| java.lang.Object
 org.jaffa.security.SecurityManager
| SecurityManager | | public class SecurityManager (Code) | | Security Manager is the main interface to the BusinessFunction and Component Security Architecture.
It provide a mechanism for setting the security context for a thread of execution, and then
provide a guard for securing code in that thread. The access to the
guarded code is derived from a role based security policy file.
|
| Method Summary | |
| static void | bindToThread(SecurityContext ctx)
| | public static boolean | checkComponentAccess(String componentName)
See if the current thread has access to the named component. | | static boolean | checkComponentAccess(String componentName, SecurityContext ctx)
| | public static boolean | checkFunctionAccess(String functionName)
See if the current thread has access to the named business function. | | static boolean | checkFunctionAccess(String functionName, SecurityContext ctx)
| | static SecurityContext | getCurrentContext()
| | public static Principal | getPrincipal()
Get the Security Prinipal Object for the Current User. | | public static Object | runFunction(String functionName, PrivilegedAction action)
| | public static Object | runFunction(String functionName, PrivilegedExceptionAction action)
Run the guarded business function, only if the current thread has access. | | public static Object | runWithContext(HttpServletRequest ctx, Object obj, String method, Object[] args)
Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters.
In this case the security context is derived from a HttpServletRequest.
Parameters:
ctx - Web Server Request Context to use
Parameters:
obj - The object contains the method to execute under the thread security context
Parameters:
method - The name of the method to execute in the specified object
Parameters:
args - An Object array of argument to pass to the method. | | public static Object | runWithContext(HttpServletRequest ctx, Object obj, String method, Object[] args, Class[] sig)
Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters.
In this case the security context is derived from a HttpServletRequest.
Returns any Object that the method being invoked can return
Parameters:
sig - This is an array of classes that represent the signature to the supplied method. | | public static Object | runWithContext(HttpServletRequest ctx, Object obj, Method method, Object[] args)
Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters. | | public static Object | runWithContext(EJBContext ctx, Object obj, String method, Object[] args)
Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters.
In this case the security context is derived from an EJBContext.
Parameters:
ctx - Web Server Request Context to use
Parameters:
obj - The object contains the method to execute under the thread security context
Parameters:
method - The name of the method to execute in the specified object
Parameters:
args - An Object array of argument to pass to the method. | | public static Object | runWithContext(EJBContext ctx, Object obj, String method, Object[] args, Class[] sig)
Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters.
In this case the security context is derived from an EJBContext.
Returns any Object that the method being invoked can return
Parameters:
sig - This is an array of classes that represent the signature to the supplied method. | | public static Object | runWithContext(EJBContext ctx, Object obj, Method method, Object[] args)
Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters. | | static void | unbindFromThread()
|
| checkComponentAccess | | public static boolean checkComponentAccess(String componentName)(Code) | | See if the current thread has access to the named component.
This can be used by a Component Manager to preempt a security violation
Parameters:
componentName - Name of component to check true, if the current thread has access to this component, otherwise false is returned |
| checkComponentAccess | | static boolean checkComponentAccess(String componentName, SecurityContext ctx) throws SecurityException(Code) | | See if the give context has access to a component
Use by the tag libraries, doesn't require the context to be bound to the thread
|
| checkFunctionAccess | | public static boolean checkFunctionAccess(String functionName)(Code) | | See if the current thread has access to the named business function.
Parameters:
functionName - Name of business function to check true, if the current thread has access to this business function, otherwise false is returned |
| checkFunctionAccess | | static boolean checkFunctionAccess(String functionName, SecurityContext ctx) throws SecurityException(Code) | | See if the give context has access to a function
Use by the tag libraries, doesn't require the context to be bound to the thread
|
| getCurrentContext | | static SecurityContext getCurrentContext()(Code) | | Return the current security context for this thread
|
| getPrincipal | | public static Principal getPrincipal()(Code) | | Get the Security Prinipal Object for the Current User. If this is called
'outsite' or the Jaffa framework it will return null. Typically jaffa security
is backed by either Web Container or EJB Container security, and this will
return Principle as created by the Web/EJB container that is associated to
the thread of execution calling this method
In a typical web environment SecurityManager.getPrincipal().getName()
will return you the username used to log on.
The security principal associated to the current thread |
| runFunction | | public static Object runFunction(String functionName, PrivilegedAction action) throws AccessControlException(Code) | | Run the guarded business function, only if the current thread has access
Parameters:
functionName - Name of the business function being guarded
Parameters:
action - An action object which will be executed, this should contain the guarded code
throws:
AccessControlException - This is thrown if the user doesn't have authorization for this function Returns back the object that the guarded code returned |
| runFunction | | public static Object runFunction(String functionName, PrivilegedExceptionAction action) throws PrivilegedActionException, AccessControlException(Code) | | Run the guarded business function, only if the current thread has access.
