public interface IAccessMechanics extends IMechanics
Modifier and Type | Field and Description |
---|---|
static int |
ACCESS_DENIED
Access to resource denied.
|
static int |
ACCESS_GRANTED
Access to resource granted.
|
static String |
ACCESS_RIGHT_ID
Name of the IView property containing accessRightID
|
static String |
ACCESS_RIGHT_LONG_NAME
Name of the IView property containing access right long name
|
static String |
ACCESS_RIGHT_SHORT_NAME
Name of the IView property containing access right short name
|
static String |
ACCESS_RIGHTS_CONTAINER
Alias of the container which stores all registered access rights
|
static int |
ACCESS_UNSPECIFIED
Access to resource unspecified.
|
static String |
AUTH_LEVEL_ANONYMOUS
Anonymous
'anonymous'
|
static String |
AUTH_LEVEL_BASIC
Basic auth level
'basic'
|
static String |
AUTH_LEVEL_DEFAULT
Default (forms) based auth level
'default'
|
static String |
AUTH_LEVEL_FULL_ACCESS
Full access auth level.
|
static String |
AUTH_LEVEL_KERBEROS
Kerberos auth level
|
static String |
AUTH_LEVEL_NTLM
NTLM auth level
'ntlm'
|
static String |
AUTH_LEVEL_PROPERTY
Key for identifying the authLevel property.
|
Modifier and Type | Method and Description |
---|---|
boolean |
canRemoveAccess(IThingID itemId,
IThingID userId,
boolean recursive)
Returns true if the specified user can remove entries from the access list of the specified item.
|
boolean |
canRemoveSecurityRealm(IThingID itemId,
IThingID userId,
boolean recursive)
Returns true if user can remove policy from the specified item
|
boolean |
canSetAccess(IThingID itemId,
IThingID userId,
boolean recursive)
Returns true if the specified user can add or modify entries in the access list of the specified item.
|
boolean |
canSetAuthentication(IThingID itemId,
IThingID userId,
boolean recursive)
Returns true if the specified user can set the authentication type of the specified item.
|
boolean |
canSetOwner(IThingID itemId,
IThingID userId)
Returns true if the specified user can set the owner of the specified item.
|
boolean |
canSetSecurityRealm(IThingID itemID,
IThingID userID,
IThingID policyID,
boolean recursive)
Returns true if user can set policy on the item
|
void |
checkAccess(IThingID itemId,
IThingID userId,
int rights,
Map<?,?> capabilities)
Deprecated.
use
checkAccessEx(IThingID, IThingID, IRightSet) instead |
void |
checkAccessEx(IThingID itemId,
IThingID userId,
IRightSet rightSet)
Check access for a given thingID.
|
void |
checkRemoveAccess(IThingID itemId,
IThingID userId,
boolean recursive)
Throws a
PortalAccessException if the specified user
cannot remove entries from the access list of the specified item. |
void |
checkRemoveSecurityRealm(IThingID itemID,
IThingID userID,
boolean recursive)
Checks if user can remove policy from the specified item, otherwise exception will be thrown
|
void |
checkSetAccess(IThingID itemId,
IThingID userId,
boolean recursive)
Throws a
PortalAccessException if the specified user
cannot add or modify entries in the access list of the specified item. |
void |
checkSetAuthentication(IThingID itemId,
IThingID userId,
boolean recursive)
Throws a
PortalAccessException if the specified user
cannot set the authentication type of the specified item. |
void |
checkSetOwner(IThingID itemId,
IThingID userId)
Throws a
PortalAccessException if the specified user
cannot set the owner of the specified item. |
void |
checkSetSecurityRealm(IThingID itemID,
IThingID userID,
IThingID policyID,
boolean recursive)
Checks if user can set policy on the item, otherwise exception is thrown
|
void |
cloneAces(IThingID sourceID,
IThingID targetID)
clone the aces from the source to the destination
|
void |
fireRemoveAcccesEvent(IThingID itemId,
IThingID userId,
int status,
List<? extends IURI> principalIds)
Fires a remove access event.
|
void |
fireRemoveAcccesEvent(IThingID itemId,
IThingID userId,
int status,
List<? extends IURI> principalIds,
boolean recursive)
Fires a remove access event.
