com.webmethods.portal.mech.access

Interface IAccessMechanics

All Superinterfaces:

IComponent, IInitializable, IMechanics, ISystemHandler

All Known Subinterfaces:

IBasicMechanics, IContainerContentConstraintMechanics, IContainerMechanics, IContentMechanics, IFolderMechanics, ILinkMechanics, ILocalePortletMechanics, IPortalRulesMechanics, IPortletMechanics, IRuleMechanics, IScheduleMechanics, ISkinMechanics, ITaskMechanics, ITaskScheduleMechanics, ITemplateMechanics, ITopicMechanics, IVersionableMechanics, IWebAppMechanics, IXTypeMechanics

public interface IAccessMechanics
extends IMechanics

Mechanics for performing access checking.

Field Summary

Fields

Modifier and Type	Field and Description
static int	ACCESS_DENIED Access to resource denied.
static int	ACCESS_GRANTED Access to resource granted.
static String	ACCESS_RIGHT_ID Name of the IView property containing accessRightID
static String	ACCESS_RIGHT_LONG_NAME Name of the IView property containing access right long name
static String	ACCESS_RIGHT_SHORT_NAME Name of the IView property containing access right short name
static String	ACCESS_RIGHTS_CONTAINER Alias of the container which stores all registered access rights
static int	ACCESS_UNSPECIFIED Access to resource unspecified.
static String	AUTH_LEVEL_ANONYMOUS Anonymous 'anonymous'
static String	AUTH_LEVEL_BASIC Basic auth level 'basic'
static String	AUTH_LEVEL_DEFAULT Default (forms) based auth level 'default'
static String	AUTH_LEVEL_FULL_ACCESS Full access auth level.
static String	AUTH_LEVEL_KERBEROS Kerberos auth level
static String	AUTH_LEVEL_NTLM NTLM auth level 'ntlm'
static String	AUTH_LEVEL_PROPERTY Key for identifying the authLevel property.

