public class CoreSecurityManager extends SecurityManagerImpl
SecurityManager
.Constructor and Description |
---|
CoreSecurityManager()
Constructs a CoreSecurityManager.
|
CoreSecurityManager(FdkSession session)
Constructs a CoreSecurityManager.
|
Modifier and Type | Method and Description |
---|---|
Item |
addGrants(long id,
NamedValue[] def,
AttributeRequest[] attributes)
Adds the specified grants to the SecurityConfiguration of the target item.
|
boolean |
checkPermission(long target,
long userOrGroup,
long permission)
Determines whether the given DirectoryObject has the given permission
on the given target object.
|
Item |
createRole(long target,
NamedValue[] def,
AttributeRequest[] attributes)
Creates a new Role for use in the target domain.
|
void |
deleteRole(long id,
NamedValue[] def)
Deletes a Role.
|
Item |
findRoleByKey(String key,
AttributeRequest[] attributes)
Fetches a single OOTB role by its registered role key.
|
Item[] |
getComputedGranteeList(long target,
long role,
AttributeRequest[] attributes)
Returns the set of users that are granted the specified role on the
specified SecurityConfiguration.
|
Item[] |
getComputedGroupGranteeList(long target,
long role,
AttributeRequest[] attributes)
Returns the set of groups that are granted the specified role on the
specified SecurityConfiguration.
|
Item[] |
getComputedUserGranteeList(long target,
long role,
AttributeRequest[] attributes)
Returns the set of users that are granted the specified role on the
specified SecurityConfiguration.
|
protected FdkSessionImpl |
getConnectedSession()
Return the web service session.
|
Item |
getRole(long id,
AttributeRequest[] attributes)
Fetches a single role
|
Item |
getRoleByName(String name,
AttributeRequest[] attributes)
Fetches a single role by its common name.
|
boolean |
hasOnlyExplicitGrantedAccess(long target,
long user)
Returns true if the specified user has a grant on the specified public
object that names the user as the grantee, and the permissions granted
by this grant represent all the permissions of that user on the public
object.
|
boolean |
hasPropagatingGrants(long target,
long user)
Returns true if the specified user has any grants on the specified
SecurityConfiguration that propagated from a parent.
|
protected boolean |
isWebServiceCall()
Returns
true if the current call was made from a web services
client. |
Item[] |
listRoles(long id,
NamedValue[] options,
AttributeRequest[] attributes)
Returns the available security roles in the domain that apply to the given
target object.
|
Item[] |
listRolesByItemType(String itemName,
NamedValue[] options,
AttributeRequest[] attributes)
Returns the available security roles in the domain that apply to the
given target object class.
|
protected NamedValue[] |
login(FdkCredential c,
NamedValue[] options,
AttributeRequest[] userAttributes)
Internal login method used by web services login managers.
|
void |
referenceTypes(TypeReference ref)
Dummy web service method to create a reference to data types used
in the web services to insure that they are defined in the WSDL.
|
void |
removeSecurityConfiguration(long id)
Removes the SecurityConfiguration from the target item.
|
Item |
setSecurityConfiguration(long id,
NamedValue[] def,
AttributeRequest[] attributes)
Updates the SecurityConfiguration of the target item.
|
Item |
updateRole(long id,
NamedValue[] def,
AttributeRequest[] attributes)
Updates a Role.
|
public CoreSecurityManager()
public CoreSecurityManager(FdkSession session)
session
- FDK session contextpublic Item getRoleByName(String name, AttributeRequest[] attributes) throws FdkException
SecurityManager
Note that this method should not
be used for pre-defined roles; use findRoleByKey
instead.
name
- Common name of the role.attributes
- Additional attributes to be fetched.FdkException
- if the operation fails.public Item getRole(long id, AttributeRequest[] attributes) throws FdkException
SecurityManager
id
- Id of the role.attributes
- Additional attributes to be fetched.FdkException
- if the operation fails.public Item findRoleByKey(String key, AttributeRequest[] attributes) throws FdkException
SecurityManager
key
- Registered role key of the role, which must match
one of the ECM_ROLEKEY-prefixed strings in
FdkConstants.attributes
- Additional attributes to be fetched.FdkException
- if the operation fails.public Item[] listRoles(long id, NamedValue[] options, AttributeRequest[] attributes) throws FdkException
SecurityManager
id
- the id of the target objectoptions
- Options on the retrieved list. Valid options are:
attributes
- attributes to retrieve.FdkException
- if the operation fails.public Item[] listRolesByItemType(String itemName, NamedValue[] options, AttributeRequest[] attributes) throws FdkException
SecurityManager
itemName
- ItemTypes string representing these supported types:
options
- Options on the retrieved list. Valid options are:
attributes
- attributes to retrieve.FdkException
- if the operation fails.public Item createRole(long target, NamedValue[] def, AttributeRequest[] attributes) throws FdkException
SecurityManager
target
- The ID of the target domain.def
- Attributes for the new role.