|
void |
fireRemoveSecurityRealmEvent(IThingID itemID,
IThingID userID,
IThingID policyID,
boolean recursive)
Fires an event about policy being removed from an item
|
void |
fireSetAccessEvent(IThingID itemId,
IThingID userId,
int status,
List<? extends IURI> principalIds)
Fires a set access event.
|
void |
fireSetAccessEvent(IThingID itemId,
IThingID userId,
int status,
List<? extends IURI> principalIds,
boolean recursive)
Fires a set access event.
|
void |
fireSetAuthenticationEvent(IThingID itemId,
IThingID userId,
int status,
String scheme)
Fires a set authentication event.
|
void |
fireSetAuthenticationEvent(IThingID itemId,
IThingID userId,
int status,
String scheme,
boolean recursive)
Fires a set authentication event.
|
void |
fireSetOwnerEvent(IThingID itemId,
IThingID userId,
int status,
IThingID newOwnerId,
IThingID oldOwnerId)
Fires a set owner event.
|
void |
fireSetOwnerEvent(IThingID itemId,
IThingID userId,
int status,
IThingID newOwnerId,
IThingID oldOwnerId,
boolean recursive)
Fires a set owner event.
|
void |
fireSetSecurityRealmEvent(IThingID itemId,
IThingID userId,
IThingID policyID,
boolean recursive)
Fires event about setting policy on the item
|
int |
getAccess(IThingID itemId,
IThingID userId,
Map<?,?> capabilities)
Deprecated.
use
getAccessEx(IThingID, IThingID) instead |
IRightSet |
getAccessEx(IThingID itemId,
IThingID userId)
Returns the access right set the specified user has for the specified item
|
int[] |
getAccessList(IThingIDList thingIDList,
IThingID userId,
Map<?,?> capabilities)
Deprecated.
use
getAccessListEx(IThingIDList, IThingID) instead |
List<IRightSet> |
getAccessListEx(IThingIDList thingIDList,
IThingID userId)
Returns an array of
IRightSet representing the access rights
granted to the specified user for the specified items. |
IListView<IAceView> |
getAclView(IThingID itemID)
Returns access control list for this item
|
int |
getAuthLevelForAuthScheme(String authScheme) |
IAuthScheme |
getAuthScheme(String authSchemeName) |
String |
getAuthSchemeForAuthLevel(int level) |
IAuthScheme |
getAuthSchemeForResource(IURI uri)
Returns the appropriate
IAuthScheme for a specific resource |
IThingIDList |
getAvailableAuthSchemes()
Gets a list of available IThingID's who's IThing's implement
IAuthScheme |
IAuthScheme |
getDefaultAuthScheme()
Returns the current default auth scheme
|
String |
getRightNameForValue(String xtypeName,
int rightValue)
Returns right name from given right value and xtype id.
|
IListView<IView> |
getRightsForType(String xtypeName)
Returns list view of all registered access rights for the specified xtype
|
int |
getRightValueForName(String xtypeName,
String rightName)
Returns integer right value from the registered right name.
|
IThingID |
getSecurityRealm(IThingID itemID)
Returns thing ID of the policy assigned to the object.
|
void |
invalidateAcesForThing(IThingID thingID)
Invalidates access cache for the given thing
|
void |
invalidateAcesForUser(IThingID userID)
Invalidates mechanics acl cache for the given user
|
IThingIDList |
listSecurityRealmObjects(IThingID securityRealmID)
Returns list of objects that have assigned that security realm.
|
void |
removeAces(IThingID itemId,
List<? extends IURI> principalIds,
boolean recursive)
Removes the access entries for the specified item.
|
void |
removeSecurityRealm(IThingID itemID,
IThingID policyID,
boolean recursive)
Removes any assigned policies from the given item
|
void |
setAces(IThingID itemId,
List<? extends IURI> principalIds,
boolean recursive,
int grant,
int deny,
int exclusive)
Deprecated.
|
void |
setAcesEx(IThingID itemId,
List<? extends IURI> principalIds,
boolean recursive,
IRightSet grant,
IRightSet deny,
IRightSet exclusive)
Sets the access entries of the specified item.
