org.norther.tammi.core.security
Class DefaultAccessController

java.lang.Object
  org.norther.tammi.core.base.Adaptee
      org.norther.tammi.core.security.DefaultAccessController

All Implemented Interfaces:

Serializable, NotificationBroadcaster, NotificationEmitter, Manageable, MBeanDelegate, AccessController

public class DefaultAccessController
extends Adaptee
implements AccessController

A default implementation of AccessController.

Author:

Ilkka Priha

See Also:

Serialized Form

Field Summary

Fields inherited from class org.norther.tammi.core.base.Adaptee

ADAPTEE_NOTIF_DESCRIPTION, ADAPTEE_NOTIFICATIONS

Fields inherited from interface org.norther.tammi.core.base.MBeanDelegate

ARRAY_TYPE, OBJECT_TYPE, PRIMITIVE_TYPE, STRING_TYPE

Constructor Summary

DefaultAccessController()
Constructs a new access controller.

Method Summary

void	addAllowedPermission(String role, Permission permission) Adds an allowed permission for a specified role.
void	addDeniedPermission(String role, Permission permission) Adds a denied permission for a specified role.
Enumeration	allowedPermissions(String role) Returns an enumeration of allowed permissions for a specified role.
Set	allowedRoleSet() Returns a read-only set of roles with allowed permissions.
boolean	checkPermission(Principal principal, Permission permission) Checks whether or not the specified principal has the specified permission.
boolean	checkPermission(Principal principal, String resource, int mask) Checks whether or not the specified principal has a permission to access the masked actions of the specified resource.
boolean	checkPermission(Principal principal, String resource, String actions) Checks whether or not the specified principal has a permission to access the named actions of the specified resource.
void	clearAllowedPermissions() Clears all allowed permissions.
void	clearDeniedPermissions() Clears all denied permissions.
Enumeration	deniedPermissions(String role) Returns an enumeration of denied permissions for a specified role.
Set	deniedRoleSet() Returns a read only set of roles with denied permissions.
String[]	getPermissibleRoles(Permission permission) Gets the roles having the specified permission.
String[]	getPermissibleRoles(String resource, int mask) Gets the roles having a permission to access the masked actions of the specified resource.
String[]	getPermissibleRoles(String resource, String actions) Gets the roles having a permission to access the named actions of the specified resource.
boolean	isProtected() Checks whether the access controller is protected by any allowed or denied permissions.
void	removeAllowedPermissions(String role) Removes allowed permissions for a specified role.
void	removeDeniedPermissions(String role) Removes denied permissions for a specified role.
void	setAllowedPermissions(String role, Permission[] permissions) Sets allowed permissions for a specified role.
void	setDeniedPermissions(String role, Permission[] permissions) Sets denied permissions for a specified role.

Methods inherited from class org.norther.tammi.core.base.Adaptee

addAdaptee, addNotificationListener, getAttributeSupport, getBroker, getCanonicalName, getDomain, getFactory, getLoader, getLog, getLog, getMBean, getMBeanServer, getNotificationInfo, getObjectName, getRegistrationTime, getSequenceNumber, hasListeners, isRegistered, postmanaged, premanaged, removeNotificationListener, removeNotificationListener, sendNotification, sendNotification, sendNotification, sendNotification, unmanaged, unregister

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAccessController

public DefaultAccessController()

Constructs a new access controller.

Method Detail

isProtected

public boolean isProtected()

Description copied from interface: AccessController

Checks whether the access controller is protected by any allowed or denied permissions.

Specified by:

isProtected in interface AccessController

Returns:

true if the access controller is protected, false otherwise.

allowedPermissions

public Enumeration allowedPermissions(String role)

Description copied from interface: AccessController

Returns an enumeration of allowed permissions for a specified role.

Specified by:

allowedPermissions in interface AccessController

Parameters:

role - the specified role.

Returns:

an enumeration of allowed permissions.

setAllowedPermissions

public void setAllowedPermissions(String role,
                                  Permission[] permissions)

Description copied from interface: AccessController

Sets allowed permissions for a specified role.

Specified by:

setAllowedPermissions in interface AccessController

Parameters:

role - the specified role.

permissions - an array of permissions.

addAllowedPermission

public void addAllowedPermission(String role,
                                 Permission permission)

Description copied from interface: AccessController

Adds an allowed permission for a specified role.

Specified by:

addAllowedPermission in interface AccessController

Parameters:

role - the specified role.

permission - the allowed permission.

removeAllowedPermissions

public void removeAllowedPermissions(String role)

Description copied from interface: AccessController

Removes allowed permissions for a specified role.