ClientUtils.getSupportedCapabilities()
.
You can OR these capabilities to create an
ACCESS_LEVEL.
attributes
- requested attributes for each item, or null.FdkException
- if the operation fails.public void deleteRole(long id, NamedValue[] def) throws FdkException
SecurityManager
id
- The ID of the target role.def
- Optional attributes.FdkException
- if the operation fails.public Item updateRole(long id, NamedValue[] def, AttributeRequest[] attributes) throws FdkException
SecurityManager
id
- The ID of the target role.def
- New attributes for the role.
ClientUtils.getSupportedCapabilities()
.
You can OR these capabilities to create an
ACCESS_LEVEL.
attributes
- the requested attributes for the itemFdkException
- if the operation fails.public Item setSecurityConfiguration(long id, NamedValue[] def, AttributeRequest[] attributes) throws FdkException
SecurityManager
Note: to execute this operation asynchronously, specify the optional
RUN_ASYNC
option with a value of Boolean.TRUE
.
The following restrictions are enforced for Attributes.GRANT
id
- The ID of the target objectdef
- Attributes for the securityconfiguration.
attributes
- requested attributes for each item, or null.FdkException
- if the operation fails.public Item addGrants(long id, NamedValue[] def, AttributeRequest[] attributes) throws FdkException
SecurityManager
Note: to execute this operation asynchronously, specify the optional
RUN_ASYNC
option with a value of Boolean.TRUE
.
id
- The ID of the target objectdef
- Attributes for the securityconfiguration.
attributes
- requested attributes for each item, or null.FdkException
- if the operation fails.public void removeSecurityConfiguration(long id) throws FdkException
SecurityManager
id
- The ID of the target itemFdkException
- if the operation fails.public boolean checkPermission(long target, long userOrGroup, long permission) throws FdkException
SecurityManager
target
- The ID of the target PublicObject.userOrGroup
- The ID of the DirectoryObject.permission
- The long (bit value) representing the permission bit.FdkException
- if the operation fails.public Item[] getComputedGranteeList(long target, long role, AttributeRequest[] attributes) throws FdkException
SecurityManager
target
- The ID of the target security configuration.role
- The ID of the role.attributes
- Attributes on the users to retrieve.FdkException
- if the operation fails.public Item[] getComputedUserGranteeList(long target, long role, AttributeRequest[] attributes) throws FdkException
SecurityManager
target
- The ID of the target security configuration.role
- The ID of the role.attributes
- Attributes on the users to retrieve.FdkException
- if the operation fails.public Item[] getComputedGroupGranteeList(long target, long role, AttributeRequest[] attributes) throws FdkException
SecurityManager
target
- The ID of the target security configuration.role
- The ID of the role.attributes
- Attributes on the groups to retrieve.FdkException
- if the operation fails.public boolean hasPropagatingGrants(long target, long user) throws FdkException
SecurityManager
target
- The ID of the target SecurityConfiguration.user
- The ID of the desired user.FdkException
- if the operation fails.public boolean hasOnlyExplicitGrantedAccess(long target, long user) throws FdkException
SecurityManager
target
- The ID of the target SecurityConfiguration.user
- The ID of the desired user.FdkException
- if the operation fails.protected final boolean isWebServiceCall()
true
if the current call was made from a web services
client. This check can be made by any subclasses in order to determine
functionality and restrictions based on the originating call. This
feature should be used lightly and only where really necessary as
this is not an idea way of implementing business logic.public void referenceTypes(TypeReference ref)
protected final NamedValue[] login(FdkCredential c, NamedValue[] options, AttributeRequest[] userAttributes) throws FdkException
FdkException
protected final FdkSessionImpl getConnectedSession() throws FdkException
FdkException
Copyright © 2023. All rights reserved.