Package lumis.util.security.acl
Class AclManager
- java.lang.Object
-
- lumis.util.security.acl.AclManager
-
- All Implemented Interfaces:
IConfigKeyChecker
,IAclManager
- Direct Known Subclasses:
ChannelAclManager
,GenericAclManager
,GroupAclManager
,PageAclManager
,PageTemplateAclManager
,PortalAclManager
,ServiceAclManager
,ServiceInstanceAclManager
public abstract class AclManager extends java.lang.Object implements IAclManager
Base AclManager implementation. This is an abstract implementation, that contains the logic that all acls should have. Specific acl managers should extend this class.- Since:
- 4.0.0
- Version:
- $Revision$ $Date$
-
-
Field Summary
Fields Modifier and Type Field Description protected static PortalCache<AccessControlList>
aclCache
protected static java.lang.ThreadLocal<java.lang.Boolean>
checkRequiredPermissionsInternalFlag
-
Constructor Summary
Constructors Constructor Description AclManager()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected java.lang.String
add(AccessControlList parentAcl, java.util.HashMap<java.lang.Integer,java.lang.Integer> permissionsMap, int[] implies, ITransaction transaction)
void
add(AccessControlList acl, ITransaction transaction)
void
addOrUpdate(AccessControlList acl, ITransaction transaction)
boolean
checkPermission(SessionConfig sessionConfig, java.lang.String userId, java.lang.String itemId, IPermission permission, ITransaction transaction)
For the given principalId, all the groups that the principal is member of (recursively) are collected and permission is calculated on this collection.boolean
checkPermission(SessionConfig sessionConfig, java.lang.String itemId, IPermission permission, ITransaction transaction)
Verify if the permission is valid for the sessionConfig's user.protected void
checkRequiredPermissionsInternal(AccessControlList acl)
Checks if the required permissions were given for someone.protected void
cleanupInvalidData(AccessControlList acl)
void
clearCache(ITransaction transaction)
Clears all ACL cache.void
delete(java.lang.String aclId, ITransaction transaction)
Deletes an acl.void
deleteAclEntryByPrincipalId(java.lang.String principalId, ITransaction transaction)
Delete ACL entries in all ACLs for the specified principal.java.lang.String
deserialize(SessionConfig sessionConfig, DeserializationConfig deserializationConfig, org.w3c.dom.Node accessControlListNode, boolean onlyAddSimpleAcls, ITransaction transaction)
boolean
exists(java.lang.String aclId, ITransaction transaction)
abstract AccessControlList
get(SessionConfig sessionConfig, java.lang.String id, ITransaction transaction)
protected abstract AccessControlList
getAclInternal(SessionConfig sessionConfig, java.lang.String itemId, ITransaction transaction)
protected abstract int
getRequiredPermissions()
boolean
keyExists(SessionConfig sessionConfig, java.lang.Object configKey, java.lang.Object config, ITransaction transaction)
Checks if configId matches an already persisted objectvoid
removeFromCache(java.lang.String aclId, ITransaction transaction)
Allows removal of cached itemsvoid
serialize(SessionConfig sessionConfig, java.lang.String securableId, java.io.OutputStream outputStream, ITransaction transaction)
protected void
update(AccessControlList acl, ITransaction transaction)
-
-
-
Field Detail
-
aclCache
protected static PortalCache<AccessControlList> aclCache
-
checkRequiredPermissionsInternalFlag
protected static final java.lang.ThreadLocal<java.lang.Boolean> checkRequiredPermissionsInternalFlag
-
-
Method Detail
-
get
public abstract AccessControlList get(SessionConfig sessionConfig, java.lang.String id, ITransaction transaction) throws ManagerException, PortalException
- Throws:
ManagerException
PortalException
-
getAclInternal
protected abstract AccessControlList getAclInternal(SessionConfig sessionConfig, java.lang.String itemId, ITransaction transaction) throws ManagerException, PortalException
- Throws:
ManagerException
PortalException
-
getRequiredPermissions
protected abstract int getRequiredPermissions() throws PortalException
- Throws:
PortalException
-
checkRequiredPermissionsInternal
protected void checkRequiredPermissionsInternal(AccessControlList acl) throws PortalException
Checks if the required permissions were given for someone. If not an exception is thrown.- Parameters:
acl
- the acl to be checked.- Throws:
PortalException
- if the required permissions were not given.
