Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.norther.tammi.core.security
Interface AccessController

All Known Subinterfaces:
BranchingFilter, FileUploadFilter, FlowFilter, FormFilter, HostFilter, LayoutFilter, LinkFilter, PageFilter, PipeFilter, SecureContainer, SecureContainerFilter, SecureContainerKeyFilter, SecureFilter, SecureKeyFilter, ServiceFilter, TaskFilter
All Known Implementing Classes:
AbstractSecureContainerFilter, AbstractSecureContainerKeyFilter, DefaultAccessController, DefaultBranchingFilter, DefaultFileUploadFilter, DefaultFlowFilter, DefaultFormFilter, DefaultHostFilter, DefaultLayoutFilter, DefaultLinkFilter, DefaultPageFilter, DefaultPipeFilter, DefaultSecureContainer, DefaultSecureContainerFilter, DefaultSecureContainerKeyFilter, DefaultSecureFilter, DefaultSecureKeyFilter, DefaultServiceFilter, DefaultTaskFilter
public interface AccessController

An interface to objects controlling resources protected by permissions allowing access for specific principals only.

Author:
Ilkka Priha

Method Summary
 void addAllowedPermission(String role, Permission permission)
          Adds an allowed permission for a specified role.
 void addDeniedPermission(String role, Permission permission)
          Adds a denied permission for a specified role.
 Enumeration allowedPermissions(String role)
          Returns an enumeration of allowed permissions for a specified role.
 Set allowedRoleSet()
          Returns a read-only set of roles with allowed permissions.
 boolean checkPermission(Principal principal, Permission permission)
          Checks whether or not the specified principal has the specified permission.
 boolean checkPermission(Principal principal, String resource, int mask)
          Checks whether or not the specified principal has a permission to access the masked actions of the specified resource.
 boolean checkPermission(Principal principal, String resource, String actions)
          Checks whether or not the specified principal has a permission to access the named actions of the specified resource.
 void clearAllowedPermissions()
          Clears all allowed permissions.
 void clearDeniedPermissions()
          Clears all denied permissions.
 Enumeration deniedPermissions(String role)
          Returns an enumeration of denied permissions for a specified role.
 Set deniedRoleSet()
          Returns a read only set of roles with denied permissions.
 String[] getPermissibleRoles(Permission permission)
          Gets the roles having the specified permission.
 String[] getPermissibleRoles(String resource, int mask)
          Gets the roles having a permission to access the masked actions of the specified resource.
 String[] getPermissibleRoles(String resource, String actions)
          Gets the roles having a permission to access the named actions of the specified resource.
 boolean isProtected()
          Checks whether the access controller is protected by any allowed or denied permissions.
 void removeAllowedPermissions(String role)
          Removes allowed permissions for a specified role.
 void removeDeniedPermissions(String role)
          Removes denied permissions for a specified role.
 void setAllowedPermissions(String role, Permission[] permissions)
          Sets allowed permissions for a specified role.
 void setDeniedPermissions(String role, Permission[] permissions)
          Sets denied permissions for a specified role.
 

Method Detail

isProtected

boolean isProtected()
Checks whether the access controller is protected by any allowed or denied permissions.

Returns:
true if the access controller is protected, false otherwise.

allowedPermissions

Enumeration allowedPermissions(String role)
Returns an enumeration of allowed permissions for a specified role.

Parameters:
role - the specified role.
Returns:
an enumeration of allowed permissions.

setAllowedPermissions

void setAllowedPermissions(String role,
                           Permission[] permissions)
Sets allowed permissions for a specified role.

Parameters:
role - the specified role.
permissions - an array of permissions.

addAllowedPermission

void addAllowedPermission(String role,
                          Permission permission)
Adds an allowed permission for a specified role.

Parameters:
role - the specified role.
permission - the allowed permission.

removeAllowedPermissions

void removeAllowedPermissions(String role)
Removes allowed permissions for a specified role.

Parameters:
role - the specified role.

clearAllowedPermissions

void clearAllowedPermissions()
Clears all allowed permissions.

allowedRoleSet

Set allowedRoleSet()
Returns a read-only set of roles with allowed permissions.

Returns:
a set of allowed roles.

deniedPermissions

Enumeration deniedPermissions(String role)
Returns an enumeration of denied permissions for a specified role.

Parameters:
role - the specified role.
Returns:
an enumeration of denied permissions.

setDeniedPermissions

void setDeniedPermissions(String role,
                          Permission[] permissions)
Sets denied permissions for a specified role.

Parameters:
role - the specified role.
permissions - an array of permissions.

addDeniedPermission

void addDeniedPermission(String role,
                         Permission permission)
Adds a denied permission for a specified role.

Parameters:
role - the specified role.
permission - the denied permission.

removeDeniedPermissions

void removeDeniedPermissions(String role)
Removes denied permissions for a specified role.

Parameters:
role - the role to be updated.

clearDeniedPermissions

void clearDeniedPermissions()
Clears all denied permissions.

deniedRoleSet

Set deniedRoleSet()
Returns a read only set of roles with denied permissions.

Returns:
a set of denied roles.

getPermissibleRoles

String[] getPermissibleRoles(String resource,
                             String actions)
Gets the roles having a permission to access the named actions of the specified resource.

If the access controller is not protected by any permissions, null is returned. If there are not any roles having the requested permission, an empty array is returned.

Parameters:
resource - the name of the resource to check.
actions - the name(s) of actions to access.
Returns:
an array of roles, an empty array or null.
Throws:
SecurityException - if the access control list is invalid.

getPermissibleRoles

String[] getPermissibleRoles(String resource,
                             int mask)
Gets the roles having a permission to access the masked actions of the specified resource.

If the access controller is not protected by any permissions, null is returned. If there are not any roles having the requested permission, an empty array is returned.

Parameters:
resource - the name of the resource to check.
mask - a mask of actions to access.
Returns:
an array of roles, an empty array or null.
Throws:
SecurityException - if the access control list is invalid.

getPermissibleRoles

String[] getPermissibleRoles(Permission permission)
Gets the roles having the specified permission. More specifically, this method checks whether the passed permission is implied by the allowed permissions, not implied by the denied permissions and a role is mapped to the corresponding permission.

If the access controller is not protected by any permissions, null is returned. If there are not any roles having the requested permission, an empty array is returned.

Parameters:
permission - the permission to be checked for.
Returns:
an array of roles, an empty array or null.
Throws:
SecurityException - if the access control list is invalid.

checkPermission

boolean checkPermission(Principal principal,
                        String resource,
                        String actions)
Checks whether or not the specified principal has a permission to access the named actions of the specified resource.

Parameters:
principal - the authenticated principal (null = unauthenticated).
resource - the name of the resource to check.
actions - the name(s) of actions to access.
Returns:
true if the principal has the permission, false otherwise.
Throws:
SecurityException - if the access control list is invalid.

checkPermission

boolean checkPermission(Principal principal,
                        String resource,
                        int mask)
Checks whether or not the specified principal has a permission to access the masked actions of the specified resource.

Parameters:
principal - the authenticated principal (null = unauthenticated).
resource - the name of the resource to check.
mask - a mask of actions to access.
Returns:
true if the principal has the permission, false otherwise.
Throws:
SecurityException - if the access control list is invalid.

checkPermission

boolean checkPermission(Principal principal,
                        Permission permission)
Checks whether or not the specified principal has the specified permission.

Parameters:
principal - the authenticated principal (null = unauthenticated).
permission - the permission to be checked for.
Returns:
true if the principal has the permission, false otherwise.
Throws:
SecurityException - if the access control list is invalid.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004 The Norther Organization. All rights reserved.