| java.lang.Object org.mmbase.security.Configurable org.mmbase.security.Authorization
All known Subclasses: org.mmbase.security.implementation.basic.OwnerAuthorization, org.mmbase.security.implementation.context.ContextAuthorization, org.mmbase.security.NoAuthorization,
Authorization | abstract public class Authorization extends Configurable (Code) | | The abstract implementation of the Authorization. To make your own implementation of
authorization, you have to extend this class, and implement the abstract methods.
author: Eduard Witteveen author: Michiel Meeuwissen version: $Id: Authorization.java,v 1.29 2008/01/21 17:28:15 michiel Exp $ |
Inner Class :public static class QueryCheck | |
Field Summary | |
final public static QueryCheck | COMPLETE_CHECK Constant which can be used as a result for the check query function. | final public static QueryCheck | NO_CHECK Constant which can be used as a result for the check query function. |
Method Summary | |
abstract public boolean | check(UserContext user, int nodeid, Operation operation) This method should be overrided by an extending class.
This method checks if an operation is permitted on a certain node done
by a certain user.
Parameters: user - The UserContext, containing the information the user. Parameters: nodeid - The id of the MMObjectNode, which has to be checked.It the action is CREATE then this will be interpreted as a typedef node. Parameters: operation - The operation which will be performed. | abstract public boolean | check(UserContext user, int nodeid, int srcnodeid, int dstnodeid, Operation operation) This method should be overrided by an extending class.
This method checks if the creation of a certain relation or changing
the source or destination of a certain relation done by a certain
user is permitted.
Parameters: user - The UserContext, containing the information about the user. Parameters: nodeid - The id of the relation which has to be checked. | public boolean | check(UserContext user, Action ac, Parameters parameters) Checks whether user may do a certain action.
Default implemetation simply uses default ActionChecker of the Action itself. | public QueryCheck | check(UserContext user, Query query, Operation operation) Checks rights on a query. | abstract public void | create(UserContext user, int nodeid) This method should be overrided by an extending class. | abstract public String | getContext(UserContext user, int nodeid) This method could be overrided by an extending class.
This method returns the context of a specific node.
Parameters: user - The UserContext, containing the information about the user. Parameters: nodeid - The id of the MMObjectNode, which has to be asserted. | abstract public Set<String> | getPossibleContexts(UserContext user, int nodeid) This method could be overrided by an extending class.
This method returns a list of contexts which can be
used to change the node.
Parameters: user - The UserContext, containing the informationabout the user. Parameters: nodeid - The id of the MMObjectNode, which has to be asserted. | public Set<String> | getPossibleContexts(UserContext user) This method could be overrided by an extending class.
This method returns a list of contexts availabel to a user when creating or searching for an object.
The default implementation returns only the user's own default context.
Parameters: user - The UserContext, containing the informationabout the user. | abstract public void | remove(UserContext user, int nodeid) This method should be overrided by an extending class. | abstract public void | setContext(UserContext user, int nodeid, String context) This method could be overrided by an extending class. | abstract public void | update(UserContext user, int nodeid) This method should be overrided by an extending class. | public void | verify(UserContext user, int nodeid, Operation operation) This method wraps the check-method with the same arguments. | public void | verify(UserContext user, int nodeid, int srcnodeid, int dstnodeid, Operation operation) This method wraps the check-method with the same arguments. | final public void | verify(UserContext user, Action ac, Parameters parameters) |
COMPLETE_CHECK | final public static QueryCheck COMPLETE_CHECK(Code) | | Constant which can be used as a result for the check query function. It means: 'No extra
contraints to be added, but the query's result will not have to be postprocessed for
security. This means that there are no restrictions on the given operation at all (normally:
'read' is permit to everybody).
since: MMBase-1.7 |
NO_CHECK | final public static QueryCheck NO_CHECK(Code) | | Constant which can be used as a result for the check query function. It means: 'No extra
contraints to be added, and the query's result will have to be postprocessed for security.
since: MMBase-1.7 |
check | abstract public boolean check(UserContext user, int nodeid, Operation operation)(Code) | | This method should be overrided by an extending class.
This method checks if an operation is permitted on a certain node done
by a certain user.
Parameters: user - The UserContext, containing the information the user. Parameters: nodeid - The id of the MMObjectNode, which has to be checked.It the action is CREATE then this will be interpreted as a typedef node. Parameters: operation - The operation which will be performed. true if the operation is permitted,false if the operation is not permitted, |
check | abstract public boolean check(UserContext user, int nodeid, int srcnodeid, int dstnodeid, Operation operation)(Code) | | This method should be overrided by an extending class.