Method Summary

Modifier and Type	Method and Description
boolean	canRemoveAccess(IThingID itemId, IThingID userId, boolean recursive) Returns true if the specified user can remove entries from the access list of the specified item.
boolean	canRemoveSecurityRealm(IThingID itemId, IThingID userId, boolean recursive) Returns true if user can remove policy from the specified item
boolean	canSetAccess(IThingID itemId, IThingID userId, boolean recursive) Returns true if the specified user can add or modify entries in the access list of the specified item.
boolean	canSetAuthentication(IThingID itemId, IThingID userId, boolean recursive) Returns true if the specified user can set the authentication type of the specified item.
boolean	canSetOwner(IThingID itemId, IThingID userId) Returns true if the specified user can set the owner of the specified item.
boolean	canSetSecurityRealm(IThingID itemID, IThingID userID, IThingID policyID, boolean recursive) Returns true if user can set policy on the item
void	checkAccess(IThingID itemId, IThingID userId, int rights, Map<?,?> capabilities) Deprecated. use checkAccessEx(IThingID, IThingID, IRightSet) instead
void	checkAccessEx(IThingID itemId, IThingID userId, IRightSet rightSet) Check access for a given thingID.
void	checkRemoveAccess(IThingID itemId, IThingID userId, boolean recursive) Throws a PortalAccessException if the specified user cannot remove entries from the access list of the specified item.
void	checkRemoveSecurityRealm(IThingID itemID, IThingID userID, boolean recursive) Checks if user can remove policy from the specified item, otherwise exception will be thrown
void	checkSetAccess(IThingID itemId, IThingID userId, boolean recursive) Throws a PortalAccessException if the specified user cannot add or modify entries in the access list of the specified item.
void	checkSetAuthentication(IThingID itemId, IThingID userId, boolean recursive) Throws a PortalAccessException if the specified user cannot set the authentication type of the specified item.
void	checkSetOwner(IThingID itemId, IThingID userId) Throws a PortalAccessException if the specified user cannot set the owner of the specified item.
void	checkSetSecurityRealm(IThingID itemID, IThingID userID, IThingID policyID, boolean recursive) Checks if user can set policy on the item, otherwise exception is thrown
void	cloneAces(IThingID sourceID, IThingID targetID) clone the aces from the source to the destination
void	fireRemoveAcccesEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds) Fires a remove access event.
void	fireRemoveAcccesEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds, boolean recursive) Fires a remove access event.
void	fireRemoveSecurityRealmEvent(IThingID itemID, IThingID userID, IThingID policyID, boolean recursive) Fires an event about policy being removed from an item
void	fireSetAccessEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds) Fires a set access event.
void	fireSetAccessEvent(IThingID itemId, IThingID userId, int status, List<? extends IURI> principalIds, boolean recursive) Fires a set access event.
void	fireSetAuthenticationEvent(IThingID itemId, IThingID userId, int status, String scheme) Fires a set authentication event.
void	fireSetAuthenticationEvent(IThingID itemId, IThingID userId, int status, String scheme, boolean recursive) Fires a set authentication event.
void	fireSetOwnerEvent(IThingID itemId, IThingID userId, int status, IThingID newOwnerId, IThingID oldOwnerId) Fires a set owner event.
void	fireSetOwnerEvent(IThingID itemId, IThingID userId, int status, IThingID newOwnerId, IThingID oldOwnerId, boolean recursive) Fires a set owner event.
void	fireSetSecurityRealmEvent(IThingID itemId, IThingID userId, IThingID policyID, boolean recursive) Fires event about setting policy on the item
int	getAccess(IThingID itemId, IThingID userId, Map<?,?> capabilities) Deprecated. use getAccessEx(IThingID, IThingID) instead
IRightSet	getAccessEx(IThingID itemId, IThingID userId) Returns the access right set the specified user has for the specified item
int[]	getAccessList(IThingIDList thingIDList, IThingID userId, Map<?,?> capabilities) Deprecated. use getAccessListEx(IThingIDList, IThingID) instead
List<IRightSet>	getAccessListEx(IThingIDList thingIDList, IThingID userId) Returns an array of IRightSet representing the access rights granted to the specified user for the specified items.
IListView<IAceView>	getAclView(IThingID itemID) Returns access control list for this item
int	getAuthLevelForAuthScheme(String authScheme)
IAuthScheme	getAuthScheme(String authSchemeName)
String	getAuthSchemeForAuthLevel(int level)
IAuthScheme	getAuthSchemeForResource(IURI uri) Returns the appropriate IAuthScheme for a specific resource
IThingIDList	getAvailableAuthSchemes() Gets a list of available IThingID's who's IThing's implement IAuthScheme
IAuthScheme	getDefaultAuthScheme() Returns the current default auth scheme
String	getRightNameForValue(String xtypeName, int rightValue) Returns right name from given right value and xtype id.
IListView<IView>	getRightsForType(String xtypeName) Returns list view of all registered access rights for the specified xtype
int	getRightValueForName(String xtypeName, String rightName) Returns integer right value from the registered right name.
IThingID	getSecurityRealm(IThingID itemID) Returns thing ID of the policy assigned to the object.
void	invalidateAcesForThing(IThingID thingID) Invalidates access cache for the given thing
void	invalidateAcesForUser(IThingID userID) Invalidates mechanics acl cache for the given user
IThingIDList	listSecurityRealmObjects(IThingID securityRealmID) Returns list of objects that have assigned that security realm.
void	removeAces(IThingID itemId, List<? extends IURI> principalIds, boolean recursive) Removes the access entries for the specified item.
void	removeSecurityRealm(IThingID itemID, IThingID policyID, boolean recursive) Removes any assigned policies from the given item
void	setAces(IThingID itemId, List<? extends IURI> principalIds, boolean recursive, int grant, int deny, int exclusive) Deprecated. use setAcesEx(IThingID, List, boolean, IRightSet, IRightSet, IRightSet) instead
void	setAcesEx(IThingID itemId, List<? extends IURI> principalIds, boolean recursive, IRightSet grant, IRightSet deny, IRightSet exclusive) Sets the access entries of the specified item.
void	setSecurityRealm(IThingID itemID, IThingID policyID, boolean recursive) Sets policy for the given item
void	setSecurityRealm(IThingID itemID, IThingID policyID, boolean recursive, boolean disableOverwrite) Sets policy for the given item

Methods inherited from interface com.webmethods.portal.system.IComponent

getComponentData, getComponentName, getComponentProvider, getURI, isInitialized, setComponentData, setComponentProvider

Methods inherited from interface com.webmethods.portal.system.init.IInitializable

init, shutdown

Field Detail

ACCESS_GRANTED

static final int ACCESS_GRANTED

Access to resource granted.

