| java.lang.Object
 com.sun.portal.search.db.RDMSecurityManager
| RDMSecurityManager | | public class RDMSecurityManager (Code) | | This is the Security Management System built in Search.
It consists two main function Authentication and Authorization.
Authentication:
A single plugable module implementing RDMAuthenticationModule interface is defined in search.conf
Authorization:
Multiple plugable modules implementing DatabaseSecurityModule interface are defined in search.conf
There are three levels of authorization: database level, search and retrieve.
Workflow:
When a request made, Authentication module will be generating SToken with module's native authenticanion token in SToken.
(For example, ssoToken for Portal)
1. If the request is for a database operation, a security module associated with the target database
will be calling its CheckDatabasePermission function to grant/deny the access.
2. If it's a search request, it will use the module's getUserRoles function to obtain a set of roles for a filtered search on ReadACL
3. A retrieve filter will only apply if the request is not search.
It used the user's roles obtained from security module to against rd's ReadACL.
|
| DATABASE_SECURITY_MODULES | | final public static String DATABASE_SECURITY_MODULES(Code) | | |
| DB_PERMISSION_READ | | public static String DB_PERMISSION_READ(Code) | | |
| DB_PERMISSION_WRITE | | public static String DB_PERMISSION_WRITE(Code) | | |
| DB_SECURITY_MODULE_ATTRNAME | | final public static String DB_SECURITY_MODULE_ATTRNAME(Code) | | |
| RDM_AUTHENTICATION_MODULES | | final public static String RDM_AUTHENTICATION_MODULES(Code) | | |
| SECURITY_MODULE_DEFAULT | | final public static String SECURITY_MODULE_DEFAULT(Code) | | |
| securityModuleList | | protected List securityModuleList(Code) | | |
| securityModuleMap | | Map securityModuleMap(Code) | | |
| RDMSecurityManager | | public RDMSecurityManager()(Code) | | |
| RDMSecurityManager | | public RDMSecurityManager(boolean forCli)(Code) | | |
| checkDatabasePermission | | public boolean checkDatabasePermission(SToken st, String permissionName, SOIF rd) throws RDMException(Code) | | This method is called to find out if the current user
has the authorization to perform database actions like
search, fetch etc.
Parameters:
st -
Parameters:
permissionName -
Parameters:
rd -
throws:
com.sun.portal.search.rdm.RDMException - |
| filter | | public SOIF filter(SToken st, SOIF soif) throws Exception(Code) | | Check the soif against the security token to access rights
Parameters:
st -
Parameters:
soif - the soif need to be filtered with respect to the stoken
throws:
java.lang.Exception - |
| initRDMSToken | | public boolean initRDMSToken(Object request, RDMRequest req) throws Exception(Code) | | Setup the RDMRequest Security Token
Security infomation in req proceed request
Parameters:
request - the HttpServletRequest Object for checking cookies
Parameters:
req - the RDMRequest Object |
| preDbSoifCreateCallback | | public void preDbSoifCreateCallback(SOIF dbsoif)(Code) | | A requested database will be created automatically if it does not exist.
Before the db soif created in root db, this call back function will allow a security module to add attributes
Parameters:
dbsoif - A soif brfore adding to root db entry. |
| qualify_Nova_Query | | public String qualify_Nova_Query(SToken st, String query) throws Exception(Code) | | Check the soif against the security token to access rights
Parameters:
st -
Parameters:
query - the soif need to be qualified with respect to the stoken
throws:
java.lang.Exception - |
| roleSet2Query | | public static String roleSet2Query(Set set, int max)(Code) | | Comvert a set of roles into a query
Parameters:
set - User's roles A query string. |
| setInstance | | public static synchronized void setInstance(RDMSecurityManager new_manager)(Code) | | Set the RDM Security Manager for the first time
Parameters:
manager - the new RDM Security Manager |
|
|