org.tentackle.appworx
Class SecurityManager

java.lang.Object
  org.tentackle.appworx.SecurityManager

public class SecurityManager
extends Object

The SecurityManager applies Security-rules to AppDbObjects and grants or denies privileges.
The rules themselves are AppDbObjects and thus can be easily stored in the database. The SecurityManager keeps a list of rules that belong to a user. Again, this can easily be extended to roles. The list of rules is interpreted as an ACL (access control list). Whenever a privilege is checked, the list is processes until a rule fires. If no rule fires the default result is returned, which is ether granted or denied.

Author:

harald

Field Summary

static ContextDb

serverContextDb ContextDb to enable "server mode".

Constructor Summary

SecurityManager()
Creates a disabled security manager.

SecurityManager(AppDbObject user)
Creates a security manager for given user.

SecurityManager(ContextDb contextDb, long userId)
Creates a security manager for a given database context and user.

Method Summary

protected void	addForGrantId(long grantId) Adds the Security rules for a given grantee ID to the ACL cache.
ContextDb	getContextDb() Gets the database context for this manager.
Class	getSecurityClass() Gets the class for Security rules. Must be overridden in apps if Security is extended.
Class	getSecurityDialogClass() Gets the Class of a SecurityDialog. Override in apps if the SecurityDialog is not tentackle's one.
SecurityResult	getSecurityDialogPrivilege() Checks whether the user is allowed to invoke the SecurityDialog.
long	getUserId() Gets the object ID of the user's identity.
protected void	initialize() Initializes the ACL. Must be overridden to implement roles.
static void	invalidateAll() Marks the rules cache invalid in all security managers.
boolean	isAcceptByDefault() Determines whether this manager accepts by default, i.e.
boolean	isDenyByDefault() Determines whether this manager denies by default, i.e.
boolean	isEnabled() Determines whether this manager is enabled.
SecurityDialog	newSecurityDialogInstance(AppDbObject object) Creates a new SecurityDialog instance for a given data object.
SecurityDialog	newSecurityDialogInstance(ContextDb contextDb) Creates a new SecurityDialog for the SecurityDialog itself.
SecurityDialog	newSecurityDialogInstance(ContextDb contextDb, Class clazz) Creates a new SecurityDialog instance for a class figuring out its permission type.
SecurityDialog	newSecurityDialogInstance(ContextDb contextDb, int permissionType, Class clazz) Creates a new SecurityDialog instance for a class and permission type.
SecurityDialog	newSecurityDialogInstance(ContextDb contextDb, int permissionType, Class clazz, long id) Creates a new SecurityDialog. The dialog edits the rules for a given object or class.
Security	newSecurityInstance() Creates a new Security instance. Security instances should not be created by their constructor.
SecurityResult	privilege(AppDbObject obj, ContextDb contextDb, int permission) Checks a privilege for an AppDbObject. Usually the object-ID rules come first and then the objectclass-rules.
SecurityResult	privilege(AppDbObject obj, int permission) Checks a privilege for an AppDbObject. Usually the object-ID rules come first and then the objectclass-rules.
SecurityResult	privilege(Class clazz, ContextDb contextDb, int permission) Checks a privilege for class only.
SecurityResult	privilege(Class clazz, ContextDb contextDb, long objectId, int permission) Checks a privilege.
void	setAcceptByDefault(boolean acceptByDefault) Sets the default behaviour for "no rules found" for the SecurityResult to "accepted".
void	setDenyByDefault(boolean denyByDefault) Sets the default behaviour for "no rules found" for the SecurityResult to "denied".
void	setEnabled(boolean enabled) Enables/disables this security manager. If it is disabled, all requests return GRANT_DEFAULT, which usually will be treated by the application as GRANT_ACCEPT.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

serverContextDb

public static ContextDb serverContextDb

ContextDb to enable "server mode". In servers (especially web servers) it makes sense to preload _all_ security rules once for all grantees and then to create manager instances sharing the rules among their grantees. By default server mode is turned off (null)

Constructor Detail

SecurityManager

public SecurityManager(ContextDb contextDb,
                       long userId)

Creates a security manager for a given database context and user.