See Also:

Constant Field Values

ACCESS_DENIED

static final int ACCESS_DENIED

Access to resource denied.

See Also:

Constant Field Values

ACCESS_UNSPECIFIED

static final int ACCESS_UNSPECIFIED

Access to resource unspecified.

See Also:

Constant Field Values

AUTH_LEVEL_DEFAULT

static final String AUTH_LEVEL_DEFAULT

Default (forms) based auth level

'default'

See Also:

IThingBaseInfo.AUTH_LEVEL_DEFAULT, Constant Field Values

AUTH_LEVEL_FULL_ACCESS

static final String AUTH_LEVEL_FULL_ACCESS

Full access auth level. ie: everyone has complete (full) access. Use with caution

'fullAccess'

See Also:

IThingBaseInfo.AUTH_LEVEL_FULL_ACCESS, Constant Field Values

AUTH_LEVEL_ANONYMOUS

static final String AUTH_LEVEL_ANONYMOUS

Anonymous

'anonymous'

See Also:

IThingBaseInfo.AUTH_LEVEL_ANONYMOUS, Constant Field Values

AUTH_LEVEL_BASIC

static final String AUTH_LEVEL_BASIC

Basic auth level

'basic'

See Also:

IThingBaseInfo.AUTH_LEVEL_BASIC, Constant Field Values

AUTH_LEVEL_NTLM

static final String AUTH_LEVEL_NTLM

NTLM auth level

'ntlm'

See Also:

IThingBaseInfo.AUTH_LEVEL_NTLM, Constant Field Values

ACCESS_RIGHTS_CONTAINER

static final String ACCESS_RIGHTS_CONTAINER

Alias of the container which stores all registered access rights

See Also:

Constant Field Values

ACCESS_RIGHT_ID

static final String ACCESS_RIGHT_ID

Name of the IView property containing accessRightID

See Also:

Constant Field Values

ACCESS_RIGHT_SHORT_NAME

static final String ACCESS_RIGHT_SHORT_NAME

Name of the IView property containing access right short name

See Also:

Constant Field Values

ACCESS_RIGHT_LONG_NAME

static final String ACCESS_RIGHT_LONG_NAME

Name of the IView property containing access right long name

See Also:

Constant Field Values

AUTH_LEVEL_PROPERTY

static final String AUTH_LEVEL_PROPERTY

Key for identifying the authLevel property.

See Also:

Constant Field Values

AUTH_LEVEL_KERBEROS

static final String AUTH_LEVEL_KERBEROS

Kerberos auth level

See Also:

Constant Field Values

Method Detail

getAclView

IListView<IAceView> getAclView(IThingID itemID)
                        throws PortalException

Returns access control list for this item

Parameters:

itemID -

Returns:

list view of IAceView objects

Throws:

PortalException

getAccess

@Deprecated
int getAccess(IThingID itemId,
                          IThingID userId,
                          Map<?,?> capabilities)
                   throws PortalException

Deprecated. use getAccessEx(IThingID, IThingID) instead

Returns the bit set representing the access rights the specified user has for the specified item.

Parameters:

itemId - Item whose access is requested.

userId - User whose access to the item is requested.

Returns:

Bit set representing the access rights the user has for the item.

Throws:

PortalException

getAccessEx

IRightSet getAccessEx(IThingID itemId,
                      IThingID userId)
               throws PortalException

Returns the access right set the specified user has for the specified item

Parameters:

itemId - Item whose access is requested.

userId - User whose access to the item is requested.

Returns:

complete right set for an item

Throws:

PortalException

getSecurityRealm

IThingID getSecurityRealm(IThingID itemID)
                   throws PortalException

Returns thing ID of the policy assigned to the object. May return null if there are no assigned policy

Parameters:

itemID -

Returns:

Throws:

PortalException

listSecurityRealmObjects

IThingIDList listSecurityRealmObjects(IThingID securityRealmID)
                               throws PortalException

Returns list of objects that have assigned that security realm. May return empty list

Parameters:

securityRealmID - thing ID of the security realm

Returns:

Throws:

PortalException

getAccessList

@Deprecated
int[] getAccessList(IThingIDList thingIDList,
                                IThingID userId,
                                Map<?,?> capabilities)
                         throws PortalException

Deprecated. use getAccessListEx(IThingIDList, IThingID) instead

Returns an array of bit sets representing the access rights granted to the specified user for the specified items.