|
void |
setSecurityRealm(IThingID itemID,
IThingID policyID,
boolean recursive)
Sets policy for the given item
|
void |
setSecurityRealm(IThingID itemID,
IThingID policyID,
boolean recursive,
boolean disableOverwrite)
Sets policy for the given item
|
getComponentData, getComponentName, getComponentProvider, getURI, isInitialized, setComponentData, setComponentProvider
init, shutdown
static final int ACCESS_GRANTED
static final int ACCESS_DENIED
static final int ACCESS_UNSPECIFIED
static final String AUTH_LEVEL_DEFAULT
static final String AUTH_LEVEL_FULL_ACCESS
static final String AUTH_LEVEL_ANONYMOUS
static final String AUTH_LEVEL_BASIC
static final String AUTH_LEVEL_NTLM
static final String ACCESS_RIGHTS_CONTAINER
static final String ACCESS_RIGHT_ID
static final String ACCESS_RIGHT_SHORT_NAME
static final String ACCESS_RIGHT_LONG_NAME
static final String AUTH_LEVEL_PROPERTY
static final String AUTH_LEVEL_KERBEROS
IListView<IAceView> getAclView(IThingID itemID) throws PortalException
itemID
- IAceView
objectsPortalException
@Deprecated int getAccess(IThingID itemId, IThingID userId, Map<?,?> capabilities) throws PortalException
getAccessEx(IThingID, IThingID)
insteaditemId
- Item whose access is requested.userId
- User whose access to the item is requested.PortalException
IRightSet getAccessEx(IThingID itemId, IThingID userId) throws PortalException
itemId
- Item whose access is requested.userId
- User whose access to the item is requested.PortalException
IThingID getSecurityRealm(IThingID itemID) throws PortalException
itemID
- PortalException
IThingIDList listSecurityRealmObjects(IThingID securityRealmID) throws PortalException
securityRealmID
- thing ID of the security realmPortalException
@Deprecated int[] getAccessList(IThingIDList thingIDList, IThingID userId, Map<?,?> capabilities) throws PortalException
getAccessListEx(IThingIDList, IThingID)
insteadthingIDList
- Items whose access to get.userId
- User whose access to get.PortalException
IAccessRight
List<IRightSet> getAccessListEx(IThingIDList thingIDList, IThingID userId) throws PortalException
IRightSet
representing the access rights
granted to the specified user for the specified items.thingIDList
- Items whose access to get.userId
- User whose access to get.IRightSet
PortalException
IAccessRight
@Deprecated void checkAccess(IThingID itemId, IThingID userId, int rights, Map<?,?> capabilities) throws PortalException
checkAccessEx(IThingID, IThingID, IRightSet)
insteaditemId
- The item being checked for access.userId
- The user wanting access.rights
- The requested rights (see IAccessRight
).PortalException
void checkAccessEx(IThingID itemId, IThingID userId, IRightSet rightSet) throws PortalException
itemId
- The item being checked for access.userId
- The user wanting access.rightSet
- The requested rights .PortalException
boolean canSetAccess(IThingID itemId, IThingID userId, boolean recursive) throws PortalException
itemId
- IURI
of itemuserId
- IThingID
of userrecursive
- True if we want to recursively check the item's descendants.PortalException
- if the userId is invalid.boolean canSetSecurityRealm(IThingID itemID, IThingID userID, IThingID policyID, boolean recursive) throws PortalException
itemID
- item thing IDuserID
- user thing IDpolicyID
- policy object IDrecursive
- whether policy will be set recursivePortalException
void checkSetAccess(IThingID itemId, IThingID userId, boolean recursive) throws PortalException, PortalAccessException
PortalAccessException
if the specified user
cannot add or modify entries in the access list of the specified item.itemId
- IURI
of itemuserId
- IThingID
of userrecursive
- True if we want to recursively check the item's descendants.PortalAccessException
- if the user cannot add or modify entries in the access list of the item.PortalException
- if the userId is invalid.void checkSetSecurityRealm(IThingID itemID, IThingID userID, IThingID policyID, boolean recursive) throws PortalException, PortalAccessException
itemID
- item thing IDuserID
- user thing IDpolicyID
- policy object IDrecursive
- whether policy will be set recursivePortalException
PortalAccessException
boolean canRemoveAccess(IThingID itemId, IThingID userId, boolean recursive) throws PortalException
itemId
- IURI
of itemuserId
- IThingID
of userrecursive
- True if we want to recursively check the item's descendants.PortalException
- if the userId is invalid.boolean canRemoveSecurityRealm(IThingID itemId, IThingID userId, boolean recursive) throws PortalException
itemId