Parameters:

contextDb - the database context

userId - the object ID of the user

SecurityManager

public SecurityManager(AppDbObject user)

Creates a security manager for given user.

Parameters:

user - the user

SecurityManager

public SecurityManager()

Creates a disabled security manager. This is the default manager.

Method Detail

invalidateAll

public static void invalidateAll()

Marks the rules cache invalid in all security managers. This method is invoked whenever some Security rules change in the database.

newSecurityInstance

public Security newSecurityInstance()

Creates a new Security instance.
Security instances should not be created by their constructor. Instead, the security manager should be used to create it. Must be overridden in apps if Security is extended.

Returns:

an empty Security object in contextDb-context

getSecurityClass

public Class getSecurityClass()

Gets the class for Security rules.
Must be overridden in apps if Security is extended.

Returns:

the class for security rules

newSecurityDialogInstance

public SecurityDialog newSecurityDialogInstance(ContextDb contextDb,
                                                int permissionType,
                                                Class clazz,
                                                long id)
                                         throws ApplicationException

Creates a new SecurityDialog.
The dialog edits the rules for a given object or class. Override in apps if the SecurityDialog is not tentackle's one.

Parameters:

contextDb - the contextDb

clazz - the class to set security rules for. (use org.tentackle.appworx.SecurityDialog.class if working on security itself)

permissionType - the kind of permission set. If 0, will be determined from clazz (if AppDbObject) or set to Security.TYPE_PROGRAM otherwise.

id - he object id in clazz (if clazz is a AppDbObject) or null if all objects or clazz is not a AppDbObject.

Returns:

the security dialog

Throws:

ApplicationException - is setup failed

newSecurityDialogInstance

public final SecurityDialog newSecurityDialogInstance(AppDbObject object)
                                               throws ApplicationException

Creates a new SecurityDialog instance for a given data object.

Parameters:

object - the AppDbObject

Returns:

the security dialog

Throws:

ApplicationException - is setup failed

newSecurityDialogInstance

public final SecurityDialog newSecurityDialogInstance(ContextDb contextDb,
                                                      int permissionType,
                                                      Class clazz)
                                               throws ApplicationException

Creates a new SecurityDialog instance for a class and permission type.

Parameters:

contextDb - the contextDb-context

permissionType - the permission type

clazz - the class

Returns:

the security dialog

Throws:

ApplicationException - is setup failed

newSecurityDialogInstance

public final SecurityDialog newSecurityDialogInstance(ContextDb contextDb,
                                                      Class clazz)
                                               throws ApplicationException

Creates a new SecurityDialog instance for a class figuring out its permission type.

Parameters:

contextDb - the contextDb-context

clazz - the class

Returns:

the security dialog

Throws:

ApplicationException - is setup failed

newSecurityDialogInstance

public final SecurityDialog newSecurityDialogInstance(ContextDb contextDb)
                                               throws ApplicationException

Creates a new SecurityDialog for the SecurityDialog itself. The default implementation works on the permissions of the Security-class.

Parameters:

contextDb - the contextDb-context

Returns:

the security dialog

Throws:

ApplicationException - is setup failed

getSecurityDialogClass

public Class getSecurityDialogClass()

Gets the Class of a SecurityDialog.
Override in apps if the SecurityDialog is not tentackle's one.

Returns:

the class

getContextDb

public ContextDb getContextDb()

Gets the database context for this manager.

Returns:

the database context

getUserId

public long getUserId()

Gets the object ID of the user's identity.

Returns:

the object ID

getSecurityDialogPrivilege

public SecurityResult getSecurityDialogPrivilege()

Checks whether the user is allowed to invoke the SecurityDialog. The default implementation checks the write-permission of the Security-class.

