com.webmethods.portal.bizPolicy.biz.access
Interface IAccessPolicy


public interface IAccessPolicy

Policy to modify Portal Access information. This includes com.webmethods.portal.service.meta2.access.IAce, and other information.

IAccessPolicy functions expose setting (updating) and removing com.webmethods.portal.service.meta2.access.IAces, as well as altering Anonymous, AuthScheme and capability information as well on Portal resources. (com.webmethods.portal.service.meta2.thing.IThings).


Method Summary
 int getAccess(IContext context, IThingID itemID, IURI userID)
          Returns access rights that user has for the given thing.
 Collection getAccessEx(IContext context, IThingID itemID, IURI userID)
          Returns access rights that user has for the given thing.
 IListView getAclView(IContext context, IThingID itemID)
          Returns list of access control entries for this item
 String getAuthScheme(IContext context, IThingID itemId)
          Queries the authLevel of the resource.
 IListView getRightsForType(IContext context, String xtypeName)
          Returns list view of all rights registered with the given xtype/basic type
 IThingID getSecurityRealm(IContext context, IThingID itemID)
          Retrieves and returns security policy associated with the item
 boolean isAnonymous(IContext context, IThingID itemId)
          Verifies whether specified resource is anonymous.
 IListView listSecurityReamObjects(IContext context, IThingID securityRealmID)
          Returns list view of all objects assigned this security realm.
 void removeAces(IContext context, IThingID itemId, List principalIds, boolean recursive)
          Removes the access entries of the specified item.
 void removeSecurityRealm(IContext context, IThingID itemID, IThingID securityRealmID, boolean recursive)
          Removes security policy from the object
 void setAces(IContext context, IThingID itemId, List principalIds, boolean recursive, int grant, int deny, int exclusive, int delegate, int mask)
          Sets the access entries of the specified item.
 void setAcesEx(IContext context, IThingID itemId, List principalIds, boolean recursive, Collection granted, Collection denied, Collection exclusive)
          Sets the access for the specified item.
 void setAnonymous(IContext context, IThingID itemId, boolean recursive, boolean isAnonymous)
          Set specified resource either as anonymous.
 void setAuthScheme(IContext context, IThingID itemId, boolean recursive, String authLevel)
          Sets the authentication level of this thing
 void setSecurityRealm(IContext context, IThingID itemID, IThingID securityRealmID, boolean recursive)
          Sets security policy to the object
 

Method Detail

setAces

void setAces(IContext context,
             IThingID itemId,
             List principalIds,
             boolean recursive,
             int grant,
             int deny,
             int exclusive,
             int delegate,
             int mask)
             throws BizException
Sets the access entries of the specified item. This will update any existing aces as well. For instance, if the 'everyone' group already has an ace, and you call this passing in the 'everyone' group's uri, the ace will be updated with the new information.

Parameters:
context - Command context (user state information).
itemId - Item whose access entries to set.
principalIds - List of IURIs for which to add or modify access.
recursive - True if the access modification should be applied to this item's descendants.
grant - Bit set of rights to grant.
deny - Bit set of rights to deny.
exclusive - Bit set of rights to grant exclusively.
delegate - Bit set of rights that may be delegated.
mask - Bit set of rights to modify. When adding or modifying a particular right set (like grant or deny) only the intersection of this and the particular right set apply.
Throws:
BizException

setAcesEx

void setAcesEx(IContext context,
               IThingID itemId,
               List principalIds,
               boolean recursive,
               Collection granted,
               Collection denied,
               Collection exclusive)
               throws BizException
Sets the access for the specified item.

Parameters:
context - current context
itemId - item to set aces on
principalIds - principals list
recursive - whether set aces recursive
granted - list of granted rights. This is a list of String names of rights or Integer right values
denied - list of denied rights. This is a list of String names of rights or Integer right values
exclusive - list of denied rights. This is a list of String names of rights or Integer right values
Throws:
BizException

getAccess

int getAccess(IContext context,
              IThingID itemID,
              IURI userID)
              throws BizException
Returns access rights that user has for the given thing. See IAccessRight for the definition of possible access rights values

Parameters:
context - Command context
itemID - item whose access should be retrieved
userID - user whose access shouild be retrieved
Returns:
integer representing rights that user has on an item
Throws:
BizException

getRightsForType

IListView getRightsForType(IContext context,
                           String xtypeName)
                           throws BizException
Returns list view of all rights registered with the given xtype/basic type