Parameters:

thingIDList - Items whose access to get.

userId - User whose access to get.

Returns:

An array of bit sets representing the access rights.

Throws:

PortalException

See Also:

IAccessRight

getAccessListEx

List<IRightSet> getAccessListEx(IThingIDList thingIDList,
                                IThingID userId)
                         throws PortalException

Returns an array of IRightSet representing the access rights granted to the specified user for the specified items.

Parameters:

thingIDList - Items whose access to get.

userId - User whose access to get.

Returns:

List of IRightSet

Throws:

PortalException

See Also:

IAccessRight

checkAccess

@Deprecated
void checkAccess(IThingID itemId,
                             IThingID userId,
                             int rights,
                             Map<?,?> capabilities)
                      throws PortalException

Deprecated. use checkAccessEx(IThingID, IThingID, IRightSet) instead

Check access for a given thingID.

Parameters:

itemId - The item being checked for access.

userId - The user wanting access.

rights - The requested rights (see IAccessRight).

Throws:

PortalException

checkAccessEx

void checkAccessEx(IThingID itemId,
                   IThingID userId,
                   IRightSet rightSet)
            throws PortalException

Check access for a given thingID.

Parameters:

itemId - The item being checked for access.

userId - The user wanting access.

rightSet - The requested rights .

Throws:

PortalException

canSetAccess

boolean canSetAccess(IThingID itemId,
                     IThingID userId,
                     boolean recursive)
              throws PortalException

Returns true if the specified user can add or modify entries in the access list of the specified item.

Parameters:

itemId - IURI of item

userId - IThingID of user

recursive - True if we want to recursively check the item's descendants.

Returns:

True if the user can add or modify entries in the access list of the item, False if they can't.

Throws:

PortalException - if the userId is invalid.

canSetSecurityRealm

boolean canSetSecurityRealm(IThingID itemID,
                            IThingID userID,
                            IThingID policyID,
                            boolean recursive)
                     throws PortalException

Returns true if user can set policy on the item

Parameters:

itemID - item thing ID

userID - user thing ID

policyID - policy object ID

recursive - whether policy will be set recursive

Returns:

Throws:

PortalException

checkSetAccess

void checkSetAccess(IThingID itemId,
                    IThingID userId,
                    boolean recursive)
             throws PortalException,
                    PortalAccessException

Throws a PortalAccessException if the specified user cannot add or modify entries in the access list of the specified item.

Parameters:

itemId - IURI of item

userId - IThingID of user

recursive - True if we want to recursively check the item's descendants.

Throws:

PortalAccessException - if the user cannot add or modify entries in the access list of the item.

PortalException - if the userId is invalid.

checkSetSecurityRealm

void checkSetSecurityRealm(IThingID itemID,
                           IThingID userID,
                           IThingID policyID,
                           boolean recursive)
                    throws PortalException,
                           PortalAccessException

Checks if user can set policy on the item, otherwise exception is thrown

Parameters:

itemID - item thing ID

userID - user thing ID

policyID - policy object ID

recursive - whether policy will be set recursive

Throws:

PortalException

PortalAccessException

canRemoveAccess

boolean canRemoveAccess(IThingID itemId,
                        IThingID userId,
                        boolean recursive)
                 throws PortalException

Returns true if the specified user can remove entries from the access list of the specified item.

Parameters:

itemId - IURI of item

userId - IThingID of user

recursive - True if we want to recursively check the item's descendants.

Returns:

True if the user can remove entries from the access list of the item, False if they can't.

