# / C Sharp

C# / CSharp Tutorial

C# / CSharp Open Source

SQL Server / T-SQL Tutorial

Oracle PL / SQL

Oracle PL/SQL Tutorial

Flash / Flex / ActionScript

VBA / Excel / Access / Word

XML

XML Tutorial

Microsoft Office PowerPoint 2007 Tutorial

Microsoft Office Excel 2007 Tutorial

Microsoft Office Word 2007 Tutorial

Java Source Code / Java Documentation » Wiki Engine » JSPWiki » com.ecyrd.jspwiki.auth.permissions

Source Cross Reference Class Diagram Java Document (Java Doc)

java.lang .Object

java.security .Permission

com.ecyrd.jspwiki.auth.permissions .GroupPermission

GroupPermission

final public class GroupPermission extends Permission (Code)

Permission to perform an operation on a group in a given wiki. Permission actions include: view, edit, delete.

The target of a permission is a single group or collection in a given wiki. The syntax for the target is the wiki name, followed by a colon (:) and the name of the group. “All wikis” can be specified using a wildcard (*). Group collections may also be specified using a wildcard. For groups, the wildcard may be a prefix, suffix, or all by itself. Examples of targets include:

*:* :TestPlanners :*Planners :Test* mywiki:TestPlanners mywiki:*Planners mywiki:Test*

For a given target, certain permissions imply others:

edit implies view
delete implies edit and view

Targets that do not include a wiki prefix never imply others.

GroupPermission accepts a special target called <groupmember> that means “all groups that a user is a member of.” When included in a policy file grant block, it functions like a wildcard. Thus, this block:

 grant signedBy "jspwiki",
 principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
 permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";

means, “allow Authenticated users to edit any groups they are members of.” The wildcard target (*) does not imply <groupmember>; it must be granted explicitly.
author:
Andrew Jaquith
since:
2.4.17

Field Summary
final public static GroupPermission	DELETE Convenience constant that denotes `GroupPermission( ":, "delete" )`.
final public static String	DELETE_ACTION Action for deleting a group or collection of groups.
final protected static int	DELETE_MASK
final public static GroupPermission	EDIT Convenience constant that denotes `GroupPermission( ":, "edit" )`.
final public static String	EDIT_ACTION Action for editing a group or collection of groups.
final protected static int	EDIT_MASK
final public static String	MEMBER_TOKEN Special target token that denotes all groups that a Subject's Principals are members of.
final public static GroupPermission	VIEW Convenience constant that denotes `GroupPermission( ":, "view" )`.
final public static String	VIEW_ACTION Action for viewing a group or collection of groups.
final protected static int	VIEW_MASK

Constructor Summary
public	GroupPermission(String group, String actions) Creates a new GroupPermission for a specified group and set of actions. Group should include a prepended wiki name followed by a colon (:).

Method Summary
final protected static int	createMask(String actions) Protected method that creates a binary mask based on the actions specified.
final public boolean	equals(Object obj) Two PagePermission objects are considered equal if their actions (after normalization), wiki and target are equal.
final public String	getActions() Returns the actions for this permission: “view”, “edit”, or “delete”.
final public String	getGroup() Returns the name of the wiki group represented by this permission.
final public String	getWiki() Returns the name of the wiki containing the group represented by this permission; may return the wildcard string.
final public int	hashCode() Returns the hash code for this GroupPermission.
final protected static int	impliedMask(int mask) Creates an “implied mask” based on the actions originally assigned: for example, delete implies edit; edit implies view.
final public boolean	implies(Permission permission) GroupPermissions can only imply other GroupPermissions; no other permission types are implied.
final protected boolean	impliesMember(Permission permission) Returns `true` if this GroupPermission was created with the token `<groupmember>` and the current thread’s Subject is a member of the Group indicated by the implied GroupPermission.
final public String	toString() Prints a human-readable representation of this permission.