This guarded function may throw a PrivilegedActionException which will contain
the real exception
Returns back the object that the guarded code returned
Parameters:
functionName - Name of the business function being guarded
Parameters:
action - An action object which will be executed, this should contain the guarded code
throws:
PrivilegedActionException - This is the wrapped exception the the guarded code threw
throws:
AccessControlException - This is thrown if the user doesn't have authorization for this function |
| runWithContext | | public static Object runWithContext(HttpServletRequest ctx, Object obj, String method, Object[] args) throws Exception(Code) | | Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters.
In this case the security context is derived from a HttpServletRequest.
Parameters:
ctx - Web Server Request Context to use
Parameters:
obj - The object contains the method to execute under the thread security context
Parameters:
method - The name of the method to execute in the specified object
Parameters:
args - An Object array of argument to pass to the method. If there are no parameters for the method null can be passed
throws:
Exception - Returns any Exception that the method being invoked may return Returns any Object that the method being invoked can return |
| runWithContext | | public static Object runWithContext(HttpServletRequest ctx, Object obj, String method, Object[] args, Class[] sig) throws Exception(Code) | | Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters.
In this case the security context is derived from a HttpServletRequest.
Returns any Object that the method being invoked can return
Parameters:
sig - This is an array of classes that represent the signature to the supplied method. This will be used for introspection forthe supplied method on the given object
Parameters:
ctx - Web Server Request Context to use
Parameters:
obj - The object contains the method to execute under the thread security context
Parameters:
method - The name of the method to execute in the specified object
Parameters:
args - An Object array of argument to pass to the method. If there are no parameters for the method null can be passed
throws:
Exception - Returns any Exception that the method being invoked may return |
| runWithContext | | public static Object runWithContext(HttpServletRequest ctx, Object obj, Method method, Object[] args) throws Exception(Code) | | Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters. The signature of
the method is introspected used the classes associated to the objects in the parameter array
If these classes are not able to specified the methods signiture, use the variation of this method
that allows the class[] singature to be supplied.
In this case the security context is derived from a HttpServletRequest.
Returns any Object that the method being invoked can returnthe supplied method on the given object
Parameters:
ctx - Web Server Request Context to use
Parameters:
obj - The object contains the method to execute under the thread security context
Parameters:
method - The name of the method to execute in the specified object
Parameters:
args - An Object array of argument to pass to the method. If there are no parameters for the method null can be passed
throws:
Exception - Returns any Exception that the method being invoked may return |
| runWithContext | | public static Object runWithContext(EJBContext ctx, Object obj, String method, Object[] args) throws Exception(Code) | | Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters.
In this case the security context is derived from an EJBContext.
Parameters:
ctx - Web Server Request Context to use
Parameters:
obj - The object contains the method to execute under the thread security context
Parameters:
method - The name of the method to execute in the specified object
Parameters:
args - An Object array of argument to pass to the method. If there are no parameters for the method null can be passed
throws:
Exception - Returns any Exception that the method being invoked may return Returns any Object that the method being invoked can return |
| runWithContext | | public static Object runWithContext(EJBContext ctx, Object obj, String method, Object[] args, Class[] sig) throws Exception(Code) | | Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters.
In this case the security context is derived from an EJBContext.
Returns any Object that the method being invoked can return
Parameters:
sig - This is an array of classes that represent the signature to the supplied method. This will be used for introspection forthe supplied method on the given object
Parameters:
ctx - Web Server Request Context to use
Parameters:
obj - The object contains the method to execute under the thread security context
Parameters:
method - The name of the method to execute in the specified object
Parameters:
args - An Object array of argument to pass to the method. If there are no parameters for the method null can be passed
throws:
Exception - Returns any Exception that the method being invoked may return |
| runWithContext | | public static Object runWithContext(EJBContext ctx, Object obj, Method method, Object[] args) throws Exception(Code) | | Bind a security context to a thread and contine executing the thread by running the
supplied method against the specified object with the supplied paramters. The signature of
the method is introspected used the classes associated to the objects in the parameter array
If these classes are not able to specified the methods signiture, use the variation of this method
that allows the class[] singature to be supplied.
In this case the security context is derived from an EJBContext.
Returns any Object that the method being invoked can returnthe supplied method on the given object
Parameters:
ctx - Web Server Request Context to use
Parameters:
obj - The object contains the method to execute under the thread security context
Parameters:
method - The name of the method to execute in the specified object
Parameters:
args - An Object array of argument to pass to the method. If there are no parameters for the method null can be passed
throws:
Exception - Returns any Exception that the method being invoked may return |
| unbindFromThread | | static void unbindFromThread()(Code) | | Remove the current context from the current thread
|
|
|