org.opencrx.kernel.layer.model
Class AccessControl_1
java.lang.Object
org.openmdx.application.dataprovider.spi.Layer_1
org.openmdx.application.dataprovider.layer.model.Standard_1
org.opencrx.kernel.layer.model.AccessControl_1
- All Implemented Interfaces:
- org.openmdx.application.dataprovider.cci.Dataprovider_1_0, Port
public class AccessControl_1
- extends org.openmdx.application.dataprovider.layer.model.Standard_1
openCRX access control plugin. Implements the openCRX access control logic.
| Fields inherited from class org.openmdx.application.dataprovider.layer.model.Standard_1 |
enableStateFilterSubstitution, NON_PERSISTENT_ATTRIBUTES, optimisticLocking, PERSISTENT_ATTRIBUTES, TIME_OR_DATE_DATATYPES |
| Fields inherited from class org.openmdx.application.dataprovider.spi.Layer_1 |
compressUID, delegation |
|
Method Summary |
void |
activate(short id,
org.openmdx.application.configuration.Configuration configuration,
org.openmdx.application.dataprovider.spi.Layer_1 delegation)
|
protected void |
applyBrowseFilter(org.openmdx.base.rest.spi.Object_2Facade parentFacade,
org.openmdx.application.dataprovider.cci.DataproviderRequest request,
SecurityContext securityContext,
SecurityContext.CachedPrincipal requestingPrincipal,
org.openmdx.base.naming.Path requestingUser)
|
protected void |
completeAccessGrantedByParent(org.openmdx.application.dataprovider.cci.ServiceHeader header,
MappedRecord object,
MappedRecord accessGrantedByParent)
|
protected void |
completeObject(org.openmdx.application.dataprovider.cci.ServiceHeader header,
MappedRecord object,
MappedRecord accessGrantedByParent)
|
protected void |
completeOwningUserAndGroup(org.openmdx.application.dataprovider.cci.ServiceHeader header,
MappedRecord object)
|
protected org.openmdx.application.dataprovider.cci.DataproviderReply |
completeReply(org.openmdx.application.dataprovider.cci.ServiceHeader header,
org.openmdx.application.dataprovider.cci.DataproviderReply reply,
MappedRecord accessGrantedByParent)
|
protected MappedRecord |
createResult(org.openmdx.application.dataprovider.cci.DataproviderRequest request,
String structName)
|
javax.jdo.PersistenceManager |
getDelegatingPersistenceManager()
|
protected org.openmdx.base.naming.Path |
getGroupIdentity(org.openmdx.base.naming.Path accessPath,
String qualifiedPrincipalName)
|
List<org.openmdx.base.naming.Path> |
getInheritFromParentTypes()
Returns a list of types as path patterns of object references which inherit
the security settings from the parent object. |
Interaction |
getInteraction(Connection connection)
|
protected static ConcurrentMap<org.openmdx.base.naming.Path,Object[]> |
getObjectCache()
|
protected String |
getPrincipalName(org.openmdx.application.dataprovider.cci.ServiceHeader header)
|
protected String |
getQualifiedPrincipalName(org.openmdx.base.naming.Path principalIdentity)
|
protected String |
getQualifiedPrincipalName(org.openmdx.base.naming.Path accessPath,
String principalName)
|
protected org.openmdx.base.mof.cci.ModelElement_1_0 |
getReferencedType(org.openmdx.base.naming.Path accessPath,
FilterProperty[] filter)
|
protected SecurityContext |
getSecurityContext(org.openmdx.application.dataprovider.cci.ServiceHeader header,
org.openmdx.application.dataprovider.cci.DataproviderRequest request)
Set the current security context to the requesting principal, i.e. |
protected org.openmdx.base.naming.Path |
getUser(SecurityContext.CachedPrincipal principal)
|
protected org.openmdx.base.naming.Path |
getUserIdentity(SecurityContext.CachedPrincipal principal)
|
protected org.openmdx.base.naming.Path |
getUserIdentity(String qualifiedPrincipalName)
|
protected org.openmdx.base.naming.Path |
getUserIdentity(String realmName,
String principalName)
|
protected boolean |
hasReadAccess(org.openmdx.base.rest.spi.Object_2Facade objectFacade,
org.openmdx.base.rest.spi.Object_2Facade parentFacade,
SecurityContext securityContext,
SecurityContext.CachedPrincipal requestingPrincipal,
org.openmdx.base.naming.Path requestingUser)
|
protected boolean |
isPrincipalGroup(MappedRecord object)
|
protected boolean |
isSecureObject(MappedRecord object)
|
protected boolean |
isSecureObject(org.openmdx.base.mof.cci.ModelElement_1_0 type)
|
| Methods inherited from class org.openmdx.application.dataprovider.layer.model.Standard_1 |
attributeIsInstanceOf, completeObject, completeReply, getObjectClass, getObjectClassName, isModified, isTimeDateDuration, notifyPreDelete, removeContexts, removeNonPersistentAttributes, setIdentity, triggeredRemoveDerivedAttributes |
| Methods inherited from class org.openmdx.application.dataprovider.spi.Layer_1 |
configurationSpecification, deactivate, getConfiguration, getConnectionFactory, getDelegation, getId, getModel, newReplyId, process, terminal, uidAsString |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
EXTENT_PATTERN
protected static final org.openmdx.base.naming.Path EXTENT_PATTERN
USER_HOME_PATH_PATTERN
protected static final org.openmdx.base.naming.Path USER_HOME_PATH_PATTERN
connectionFactories
protected List<Object> connectionFactories
inheritFromParentTypes
protected List<org.openmdx.base.naming.Path> inheritFromParentTypes
realmIdentity
protected org.openmdx.base.naming.Path realmIdentity
model
protected org.openmdx.base.mof.cci.Model_1_0 model
useExtendedAccessLevelBasic
protected boolean useExtendedAccessLevelBasic
objectCache
protected static final ConcurrentMap<org.openmdx.base.naming.Path,Object[]> objectCache