Field Detail

DELETE
final public static GroupPermission DELETE(Code)
	Convenience constant that denotes `GroupPermission( ":, "delete" )`.

DELETE_ACTION
final public static String DELETE_ACTION(Code)
	Action for deleting a group or collection of groups.

DELETE_MASK
final protected static int DELETE_MASK(Code)

EDIT
final public static GroupPermission EDIT(Code)
	Convenience constant that denotes `GroupPermission( ":, "edit" )`.

EDIT_ACTION
final public static String EDIT_ACTION(Code)
	Action for editing a group or collection of groups.

EDIT_MASK
final protected static int EDIT_MASK(Code)

MEMBER_TOKEN
final public static String MEMBER_TOKEN(Code)
	Special target token that denotes all groups that a Subject's Principals are members of.

VIEW
final public static GroupPermission VIEW(Code)
	Convenience constant that denotes `GroupPermission( ":, "view" )`.

VIEW_ACTION
final public static String VIEW_ACTION(Code)
	Action for viewing a group or collection of groups.

VIEW_MASK
final protected static int VIEW_MASK(Code)

Constructor Detail

GroupPermission
public GroupPermission(String group, String actions)(Code)
	Creates a new GroupPermission for a specified group and set of actions. Group should include a prepended wiki name followed by a colon (:). If the wiki name is not supplied or starts with a colon, the group refers to all wikis. Parameters: group - the wiki group Parameters: actions - the allowed actions for this group

Method Detail

createMask
final protected static int createMask(String actions)(Code)
	Protected method that creates a binary mask based on the actions specified. This is used by GroupPermission.implies(Permission) . Parameters: actions - the actions for this permission, separated by commas the binary actions mask

equals
final public boolean equals(Object obj)(Code)
	Two PagePermission objects are considered equal if their actions (after normalization), wiki and target are equal. Parameters: obj - the object to compare the result of the comparison See Also: java.lang.Object.equals(java.lang.Object)

getActions
final public String getActions()(Code)
	Returns the actions for this permission: “view”, “edit”, or “delete”. The actions will always be sorted in alphabetic order, and will always appear in lower case. the actions See Also: java.security.Permission.getActions

getGroup
final public String getGroup()(Code)
	Returns the name of the wiki group represented by this permission. the page name

getWiki
final public String getWiki()(Code)
	Returns the name of the wiki containing the group represented by this permission; may return the wildcard string. the wiki

hashCode
final public int hashCode()(Code)
	Returns the hash code for this GroupPermission. the hash code See Also: java.lang.Object.hashCode

impliedMask
final protected static int impliedMask(int mask)(Code)
	Creates an “implied mask” based on the actions originally assigned: for example, delete implies edit; edit implies view. Parameters: mask - binary mask for actions binary mask for implied actions

implies

final public boolean implies(Permission permission)(Code)

GroupPermissions can only imply other GroupPermissions; no other permission types are implied. One GroupPermission implies another if its actions if three conditions are met:

The other GroupPermission’s wiki is equal to, or a subset of, that of this permission. This permission’s wiki is considered a superset of the other if it contains a matching prefix plus a wildcard, or a wildcard followed by a matching suffix.
The other GroupPermission’s target is equal to, or a subset of, the target specified by this permission. This permission’s target is considered a superset of the other if it contains a matching prefix plus a wildcard, or a wildcard followed by a matching suffix.
All of other GroupPermission’s actions are equal to, or a subset of, those of this permission

Parameters:
permission - the Permission to examine true if the GroupPermission implies thesupplied Permission; false otherwise
See Also: java.security.Permission.implies(java.security.Permission)

impliesMember

final protected boolean impliesMember(Permission permission)(Code)

Returns true if this GroupPermission was created with the token <groupmember> and the current thread’s Subject is a member of the Group indicated by the implied GroupPermission. Thus, a GroupPermission with the group <groupmember> implies GroupPermission for group "TestGroup" only if the Subject is a member of TestGroup.