- thing ID of the itemuserId
- user thing IDrecursive
- whether policy should be removed recursivelyPortalException
void checkRemoveAccess(IThingID itemId, IThingID userId, boolean recursive) throws PortalException, PortalAccessException
PortalAccessException
if the specified user
cannot remove entries from the access list of the specified item.itemId
- IURI
of itemuserId
- IThingID
of userrecursive
- True if we want to recursively check the item's descendants.PortalAccessException
- if the user cannot remove entries from the access list of the item.PortalException
- if the userId is invalid.void checkRemoveSecurityRealm(IThingID itemID, IThingID userID, boolean recursive) throws PortalException, PortalAccessException
itemID
- thing ID of the itemuserID
- user thing IDrecursive
- whether policy should be removed recursivelyPortalException
PortalAccessException
boolean canSetAuthentication(IThingID itemId, IThingID userId, boolean recursive) throws PortalException
itemId
- IURI
of itemuserId
- IThingID
of userrecursive
- True if we want to recursively check the item's descendants.PortalException
- if the userId is invalid.void checkSetAuthentication(IThingID itemId, IThingID userId, boolean recursive) throws PortalException, PortalAccessException
PortalAccessException
if the specified user
cannot set the authentication type of the specified item.itemId
- IURI
of itemuserId
- IThingID
of userrecursive
- True if we want to recursively check the item's descendants.PortalAccessException
- if the user cannot set the authentication type of the item.PortalException
- if the userId is invalid.boolean canSetOwner(IThingID itemId, IThingID userId) throws PortalException
itemId
- IURI
of itemuserId
- IThingID
of userPortalException
- if the userId is invalid.void checkSetOwner(IThingID itemId, IThingID userId) throws PortalException, PortalAccessException
PortalAccessException
if the specified user
cannot set the owner of the specified item.itemId
- IURI
of itemuserId
- IThingID
of userPortalAccessException
- if the user cannot set the owner of the item.PortalException
- if the userId is invalid.void fireSetAccessEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds) throws PortalException
itemId
- Item to whose access list entries were added or modified.userId
- User who set the access.status
- Status of the event (successful, denied, error).principalIds
- List of IURI
s whose access was modified.PortalException
- if the userId is invalid.void fireSetAccessEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds, boolean recursive) throws PortalException
itemId
- Item to whose access list entries were added or modified.userId
- User who set the access.status
- Status of the event (successful, denied, error).principalIds
- List of IURI
s whose access was modified.PortalException
- if the userId is invalid.void fireSetSecurityRealmEvent(IThingID itemId, IThingID userId, IThingID policyID, boolean recursive) throws PortalException
itemId
- item thing IDuserId
- user ID which performed an operationpolicyID
- policy object IDrecursive
- if this was a recursive operationPortalException
void fireRemoveAcccesEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds) throws PortalException
itemId
- Item to which access list entries were removed.userId
- User who removed the access.status
- Status of the event (successful, denied, error).principalIds
- List of IURI
s whose access was removed.PortalException
- if the userId is invalid.void fireRemoveSecurityRealmEvent(IThingID itemID, IThingID userID, IThingID policyID, boolean recursive) throws PortalException
itemID
- item thing IDuserID
- user thing Id who performed an operationrecursive
- whether this was a recursivePortalException
void fireRemoveAcccesEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds, boolean recursive) throws PortalException
itemId
- Item to which access list entries were removed.userId
- User who removed the access.status
- Status of the event (successful, denied, error).principalIds
- List of IURI
s whose access was removed.PortalException
- if the userId is invalid.void fireSetAuthenticationEvent(IThingID itemId, IThingID userId, int status, String scheme) throws PortalException
itemId
- Item whose authentication scheme was set.userId
- User who set the authentication scheme.status
- Status of the event (successful, denied, error).scheme
- Name of the authentication scheme.PortalException
- if the userId is invalid.void fireSetAuthenticationEvent(IThingID itemId, IThingID userId, int status, String scheme, boolean recursive) throws PortalException