AccessControl_1
public AccessControl_1()
getInteraction
public Interaction getInteraction(Connection connection)
throws ResourceException
- Specified by:
getInteraction in interface Port- Overrides:
getInteraction in class org.openmdx.application.dataprovider.layer.model.Standard_1
- Throws:
ResourceException
getUserIdentity
protected org.openmdx.base.naming.Path getUserIdentity(SecurityContext.CachedPrincipal principal)
getUserIdentity
protected org.openmdx.base.naming.Path getUserIdentity(String qualifiedPrincipalName)
getUserIdentity
protected org.openmdx.base.naming.Path getUserIdentity(String realmName,
String principalName)
getUser
protected org.openmdx.base.naming.Path getUser(SecurityContext.CachedPrincipal principal)
throws ServiceException
- Throws:
ServiceException
hasReadAccess
protected boolean hasReadAccess(org.openmdx.base.rest.spi.Object_2Facade objectFacade,
org.openmdx.base.rest.spi.Object_2Facade parentFacade,
SecurityContext securityContext,
SecurityContext.CachedPrincipal requestingPrincipal,
org.openmdx.base.naming.Path requestingUser)
throws ServiceException
- Throws:
ServiceException
applyBrowseFilter
protected void applyBrowseFilter(org.openmdx.base.rest.spi.Object_2Facade parentFacade,
org.openmdx.application.dataprovider.cci.DataproviderRequest request,
SecurityContext securityContext,
SecurityContext.CachedPrincipal requestingPrincipal,
org.openmdx.base.naming.Path requestingUser)
throws ServiceException
- Throws:
ServiceException
getGroupIdentity
protected org.openmdx.base.naming.Path getGroupIdentity(org.openmdx.base.naming.Path accessPath,
String qualifiedPrincipalName)
getQualifiedPrincipalName
protected String getQualifiedPrincipalName(org.openmdx.base.naming.Path accessPath,
String principalName)
getQualifiedPrincipalName
protected String getQualifiedPrincipalName(org.openmdx.base.naming.Path principalIdentity)
completeOwningUserAndGroup
protected void completeOwningUserAndGroup(org.openmdx.application.dataprovider.cci.ServiceHeader header,
MappedRecord object)
throws ServiceException
- Throws:
ServiceException
completeAccessGrantedByParent
protected void completeAccessGrantedByParent(org.openmdx.application.dataprovider.cci.ServiceHeader header,
MappedRecord object,
MappedRecord accessGrantedByParent)
throws ServiceException
- Throws:
ServiceException
completeObject
protected void completeObject(org.openmdx.application.dataprovider.cci.ServiceHeader header,
MappedRecord object,
MappedRecord accessGrantedByParent)
throws ServiceException
- Throws:
ServiceException
completeReply
protected org.openmdx.application.dataprovider.cci.DataproviderReply completeReply(org.openmdx.application.dataprovider.cci.ServiceHeader header,
org.openmdx.application.dataprovider.cci.DataproviderReply reply,
MappedRecord accessGrantedByParent)
throws ServiceException
- Throws:
ServiceException
isPrincipalGroup
protected boolean isPrincipalGroup(MappedRecord object)
throws ServiceException
- Throws:
ServiceException
isSecureObject
protected boolean isSecureObject(MappedRecord object)
throws ServiceException
- Throws:
ServiceException
isSecureObject
protected boolean isSecureObject(org.openmdx.base.mof.cci.ModelElement_1_0 type)
throws ServiceException
- Throws:
ServiceException
getDelegatingPersistenceManager
public javax.jdo.PersistenceManager getDelegatingPersistenceManager()
getInheritFromParentTypes
public List<org.openmdx.base.naming.Path> getInheritFromParentTypes()
- Returns a list of types as path patterns of object references which inherit
the security settings from the parent object. This option should be used
only for performance improvements and applied only to business objects
which define a self-contained security entity (e.g. contract, its positions,
depot references and product configurations). Additional paths can be added
by overriding
getInheritFromParentTypes. The API exposes the
granting parent by the reference SecureObject.accessGrantedByParent
and is set by completeObject.
activate
public void activate(short id,
org.openmdx.application.configuration.Configuration configuration,
org.openmdx.application.dataprovider.spi.Layer_1 delegation)
throws ServiceException
- Overrides:
activate in class org.openmdx.application.dataprovider.layer.model.Standard_1
- Throws:
ServiceException
getPrincipalName
protected String getPrincipalName(org.openmdx.application.dataprovider.cci.ServiceHeader header)
getSecurityContext
protected SecurityContext getSecurityContext(org.openmdx.application.dataprovider.cci.ServiceHeader header,
org.openmdx.application.dataprovider.cci.DataproviderRequest request)
throws ServiceException
- Set the current security context to the requesting principal, i.e.
this.requestingPrincipal, this.currentSecurityContext, this.requestingUser.
- Throws:
ServiceException
getReferencedType
protected org.openmdx.base.mof.cci.ModelElement_1_0 getReferencedType(org.openmdx.base.naming.Path accessPath,
FilterProperty[] filter)
throws ServiceException
- Throws:
ServiceException
createResult
protected MappedRecord createResult(org.openmdx.application.dataprovider.cci.DataproviderRequest request,
String structName)
throws ServiceException
- Throws:
ServiceException
getObjectCache
protected static ConcurrentMap<org.openmdx.base.naming.Path,Object[]> getObjectCache()
This software is published under the BSD license. Copyright © 2003-2010, CRIXP AG, Switzerland, All rights reserved. Use is subject to license terms.