Throws:

PortalException - if the userId is invalid.

canRemoveSecurityRealm

boolean canRemoveSecurityRealm(IThingID itemId,
                               IThingID userId,
                               boolean recursive)
                        throws PortalException

Returns true if user can remove policy from the specified item

Parameters:

itemId - thing ID of the item

userId - user thing ID

recursive - whether policy should be removed recursively

Returns:

Throws:

PortalException

checkRemoveAccess

void checkRemoveAccess(IThingID itemId,
                       IThingID userId,
                       boolean recursive)
                throws PortalException,
                       PortalAccessException

Throws a PortalAccessException if the specified user cannot remove entries from the access list of the specified item.

Parameters:

itemId - IURI of item

userId - IThingID of user

recursive - True if we want to recursively check the item's descendants.

Throws:

PortalAccessException - if the user cannot remove entries from the access list of the item.

PortalException - if the userId is invalid.

checkRemoveSecurityRealm

void checkRemoveSecurityRealm(IThingID itemID,
                              IThingID userID,
                              boolean recursive)
                       throws PortalException,
                              PortalAccessException

Checks if user can remove policy from the specified item, otherwise exception will be thrown

Parameters:

itemID - thing ID of the item

userID - user thing ID

recursive - whether policy should be removed recursively

Throws:

PortalException

PortalAccessException

canSetAuthentication

boolean canSetAuthentication(IThingID itemId,
                             IThingID userId,
                             boolean recursive)
                      throws PortalException

Returns true if the specified user can set the authentication type of the specified item.

Parameters:

itemId - IURI of item

userId - IThingID of user

recursive - True if we want to recursively check the item's descendants.

Returns:

True if the user can set the authentication type of the item, False if they can't.

Throws:

PortalException - if the userId is invalid.

checkSetAuthentication

void checkSetAuthentication(IThingID itemId,
                            IThingID userId,
                            boolean recursive)
                     throws PortalException,
                            PortalAccessException

Throws a PortalAccessException if the specified user cannot set the authentication type of the specified item.

Parameters:

itemId - IURI of item

userId - IThingID of user

recursive - True if we want to recursively check the item's descendants.

Throws:

PortalAccessException - if the user cannot set the authentication type of the item.

PortalException - if the userId is invalid.

canSetOwner

boolean canSetOwner(IThingID itemId,
                    IThingID userId)
             throws PortalException

Returns true if the specified user can set the owner of the specified item.

Parameters:

itemId - IURI of item

userId - IThingID of user

Returns:

True if the user can set the owner of the item, False if they can't.

Throws:

PortalException - if the userId is invalid.

checkSetOwner

void checkSetOwner(IThingID itemId,
                   IThingID userId)
            throws PortalException,
                   PortalAccessException

Throws a PortalAccessException if the specified user cannot set the owner of the specified item.

Parameters:

itemId - IURI of item

userId - IThingID of user

Throws:

PortalAccessException - if the user cannot set the owner of the item.

PortalException - if the userId is invalid.

fireSetAccessEvent

void fireSetAccessEvent(IThingID itemId,
                        IThingID userId,
                        int status,
                        List<? extends IURI> principalIds)
                 throws PortalException

Fires a set access event.

Parameters:

itemId - Item to whose access list entries were added or modified.

userId - User who set the access.

status - Status of the event (successful, denied, error).

principalIds - List of IURIs whose access was modified.

Throws:

PortalException - if the userId is invalid.

fireSetAccessEvent

void fireSetAccessEvent(IThingID itemId,
                        IThingID userId,
                        int status,
                        List<? extends IURI> principalIds,
                        boolean recursive)
                 throws PortalException

Fires a set access event.

Parameters:

itemId - Item to whose access list entries were added or modified.

userId - User who set the access.

status - Status of the event (successful, denied, error).

principalIds - List of IURIs whose access was modified.

Throws:

PortalException - if the userId is invalid.

fireSetSecurityRealmEvent

void fireSetSecurityRealmEvent(IThingID itemId,
                               IThingID userId,
                               IThingID policyID,
                               boolean recursive)
                        throws PortalException

Fires event about setting policy on the item

Parameters:

itemId - item thing ID

userId - user ID which performed an operation

policyID - policy object ID

recursive - if this was a recursive operation

Throws:

PortalException

fireRemoveAcccesEvent

void fireRemoveAcccesEvent(IThingID itemId,
                           IThingID userId,
                           int status,
                           List<? extends IURI> principalIds)
                    throws PortalException

Fires a remove access event.