itemId
- Item whose authentication scheme was set.userId
- User who set the authentication scheme.status
- Status of the event (successful, denied, error).scheme
- Name of the authentication scheme.PortalException
- if the userId is invalid.void fireSetOwnerEvent(IThingID itemId, IThingID userId, int status, IThingID newOwnerId, IThingID oldOwnerId) throws PortalException
itemId
- Item whose owner was set.userId
- User who set the owner.status
- Status of the event (successful, denied, error).newOwnerId
- New owner.oldOwnerId
- Old owner.PortalException
- if the userId is invalid.void fireSetOwnerEvent(IThingID itemId, IThingID userId, int status, IThingID newOwnerId, IThingID oldOwnerId, boolean recursive) throws PortalException
itemId
- Item whose owner was set.userId
- User who set the owner.status
- Status of the event (successful, denied, error).newOwnerId
- New owner.oldOwnerId
- Old owner.PortalException
- if the userId is invalid.IListView<IView> getRightsForType(String xtypeName) throws PortalException
xtypeName
- PortalException
int getRightValueForName(String xtypeName, String rightName) throws PortalException
xtypeName
- xtype name or basic type name for an objectrightName
- PortalException
String getRightNameForValue(String xtypeName, int rightValue) throws PortalException
xtypeName
- xtype name or basic type name of an objectrightValue
- right valuePortalException
void removeAces(IThingID itemId, List<? extends IURI> principalIds, boolean recursive) throws PortalException
itemId
- Item whose access entries to remove.principalIds
- List of IURI
s to remove.recursive
- True if the removal should be applied to this item's descendants.PortalException
void removeSecurityRealm(IThingID itemID, IThingID policyID, boolean recursive) throws PortalException
itemID
- item thing IDrecursive
- whether to remove policy recursivelyPortalException
@Deprecated void setAces(IThingID itemId, List<? extends IURI> principalIds, boolean recursive, int grant, int deny, int exclusive) throws PortalException
setAcesEx(IThingID, List, boolean, IRightSet, IRightSet, IRightSet)
insteaditemId
- Item whose access entries to set.principalIds
- List of IURI
s for which to add or modify access.recursive
- True if the access modification should be applied to this item's descendants.grant
- Bit set of rights to grant.deny
- Bit set of rights to deny.exclusive
- Bit set of rights to grant exclusively.PortalException
IAccessRight
void setAcesEx(IThingID itemId, List<? extends IURI> principalIds, boolean recursive, IRightSet grant, IRightSet deny, IRightSet exclusive) throws PortalException
itemId
- Item whose access entries to set.principalIds
- List of IURI
s for which to add or modify access.recursive
- True if the access modification should be applied to this item's descendants.grant
- Bit set of rights to grant.deny
- Bit set of rights to deny.exclusive
- Bit set of rights to grant exclusively.delegate
- Bit set of rights that may be delegated.PortalException
IAccessRight
void cloneAces(IThingID sourceID, IThingID targetID) throws PortalException
sourceID
- targetID
- PortalException
void setSecurityRealm(IThingID itemID, IThingID policyID, boolean recursive) throws PortalException
itemID
- item thing IDpolicyID
- policy object IDrecursive
- whether to set policy recursivelyPortalException
void setSecurityRealm(IThingID itemID, IThingID policyID, boolean recursive, boolean disableOverwrite) throws PortalException
itemID
- item thing IDpolicyID
- policy object IDrecursive
- whether to set policy recursivelydisableOverwrite
- disable overwrite of policy selectionsPortalException
String getAuthSchemeForAuthLevel(int level) throws PortalException
level
- PortalException
- if no scheme is found for that levelint getAuthLevelForAuthScheme(String authScheme) throws PortalException
authScheme
- PortalException
- if no auth level is foundIAuthScheme getAuthScheme(String authSchemeName) throws PortalException
PortalException
- if no auth scheme is foundIThingIDList getAvailableAuthSchemes() throws PortalException
IAuthScheme
PortalException
IAuthScheme getAuthSchemeForResource(IURI uri) throws PortalException
IAuthScheme
for a specific resourcePortalException
IAuthScheme getDefaultAuthScheme() throws PortalException
PortalException
void invalidateAcesForUser(IThingID userID) throws PortalException
userID
- PortalException
void invalidateAcesForThing(IThingID thingID) throws PortalException
thingID
- PortalException