-
add
protected java.lang.String add(AccessControlList parentAcl, java.util.HashMap<java.lang.Integer,java.lang.Integer> permissionsMap, int[] implies, ITransaction transaction) throws PortalException
- Throws:
PortalException
-
add
public void add(AccessControlList acl, ITransaction transaction) throws PortalException
- Specified by:
add
in interfaceIAclManager
- Throws:
PortalException
-
exists
public boolean exists(java.lang.String aclId, ITransaction transaction) throws DaoException, PortalException
- Specified by:
exists
in interfaceIAclManager
- Throws:
DaoException
PortalException
-
update
protected void update(AccessControlList acl, ITransaction transaction) throws ManagerException, PortalException
- Throws:
ManagerException
PortalException
-
addOrUpdate
public void addOrUpdate(AccessControlList acl, ITransaction transaction) throws ManagerException, PortalException
- Specified by:
addOrUpdate
in interfaceIAclManager
- Throws:
ManagerException
PortalException
-
cleanupInvalidData
protected void cleanupInvalidData(AccessControlList acl) throws PortalException
- Throws:
PortalException
-
delete
public void delete(java.lang.String aclId, ITransaction transaction) throws PortalException
Description copied from interface:IAclManager
Deletes an acl.This method does not delete the acl's children. They must have been deleted or the foreign key constraints will not allow their parent to be deleted.
- Specified by:
delete
in interfaceIAclManager
- Parameters:
aclId
- the id of the acl to be deleted from persistence.transaction
- the transaction for persistence access.- Throws:
PortalException
-
deleteAclEntryByPrincipalId
public void deleteAclEntryByPrincipalId(java.lang.String principalId, ITransaction transaction) throws PortalException
Description copied from interface:IAclManager
Delete ACL entries in all ACLs for the specified principal.- Specified by:
deleteAclEntryByPrincipalId
in interfaceIAclManager
- Throws:
DaoException
PortalException
-
removeFromCache
public void removeFromCache(java.lang.String aclId, ITransaction transaction) throws DaoException, PortalException
Description copied from interface:IAclManager
Allows removal of cached items- Specified by:
removeFromCache
in interfaceIAclManager
- Throws:
DaoException
PortalException
-
clearCache
public void clearCache(ITransaction transaction) throws PortalException
Description copied from interface:IAclManager
Clears all ACL cache.- Specified by:
clearCache
in interfaceIAclManager
- Parameters:
transaction
- the transaction for persistence access. If null, the cache is just cleared, else it is cleared as a transactional operation as specified inPortalCache.clear(ITransaction)
.- Throws:
PortalException
-
checkPermission
public boolean checkPermission(SessionConfig sessionConfig, java.lang.String itemId, IPermission permission, ITransaction transaction) throws ManagerException, PortalException
Description copied from interface:IAclManager
Verify if the permission is valid for the sessionConfig's user.- Specified by:
checkPermission
in interfaceIAclManager
- Returns:
- Returns the true or false value.
- Throws:
ManagerException
PortalException
-
checkPermission
public boolean checkPermission(SessionConfig sessionConfig, java.lang.String userId, java.lang.String itemId, IPermission permission, ITransaction transaction) throws ManagerException, PortalException
For the given principalId, all the groups that the principal is member of (recursively) are collected and permission is calculated on this collection.- Specified by:
checkPermission
in interfaceIAclManager
- Returns:
- Throws:
ManagerException
PortalException
-
serialize
public void serialize(SessionConfig sessionConfig, java.lang.String securableId, java.io.OutputStream outputStream, ITransaction transaction) throws ManagerException, PortalException
- Specified by:
serialize
in interfaceIAclManager
- Throws:
ManagerException
PortalException
-
deserialize
public java.lang.String deserialize(SessionConfig sessionConfig, DeserializationConfig deserializationConfig, org.w3c.dom.Node accessControlListNode, boolean onlyAddSimpleAcls, ITransaction transaction) throws ManagerException, PortalException
- Specified by:
deserialize
in interfaceIAclManager
- Throws:
ManagerException
PortalException
-
keyExists
public boolean keyExists(SessionConfig sessionConfig, java.lang.Object configKey, java.lang.Object config, ITransaction transaction)
Description copied from interface:IConfigKeyChecker
Checks if configId matches an already persisted object- Specified by:
keyExists
in interfaceIConfigKeyChecker
config
- Optional, allows a checker to read aditional fields to check composed keys- Returns:
- true if configId matches an already persisted object
-
-