Parameters:

itemId - Item to which access list entries were removed.

userId - User who removed the access.

status - Status of the event (successful, denied, error).

principalIds - List of IURIs whose access was removed.

Throws:

PortalException - if the userId is invalid.

fireRemoveSecurityRealmEvent

void fireRemoveSecurityRealmEvent(IThingID itemID,
                                  IThingID userID,
                                  IThingID policyID,
                                  boolean recursive)
                           throws PortalException

Fires an event about policy being removed from an item

Parameters:

itemID - item thing ID

userID - user thing Id who performed an operation

recursive - whether this was a recursive

Throws:

PortalException

fireRemoveAcccesEvent

void fireRemoveAcccesEvent(IThingID itemId,
                           IThingID userId,
                           int status,
                           List<? extends IURI> principalIds,
                           boolean recursive)
                    throws PortalException

Fires a remove access event.

Parameters:

itemId - Item to which access list entries were removed.

userId - User who removed the access.

status - Status of the event (successful, denied, error).

principalIds - List of IURIs whose access was removed.

Throws:

PortalException - if the userId is invalid.

fireSetAuthenticationEvent

void fireSetAuthenticationEvent(IThingID itemId,
                                IThingID userId,
                                int status,
                                String scheme)
                         throws PortalException

Fires a set authentication event.

Parameters:

itemId - Item whose authentication scheme was set.

userId - User who set the authentication scheme.

status - Status of the event (successful, denied, error).

scheme - Name of the authentication scheme.

Throws:

PortalException - if the userId is invalid.

fireSetAuthenticationEvent

void fireSetAuthenticationEvent(IThingID itemId,
                                IThingID userId,
                                int status,
                                String scheme,
                                boolean recursive)
                         throws PortalException

Fires a set authentication event.

Parameters:

itemId - Item whose authentication scheme was set.

userId - User who set the authentication scheme.

status - Status of the event (successful, denied, error).

scheme - Name of the authentication scheme.

Throws:

PortalException - if the userId is invalid.

fireSetOwnerEvent

void fireSetOwnerEvent(IThingID itemId,
                       IThingID userId,
                       int status,
                       IThingID newOwnerId,
                       IThingID oldOwnerId)
                throws PortalException

Fires a set owner event.

Parameters:

itemId - Item whose owner was set.

userId - User who set the owner.

status - Status of the event (successful, denied, error).

newOwnerId - New owner.

oldOwnerId - Old owner.

Throws:

PortalException - if the userId is invalid.

fireSetOwnerEvent

void fireSetOwnerEvent(IThingID itemId,
                       IThingID userId,
                       int status,
                       IThingID newOwnerId,
                       IThingID oldOwnerId,
                       boolean recursive)
                throws PortalException

Fires a set owner event.

Parameters:

itemId - Item whose owner was set.

userId - User who set the owner.

status - Status of the event (successful, denied, error).

newOwnerId - New owner.

oldOwnerId - Old owner.

Throws:

PortalException - if the userId is invalid.

getRightsForType

IListView<IView> getRightsForType(String xtypeName)
                           throws PortalException

Returns list view of all registered access rights for the specified xtype

Parameters:

xtypeName -

Returns:

Throws:

PortalException

getRightValueForName

int getRightValueForName(String xtypeName,
                         String rightName)
                  throws PortalException

Returns integer right value from the registered right name. It also resolves legacy right names like: READ, MODIFY, DELETE, MODIFY_PERMISSION, CREATE_ITEM, CREATE_CONTAINER

Parameters:

xtypeName - xtype name or basic type name for an object

rightName -

Returns:

valid right value for the name or -1 if not found

Throws:

PortalException

getRightNameForValue

String getRightNameForValue(String xtypeName,
                            int rightValue)
                     throws PortalException

Returns right name from given right value and xtype id. Different xtypes may share right with the same value, but have a different name

Parameters:

xtypeName - xtype name or basic type name of an object

rightValue - right value

Returns:

right name as registered for given xtype or null if not found

Throws:

PortalException

removeAces

void removeAces(IThingID itemId,
                List<? extends IURI> principalIds,
                boolean recursive)
         throws PortalException

Removes the access entries for the specified item.