Specified by:

removeAllowedPermissions in interface AccessController

Parameters:

role - the specified role.

clearAllowedPermissions

public void clearAllowedPermissions()

Description copied from interface: AccessController

Clears all allowed permissions.

Specified by:

clearAllowedPermissions in interface AccessController

allowedRoleSet

public Set allowedRoleSet()

Description copied from interface: AccessController

Returns a read-only set of roles with allowed permissions.

Specified by:

allowedRoleSet in interface AccessController

Returns:

a set of allowed roles.

deniedPermissions

public Enumeration deniedPermissions(String role)

Description copied from interface: AccessController

Returns an enumeration of denied permissions for a specified role.

Specified by:

deniedPermissions in interface AccessController

Parameters:

role - the specified role.

Returns:

an enumeration of denied permissions.

setDeniedPermissions

public void setDeniedPermissions(String role,
                                 Permission[] permissions)

Description copied from interface: AccessController

Sets denied permissions for a specified role.

Specified by:

setDeniedPermissions in interface AccessController

Parameters:

role - the specified role.

permissions - an array of permissions.

addDeniedPermission

public void addDeniedPermission(String role,
                                Permission permission)

Description copied from interface: AccessController

Adds a denied permission for a specified role.

Specified by:

addDeniedPermission in interface AccessController

Parameters:

role - the specified role.

permission - the denied permission.

removeDeniedPermissions

public void removeDeniedPermissions(String role)

Description copied from interface: AccessController

Removes denied permissions for a specified role.

Specified by:

removeDeniedPermissions in interface AccessController

Parameters:

role - the role to be updated.

clearDeniedPermissions

public void clearDeniedPermissions()

Description copied from interface: AccessController

Clears all denied permissions.

Specified by:

clearDeniedPermissions in interface AccessController

deniedRoleSet

public Set deniedRoleSet()

Description copied from interface: AccessController

Returns a read only set of roles with denied permissions.

Specified by:

deniedRoleSet in interface AccessController

Returns:

a set of denied roles.

getPermissibleRoles

public String[] getPermissibleRoles(String resource,
                                    String actions)

Description copied from interface: AccessController

Gets the roles having a permission to access the named actions of the specified resource.

If the access controller is not protected by any permissions, null is returned. If there are not any roles having the requested permission, an empty array is returned.

Specified by:

getPermissibleRoles in interface AccessController

Parameters:

resource - the name of the resource to check.

actions - the name(s) of actions to access.

Returns:

an array of roles, an empty array or null.

getPermissibleRoles

public String[] getPermissibleRoles(String resource,
                                    int mask)

Description copied from interface: AccessController

Gets the roles having a permission to access the masked actions of the specified resource.

If the access controller is not protected by any permissions, null is returned. If there are not any roles having the requested permission, an empty array is returned.

Specified by:

getPermissibleRoles in interface AccessController

Parameters:

resource - the name of the resource to check.

mask - a mask of actions to access.

Returns:

an array of roles, an empty array or null.

getPermissibleRoles

public String[] getPermissibleRoles(Permission permission)

Description copied from interface: AccessController

Gets the roles having the specified permission. More specifically, this method checks whether the passed permission is implied by the allowed permissions, not implied by the denied permissions and a role is mapped to the corresponding permission.

If the access controller is not protected by any permissions, null is returned. If there are not any roles having the requested permission, an empty array is returned.

Specified by:

getPermissibleRoles in interface AccessController

Parameters:

permission - the permission to be checked for.

Returns:

an array of roles, an empty array or null.

checkPermission

public boolean checkPermission(Principal principal,
                               String resource,
                               String actions)

Description copied from interface: AccessController

Checks whether or not the specified principal has a permission to access the named actions of the specified resource.

Specified by:

checkPermission in interface AccessController

Parameters:

principal - the authenticated principal (null = unauthenticated).

resource - the name of the resource to check.

actions - the name(s) of actions to access.

Returns:

true if the principal has the permission, false otherwise.

checkPermission

public boolean checkPermission(Principal principal,
                               String resource,
                               int mask)

Description copied from interface: AccessController

Checks whether or not the specified principal has a permission to access the masked actions of the specified resource.

Specified by:

checkPermission in interface AccessController

Parameters:

principal - the authenticated principal (null = unauthenticated).

resource - the name of the resource to check.

mask - a mask of actions to access.

Returns:

true if the principal has the permission, false otherwise.

checkPermission

public boolean checkPermission(Principal principal,
                               Permission permission)

Description copied from interface: AccessController

Checks whether or not the specified principal has the specified permission.

Specified by:

checkPermission in interface AccessController

Parameters:

principal - the authenticated principal (null = unauthenticated).

permission - the permission to be checked for.

Returns:

true if the principal has the permission, false otherwise.