This method checks if the creation of a certain relation or changing
the source or destination of a certain relation done by a certain
user is permitted.
Parameters: user - The UserContext, containing the information about the user. Parameters: nodeid - The id of the relation which has to be checked. If the operation is CREATEthen this will be interpreted as the typedef node (extending insrel) for the relation to becreated. Parameters: srcnodeid - The id of the (new) source node of the relation. Parameters: dstnodeid - The id of the (new) destination node of the relation. Parameters: operation - The operation which will be performed (CREATE (createrelation) or CHANGE_RELATION (source and/or destinationare changed). true if the operation is permitted,false if the operation is not permitted, |
check | public boolean check(UserContext user, Action ac, Parameters parameters)(Code) | | Checks whether user may do a certain action.
Default implemetation simply uses default ActionChecker of the Action itself. Extensions may
provide configuration, e.g. make links between groups and/or user object with Action objects,
to provide more fine grained control over which users may execute what 'actions'.
in the MMBase cloud.
since: MMBase-1.9 |
check | public QueryCheck check(UserContext user, Query query, Operation operation)(Code) | | Checks rights on a query. This means that the query is explored and (if possible) a
constraint for it is constructed, which, if appied to the query, makes it return only
checked results for the given user.
Of course, this will normally only be implemented for the 'READ' operation.
The constraint is not applied automaticly. This has to be done by using BasicQuery.setSecurityConstraint().
Parameters: user - The UserContext, for which the query must be considered Parameters: query - The query to be explored A QueryCheck structure (containing whether the constriant is sufficient, and thenew constraint or null). since: MMBase-1.7 |
create | abstract public void create(UserContext user, int nodeid)(Code) | | This method should be overrided by an extending class.
It has to be called, when a new Node has been created.
This way, the authentication can create default rights
for this object, depending on the UserContext and generate
logging information.
Parameters: user - The UserContext, containing the informationabout the user. Parameters: nodeid - The id of the MMObjectNode, which has just been added tothe MMBase cloud. |
getContext | abstract public String getContext(UserContext user, int nodeid) throws SecurityException(Code) | | This method could be overrided by an extending class.
This method returns the context of a specific node.
Parameters: user - The UserContext, containing the information about the user. Parameters: nodeid - The id of the MMObjectNode, which has to be asserted. the context setting of the node. exception: SecurityException - If operation is not allowed(needs read rights) |
getPossibleContexts | abstract public Set<String> getPossibleContexts(UserContext user, int nodeid) throws SecurityException(Code) | | This method could be overrided by an extending class.
This method returns a list of contexts which can be
used to change the node.
Parameters: user - The UserContext, containing the informationabout the user. Parameters: nodeid - The id of the MMObjectNode, which has to be asserted. a Set of String s whichrepresent a context in readable form.. exception: SecurityException - |
getPossibleContexts | public Set<String> getPossibleContexts(UserContext user) throws SecurityException(Code) | | This method could be overrided by an extending class.
This method returns a list of contexts availabel to a user when creating or searching for an object.
The default implementation returns only the user's own default context.
Parameters: user - The UserContext, containing the informationabout the user. a Set of String s whichrepresent a context in readable form.. exception: SecurityException - since: MMBase-1.8.2 |
remove | abstract public void remove(UserContext user, int nodeid)(Code) | | This method should be overrided by an extending class.
It has to be called, when a Node has been removed from
the cloud.
This way, the authentication can generate log information
for this node, and remove the authorization object which
belongs to this node.
Parameters: user - The UserContext, containing the informationabout the user. Parameters: nodeid - The id of the MMObjectNode, which has just been removedin the cloud. |
setContext | abstract public void setContext(UserContext user, int nodeid, String context) throws SecurityException(Code) | | This method could be overrided by an extending class.
This method changes the rights on a node, by telling
the authorization that it should use the context which
is defined.
Parameters: user - The UserContext, containing the information about the user. Parameters: nodeid - The id of the MMObjectNode, which has to be asserted. Parameters: context - The context which rights the node will get exception: SecurityException - If operation is not allowed exception: SecurityException - If context is not known |
update | abstract public void update(UserContext user, int nodeid)(Code) | | This method should be overrided by an extending class.
It has to be called, when a Node has been changed.
This way, the authentication can generate log information
for this object, which can be used for accountability
Parameters: user - The UserContext, containing the information about the user. Parameters: nodeid - The id of the MMObjectNode, which has just been changedin the cloud. |
|
|