Parameters:

itemId - Item whose access entries to remove.

principalIds - List of IURIs to remove.

recursive - True if the removal should be applied to this item's descendants.

Throws:

PortalException

removeSecurityRealm

void removeSecurityRealm(IThingID itemID,
                         IThingID policyID,
                         boolean recursive)
                  throws PortalException

Removes any assigned policies from the given item

Parameters:

itemID - item thing ID

recursive - whether to remove policy recursively

Throws:

PortalException

setAces

@Deprecated
void setAces(IThingID itemId,
                         List<? extends IURI> principalIds,
                         boolean recursive,
                         int grant,
                         int deny,
                         int exclusive)
                  throws PortalException

Deprecated. use setAcesEx(IThingID, List, boolean, IRightSet, IRightSet, IRightSet) instead

Sets the access entries of the specified item.

Parameters:

itemId - Item whose access entries to set.

principalIds - List of IURIs for which to add or modify access.

recursive - True if the access modification should be applied to this item's descendants.

grant - Bit set of rights to grant.

deny - Bit set of rights to deny.

exclusive - Bit set of rights to grant exclusively.

Throws:

PortalException

See Also:

IAccessRight

setAcesEx

void setAcesEx(IThingID itemId,
               List<? extends IURI> principalIds,
               boolean recursive,
               IRightSet grant,
               IRightSet deny,
               IRightSet exclusive)
        throws PortalException

Sets the access entries of the specified item.

Parameters:

itemId - Item whose access entries to set.

principalIds - List of IURIs for which to add or modify access.

recursive - True if the access modification should be applied to this item's descendants.

grant - Bit set of rights to grant.

deny - Bit set of rights to deny.

exclusive - Bit set of rights to grant exclusively.

delegate - Bit set of rights that may be delegated.

Throws:

PortalException

See Also:

IAccessRight

cloneAces

void cloneAces(IThingID sourceID,
               IThingID targetID)
        throws PortalException

clone the aces from the source to the destination

Parameters:

sourceID -

targetID -

Throws:

PortalException

setSecurityRealm

void setSecurityRealm(IThingID itemID,
                      IThingID policyID,
                      boolean recursive)
               throws PortalException

Sets policy for the given item

Parameters:

itemID - item thing ID

policyID - policy object ID

recursive - whether to set policy recursively

Throws:

PortalException

setSecurityRealm

void setSecurityRealm(IThingID itemID,
                      IThingID policyID,
                      boolean recursive,
                      boolean disableOverwrite)
               throws PortalException

Sets policy for the given item

Parameters:

itemID - item thing ID

policyID - policy object ID

recursive - whether to set policy recursively

disableOverwrite - disable overwrite of policy selections

Throws:

PortalException

getAuthSchemeForAuthLevel

String getAuthSchemeForAuthLevel(int level)
                          throws PortalException

Parameters:

level -

Returns:

the common name for the auth Level

Throws:

PortalException - if no scheme is found for that level

getAuthLevelForAuthScheme

int getAuthLevelForAuthScheme(String authScheme)
                       throws PortalException

Parameters:

authScheme -

Returns:

the level for the common name

Throws:

PortalException - if no auth level is found

getAuthScheme

IAuthScheme getAuthScheme(String authSchemeName)
                   throws PortalException

Returns:

auth scheme object for the common name

Throws:

PortalException - if no auth scheme is found

getAvailableAuthSchemes

IThingIDList getAvailableAuthSchemes()
                              throws PortalException

Gets a list of available IThingID's who's IThing's implement IAuthScheme

Throws:

PortalException

getAuthSchemeForResource

IAuthScheme getAuthSchemeForResource(IURI uri)
                              throws PortalException

Returns the appropriate IAuthScheme for a specific resource

Throws:

PortalException

getDefaultAuthScheme

IAuthScheme getDefaultAuthScheme()
                          throws PortalException

Returns the current default auth scheme

Throws:

PortalException

invalidateAcesForUser

void invalidateAcesForUser(IThingID userID)
                    throws PortalException

Invalidates mechanics acl cache for the given user

Parameters:

userID -

Throws:

PortalException

invalidateAcesForThing

void invalidateAcesForThing(IThingID thingID)
                     throws PortalException

Invalidates access cache for the given thing

Parameters:

thingID -

Throws:

PortalException