Returns:

the security result

privilege

public SecurityResult privilege(Class clazz,
                                ContextDb contextDb,
                                long objectId,
                                int permission)

Checks a privilege.

Parameters:

clazz - the class, for example a FormDialog or an AppDbObject (never null!)

contextDb - the context-Db the object or class is used in, null = all

objectId - the objectId or 0 if applies to class, -1 for "any object of given class"

permission - the requested permission(s)

Returns:

a SecurityResult

privilege

public SecurityResult privilege(Class clazz,
                                ContextDb contextDb,
                                int permission)

Checks a privilege for class only.

Parameters:

clazz - the class, for example a FormDialog or an AppDbObject (never null!)

contextDb - the context-Db the object or class is used in, null = all

permission - the requested permission(s)

Returns:

a SecurityResult

See Also:

privilege(java.lang.Class, org.tentackle.appworx.ContextDb, long, int)

privilege

public SecurityResult privilege(AppDbObject obj,
                                ContextDb contextDb,
                                int permission)

Checks a privilege for an AppDbObject.
Usually the object-ID rules come first and then the objectclass-rules. This combines the two. Note: if contextDb is null, the context from the obj will be used. However, usually only the basecontext makes sense.

Parameters:

obj - the database object (never null!)

contextDb - the optional database context the object is used in, null = object's contextDb

permission - the requested permission(s)

Returns:

a SecurityResult

See Also:

privilege(java.lang.Class, org.tentackle.appworx.ContextDb, long, int)

privilege

public SecurityResult privilege(AppDbObject obj,
                                int permission)

Checks a privilege for an AppDbObject.
Usually the object-ID rules come first and then the objectclass-rules. This combines the two.

Parameters:

obj - the database object (never null!)

permission - the requested permission(s)

Returns:

a SecurityResult

See Also:

privilege(org.tentackle.appworx.AppDbObject, org.tentackle.appworx.ContextDb, int)

initialize

protected void initialize()

Initializes the ACL.
Must be overridden to implement roles. Example:

  protected void initialize() {
    super.initialize();
    // get all role IDs the user belongs to
    for (Role r: new Role(getContextDb()).selectByUserId(getUserId()))  {
      addForGrantId(r.getId());
    }
  } 
 

addForGrantId

protected void addForGrantId(long grantId)

Adds the Security rules for a given grantee ID to the ACL cache.

Parameters:

grantId - the grantee ID

isEnabled

public boolean isEnabled()

Determines whether this manager is enabled.

Returns:

true if enabled.

setEnabled

public void setEnabled(boolean enabled)

Enables/disables this security manager.
If it is disabled, all requests return GRANT_DEFAULT, which usually will be treated by the application as GRANT_ACCEPT. If enabled, the real GRANT will be returned. Notice that an enabled manager will return GRANT_DENY if the userId is 0!

Parameters:

enabled - New value of property enabled.

See Also:

setAcceptByDefault(boolean)

isAcceptByDefault

public boolean isAcceptByDefault()

Determines whether this manager accepts by default, i.e. if no matching rule is found for a privilege.

Returns:

true if accept by default

setAcceptByDefault

public void setAcceptByDefault(boolean acceptByDefault)

Sets the default behaviour for "no rules found" for the SecurityResult to "accepted". This is the default.

Notice: setting both acceptByDefault and denyByDefault to false will return "neither accepted nor denied" security results if no rules fire.

Parameters:

acceptByDefault - true if SecurityResult.isAccepted() returns true if no rules found.

isDenyByDefault

public boolean isDenyByDefault()

Determines whether this manager denies by default, i.e. if no matching rule is found for a privilege.

Returns:

true if deny by default

setDenyByDefault

public void setDenyByDefault(boolean denyByDefault)

Sets the default behaviour for "no rules found" for the SecurityResult to "denied". The default is false.

Notice: setting both acceptByDefault and denyByDefault to false will return "neither accepted nor denied" security results if no rules fire.

Parameters:

denyByDefault - true if SecurityResult.isDenied() returns true if no rules found.