| org.directwebremoting.extend.AccessControl
All known Subclasses: org.directwebremoting.impl.DefaultAccessControl,
| AccessControl | | public interface AccessControl (Code) | | Control who should be accessing which methods on which classes.
author:
Joe Walker [joe at getahead dot ltd dot uk] |
| addIncludeRule | | void addIncludeRule(String scriptName, String methodName)(Code) | | Add an include rule.
Each creator can have either a list of inclusions or a list of exclusions
but not both. If a creator has a list of inclusions then the default
policy is to deny any method that is not specifically included. If the
creator has a list of exclusions then the default policy is to allow
any method not listed.
If there are no included or excluded rules then the default policy is to
allow all methods
Parameters:
scriptName - The name of the creator to Javascript
Parameters:
methodName - The name of the method (without brackets) |
| addRoleRestriction | | void addRoleRestriction(String scriptName, String methodName, String role)(Code) | | J2EE role based security allows us to restrict methods to only being used
by people in certain roles.
Parameters:
scriptName - The name of the creator to Javascript
Parameters:
methodName - The name of the method (without brackets)
Parameters:
role - The new role name to add to the list for the given scriptName and methodName |
| assertExecutionIsPossible | | void assertExecutionIsPossible(Creator creator, String className, Method method) throws SecurityException(Code) | | Check the method for accessibility at runtime, and return an error
message if anything is wrong. If nothing is wrong, return null.
See notes on getReasonToNotDisplay(). This method should
duplicate the tests made by that method.
This is not a great because it mixes 2 bits of information in the same
variable (is it wrong, and what is wrong) but without multi-value returns
in Java this seems like the most simple implementation.
Parameters:
creator - Where does the method come from?
Parameters:
className - The Javascript name of the class
Parameters:
method - What is the method to execute?
throws:
SecurityException - If the given method is disallowed
See Also: AccessControl.assertIsDisplayable(CreatorStringMethod) |
| assertIsDisplayable | | void assertIsDisplayable(Creator creator, String className, Method method) throws SecurityException(Code) | | Check the method for accessibility at 'compile-time' (i.e. when the application
is downloaded), and return an error message if anything is wrong. If
nothing is wrong, return null.
This method is similar to getReasonToNotExecute() except
that there may be checks (like security checks) that we wish to make only
at runtime in case the situation changes between 'compile-time' and
runtime.
This is not a great because it mixes 2 bits of information in the same
variable (is it wrong, and what is wrong) but without multi-value returns
in Java this seems like the most simple implementation.
Parameters:
creator - Where does the method come from?
Parameters:
className - The Javascript name of the class
Parameters:
method - What is the method to execute?
throws:
SecurityException - If the given method is disallowed
See Also: AccessControl.assertExecutionIsPossible(CreatorStringMethod) |
|
|