We make this determination by obtaining the current Thread ’s java.security.AccessControlContext and requesting the javax.security.auth.SubjectDomainCombiner . If the combiner is not null, then we know that the access check was requested using a javax.security.auth.Subject ; that is, that an upstream caller caused a Subject to be associated with the Thread’s ProtectionDomain by executing a javax.security.auth.Subject.doAs(Subjectjava.security.PrivilegedAction) operation.

If a SubjectDomainCombiner exists, determining group membership is simple: just iterate through the Subject’s Principal set and look for all Principals of type com.ecyrd.jspwiki.auth.GroupPrincipal . If the name of any Principal matches the value of the implied Permission’s GroupPermission.getGroup value, then the Subject is a member of this group -- and therefore this impliesMember call returns true.

This may sound complicated, but it really isn’t. Consider the following examples:

This object	`impliesMember` parameter	Calling Subject’s Principals	Result
`GroupPermission ("<groupmember>")`	`GroupPermission ("*:TestGroup")`	`WikiPrincipal ("Biff"), GroupPrincipal ("TestGroup")`	`true`
`GroupPermission ("*:TestGroup")`	`GroupPermission ("*:TestGroup")`	`WikiPrincipal ("Biff"), GroupPrincipal ("TestGroup")`	`false` - this object does not contain `<groupmember>`
`GroupPermission ("<groupmember>")`	`GroupPermission ("*:TestGroup")`	`WikiPrincipal ("Biff"), GroupPrincipal ("FooGroup")`	`false` - Subject does not contain GroupPrincipal matching implied Permission’s group (TestGroup)
`GroupPermission ("<groupmember>")`	`WikiPermission ("*:createGroups")`	`WikiPrincipal ("Biff"), GroupPrincipal ("TestGroup")`	`false` - implied permission not of type GroupPermission
`GroupPermission ("<groupmember>")`	`GroupPermission ("*:TestGroup")`	-	`false` - `Subject.doAs()` not called upstream

Note that JSPWiki’s access control checks are made inside of com.ecyrd.jspwiki.auth.AuthorizationManager.checkPermission(com.ecyrd.jspwiki.WikiSessionPermission) , which performs a Subject.doAs() call. Thus, this Permission functions exactly the way it should during normal operations.

Parameters:
permission - the implied permission true if the calling Thread’s Subject contains aGroupPrincipal matching the implied GroupPermission’s group;false otherwise

toString
final public String toString()(Code)
	Prints a human-readable representation of this permission. the string See Also: java.lang.Object.toString

Methods inherited from java.security.Permission

public void checkGuard(Object object) throws SecurityException(Code)(Java Doc)
abstract public boolean equals(Object obj)(Code)(Java Doc)
abstract public String getActions()(Code)(Java Doc)
final public String getName()(Code)(Java Doc)
abstract public int hashCode()(Code)(Java Doc)
abstract public boolean implies(Permission permission)(Code)(Java Doc)
public PermissionCollection newPermissionCollection()(Code)(Java Doc)
public String toString()(Code)(Java Doc)

Methods inherited from java.lang.Object

native protected Object clone() throws CloneNotSupportedException(Code)(Java Doc)
public boolean equals(Object obj)(Code)(Java Doc)
protected void finalize() throws Throwable(Code)(Java Doc)
final native public Class getClass()(Code)(Java Doc)
native public int hashCode()(Code)(Java Doc)
final native public void notify()(Code)(Java Doc)
final native public void notifyAll()(Code)(Java Doc)
public String toString()(Code)(Java Doc)
final native public void wait(long timeout) throws InterruptedException(Code)(Java Doc)
final public void wait(long timeout, int nanos) throws InterruptedException(Code)(Java Doc)
final public void wait() throws InterruptedException(Code)(Java Doc)

www.java2java.com | Contact Us

All other trademarks are property of their respective owners.