Source Code Cross Referenced for SecurityAccessController.java in  » Portal » jetspeed-2.1.3 » org » apache » jetspeed » security » Java Source Code / Java DocumentationJava Source Code and Java Documentation

01:        /* 
02:         * Licensed to the Apache Software Foundation (ASF) under one or more
03:         * contributor license agreements.  See the NOTICE file distributed with
04:         * this work for additional information regarding copyright ownership.
05:         * The ASF licenses this file to You under the Apache License, Version 2.0
06:         * (the "License"); you may not use this file except in compliance with
07:         * the License.  You may obtain a copy of the License at
08:         *
09:         *     http://www.apache.org/licenses/LICENSE-2.0
10:         *
11:         * Unless required by applicable law or agreed to in writing, software
12:         * distributed under the License is distributed on an "AS IS" BASIS,
13:         * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14:         * See the License for the specific language governing permissions and
15:         * limitations under the License.
16:         */
17:        package org.apache.jetspeed.security;
18:
19:        import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
20:
21:        /**
22:         * <p>
23:         * This component abstracts access to security checks.
24:         * Jetspeed supports two kinds of secured access:
25:         * <ul>
26:         * <li>Permissions</li>
27:         * <li>Constraints</li>
28:         * </ul>
29:         * Permissions are checked via Java Security. Jetspeed implements its own security policy.
30:         * Constrainted are checked via the Page Manager's constraints.
31:         * Either way, the implicit Jetspeed Security Subject is applied to the security access check.
32:         * </p>
33:         * 
34:         * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
35:         * @version $Id: $
36:         */
37:        public interface SecurityAccessController {
38:            /**
39:             * Use the Java Security Policy (Permissions) to make secure access checks
40:             */
41:            final int PERMISSIONS = 1;
42:            /**
43:             * Use the Jetspeed Security Constraints to make secure access checks
44:             */
45:            final int CONSTRAINTS = 2;
46:
47:            /**
48:             * <p>
49:             * Checks access for the implicit active subject's access to the resource protected by the portlet permission
50:             * This is an abstraction introduced in 2.1 for Permission Manager implementations NOT
51:             * founded upon the a Java security policy. If the Permission Manager is configured to 
52:             * run with Security Constraints, then a security constraint check is made. Otherwise, 
53:             * a standard Java Security permission check is made.</p>
54:             * 
55:             * @param portlet The portlet to be checked
56:             * @param mask A mask <code>JetspeedActions</code> such as view, edit
57:             * @return true if access is granted, false if access denied based on policy or constraints
58:             */
59:            boolean checkPortletAccess(PortletDefinitionComposite portlet,
60:                    int mask);
61:
62:            /**
63:             * Returns the configured security mode for this accessor
64:             * This component can be configured to make Java Security Policy permission checks
65:             * or Jetspeed Security Constraint checks
66:             * @return either PERMISSIONS or CONSTRAINTS
67:             */
68:            int getSecurityMode();
69:        }