public class AccessControl_2.DefaultRealm extends Object
Modifier and Type | Field and Description |
---|---|
protected org.openmdx.base.naming.Path |
ACTIVITY_CREATOR_IDENTITY_PATTERN |
Constructor and Description |
---|
DefaultRealm(org.openmdx.base.naming.Path realmIdentity)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected SecurityKeys.Action |
getAccessControlAction(org.openmdx.base.resource.spi.RestInteractionSpec ispec,
org.openmdx.base.rest.spi.Object_2Facade object)
Get security action for given object request.
|
protected Set<String> |
getPermissions(AccessControl_2.CachedPrincipal principal,
org.openmdx.base.naming.Path userIdentity,
short accessLevel,
SecurityKeys.Action action,
javax.jdo.PersistenceManager pm)
Get permissions for given principal and access level.
|
protected org.openmdx.base.naming.Path |
getPrimaryGroup(AccessControl_2.CachedPrincipal principal,
javax.jdo.PersistenceManager pm)
Get primary group for given principal.
|
protected AccessControl_2.CachedPrincipal |
getPrincipal(String principalName,
javax.jdo.PersistenceManager pm)
Retrieve principal for given principal name.
|
org.openmdx.base.naming.Path |
getRealmIdentity()
Get identity of realm.
|
org.opencrx.kernel.layer.model.AccessControl_2.GetRunAsPrincipalResult |
getRunAsPrincipal(org.openmdx.base.rest.cci.RequestRecord request,
List<String> principalChain,
org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor p,
javax.jdo.PersistenceManager pm)
Get runAs principal according to service header and available runAs permissions.
|
boolean |
hasPermission(org.openmdx.base.rest.cci.RequestRecord request,
org.openmdx.base.rest.spi.Object_2Facade secureObject,
org.openmdx.base.rest.spi.Object_2Facade parent,
AccessControl_2.CachedPrincipal principal,
org.openmdx.base.naming.Path userIdentity,
SecurityKeys.Action action,
Set<String> grantedPermissions,
org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor p,
javax.jdo.PersistenceManager pm)
Return true if principal has permission to perform the request.
|
void |
restrictQuery(org.openmdx.base.rest.cci.QueryRecord request,
org.openmdx.base.rest.spi.Object_2Facade object,
AccessControl_2.CachedPrincipal principal,
org.openmdx.base.naming.Path userIdentity,
javax.jdo.PersistenceManager pm)
Restrict query according to permissions of given principal.
|
protected final org.openmdx.base.naming.Path ACTIVITY_CREATOR_IDENTITY_PATTERN
public DefaultRealm(org.openmdx.base.naming.Path realmIdentity) throws javax.resource.ResourceException
realmIdentity
- org.openmdx.base.exception.ServiceException
javax.resource.ResourceException
protected AccessControl_2.CachedPrincipal getPrincipal(String principalName, javax.jdo.PersistenceManager pm) throws javax.resource.ResourceException
principalName
- org.openmdx.base.exception.ServiceException
javax.resource.ResourceException
public org.opencrx.kernel.layer.model.AccessControl_2.GetRunAsPrincipalResult getRunAsPrincipal(org.openmdx.base.rest.cci.RequestRecord request, List<String> principalChain, org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor p, javax.jdo.PersistenceManager pm) throws javax.resource.ResourceException
header
- request
- interaction
- org.openmdx.base.exception.ServiceException
javax.resource.ResourceException
protected org.openmdx.base.naming.Path getPrimaryGroup(AccessControl_2.CachedPrincipal principal, javax.jdo.PersistenceManager pm) throws javax.resource.ResourceException
principal
- org.openmdx.base.exception.ServiceException
javax.resource.ResourceException
protected SecurityKeys.Action getAccessControlAction(org.openmdx.base.resource.spi.RestInteractionSpec ispec, org.openmdx.base.rest.spi.Object_2Facade object)
ispec
- object
- protected Set<String> getPermissions(AccessControl_2.CachedPrincipal principal, org.openmdx.base.naming.Path userIdentity, short accessLevel, SecurityKeys.Action action, javax.jdo.PersistenceManager pm)
request
- principal
- userIdentity
- accessLevel
- action
- public org.openmdx.base.naming.Path getRealmIdentity()
public boolean hasPermission(org.openmdx.base.rest.cci.RequestRecord request, org.openmdx.base.rest.spi.Object_2Facade secureObject, org.openmdx.base.rest.spi.Object_2Facade parent, AccessControl_2.CachedPrincipal principal, org.openmdx.base.naming.Path userIdentity, SecurityKeys.Action action, Set<String> grantedPermissions, org.openmdx.base.dataprovider.cci.DataproviderRequestProcessor p, javax.jdo.PersistenceManager pm) throws javax.resource.ResourceException
request
- secureObject
- parent
- principal
- userIdentity
- action
- grantedPermissions
- interaction
- org.openmdx.base.exception.ServiceException
javax.resource.ResourceException
public void restrictQuery(org.openmdx.base.rest.cci.QueryRecord request, org.openmdx.base.rest.spi.Object_2Facade object, AccessControl_2.CachedPrincipal principal, org.openmdx.base.naming.Path userIdentity, javax.jdo.PersistenceManager pm) throws org.openmdx.base.exception.ServiceException, javax.resource.ResourceException
request
- object
- principal
- userIdentity
- org.openmdx.base.exception.ServiceException
javax.resource.ResourceException
This software is published under the BSD license. Copyright © 2003-${build.year}, CRIXP AG, Switzerland, All rights reserved. Use is subject to license terms.