Parameters:
context - current context
xtypeName - xtype or base type name
Returns:
list view
Throws:
BizException

getAccessEx

Collection getAccessEx(IContext context,
                       IThingID itemID,
                       IURI userID)
                       throws BizException
Returns access rights that user has for the given thing. See IAccessRight for the definition of possible access rights values

Parameters:
context - Command context
itemID - item whose access should be retrieved
userID - user whose access shouild be retrieved
Returns:
collections with Integer values of granted access rights
Throws:
BizException

getAclView

IListView getAclView(IContext context,
                     IThingID itemID)
                     throws BizException
Returns list of access control entries for this item

Parameters:
context - executing context
itemID - item to retrieve access control list
Returns:
list view of com.webmethods.portal.service.meta2.access.IAceView objects
Throws:
BizException

removeAces

void removeAces(IContext context,
                IThingID itemId,
                List principalIds,
                boolean recursive)
                throws BizException
Removes the access entries of the specified item.

Parameters:
context - Command context (user state information).
itemId - Item whose access entries to remove.
principalIds - List of IURIs for which to add or modify access.
recursive - True if the access modification should be applied to this item's descendants.
Throws:
BizException

setAnonymous

void setAnonymous(IContext context,
                  IThingID itemId,
                  boolean recursive,
                  boolean isAnonymous)
                  throws BizException
Set specified resource either as anonymous. If it is set to being anonymous, some important things will change.
 1) The authLevel on the thing will change. com.webmethods.portal.service.meta2.thing.IThing#getAuthLevel
 2) Authentication will not be required to access this thing
 
This is really just a convience function for checking to see if IAccessPolicy.getAuthScheme(com.webmethods.portal.bizPolicy.IContext, com.webmethods.portal.service.meta2.thing.IThingID) is equal to anonymous

Parameters:
context - Command context (user state information).
itemId - Item whose anonymous setting to change.
recursive - True if the access modification should be applied to this item's descendants.
isAnonymous - whether or not to set this as anonymous
Throws:
BizException

isAnonymous

boolean isAnonymous(IContext context,
                    IThingID itemId)
                    throws BizException
Verifies whether specified resource is anonymous.

Parameters:
context - Command context (user state information).
itemId - Item whose anonymous setting to query.
Returns:
True if anonymous, false otherwise
Throws:
BizException

setAuthScheme

void setAuthScheme(IContext context,
                   IThingID itemId,
                   boolean recursive,
                   String authLevel)
                   throws BizException
Sets the authentication level of this thing

Parameters:
context - Command context (user state information).
itemId - Item whose authLevel setting to change.
recursive - True if the access modification should be applied to this item's descendants.
authLevel - the name of the auth scheme: 'default', 'fullAccess', 'anonymous', 'basic', 'ntlm'
Throws:
BizException
See Also:
com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_DEFAULT, com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_FULL_ACCESS, com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_ANONYMOUS, com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_BASIC, com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_NTLM

getAuthScheme

String getAuthScheme(IContext context,
                     IThingID itemId)
                     throws BizException
Queries the authLevel of the resource.

Parameters:
context - Command context (user state information).
itemId - Item whose authLevel setting to query.
Returns:
the name of the auth scheme: 'default', 'fullAccess', 'anonymous', 'basic', 'ntlm'
Throws:
BizException
See Also:
com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_DEFAULT, com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_FULL_ACCESS, com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_ANONYMOUS, com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_BASIC, com.webmethods.portal.mech.access.IAccessMechanics#AUTH_LEVEL_NTLM

setSecurityRealm

void setSecurityRealm(IContext context,
                      IThingID itemID,
                      IThingID securityRealmID,
                      boolean recursive)
                      throws BizException
Sets security policy to the object

Parameters:
context - Command context
itemID - item thing ID to set policy on
securityRealmID - policy thing ID
recursive - whether to set policy recursively
Throws:
BizException

getSecurityRealm

IThingID getSecurityRealm(IContext context,
                          IThingID itemID)
                          throws BizException
Retrieves and returns security policy associated with the item

Parameters:
context - Command context
itemID - item thing ID
Returns:
policy thing ID or null
Throws:
BizException

removeSecurityRealm

void removeSecurityRealm(IContext context,
                         IThingID itemID,
                         IThingID securityRealmID,
                         boolean recursive)
                         throws BizException
Removes security policy from the object

Parameters:
context - command context
itemID - item thing ID
securityRealmID - policy thing ID
Throws:
BizException

listSecurityReamObjects

IListView listSecurityReamObjects(IContext context,
                                  IThingID securityRealmID)
                                  throws BizException
Returns list view of all objects assigned this security realm. List could be empry

Parameters:
securityRealmID -
Returns:
Throws:
BizException