org.mmbase.security
Class Authorization

java.lang.Object
  |
  +--org.mmbase.security.Authorization

Direct Known Subclasses:

ContextAuthorization, NoAuthorization, OwnerAuthorization, Verify

public abstract class Authorization

extends java.lang.Object

This class is a empty implementation of the Authorization, it will only return that operations are valid. To make your own implementation of authorization, you have to extend this class.

Version:

$Id: Authorization.java,v 1.13 2002/07/26 08:47:33 vpro Exp $

Author:

Eduard Witteveen

Field Summary

protected java.io.File	configFile The absolute file which is the config file
protected FileWatcher	fileWatcher The file watcher
protected MMBaseCop	manager The SecurityManager, who created this instance

Constructor Summary

Authorization()

Method Summary

abstract boolean	check(UserContext user, int nodeid, int srcnodeid, int dstnodeid, Operation operation) This method could be overrided by an extending class.
abstract boolean	check(UserContext user, int nodeid, Operation operation) This method could be overrided by an extending class.
abstract void	create(UserContext user, int nodeid) This method could be overrided by an extending class.
abstract java.lang.String	getContext(UserContext user, int nodeid) This method could be overrided by an extending class.
abstract java.util.Set	getPossibleContexts(UserContext user, int nodeid) This method could be overrided by an extending class.
protected abstract void	load() This method could be overrided by an extending class.
void	load(MMBaseCop manager, FileWatcher fileWatcher, java.lang.String configPath) The method which sets the settings of this class.
abstract void	remove(UserContext user, int nodeid) This method could be overrided by an extending class.
abstract void	setContext(UserContext user, int nodeid, java.lang.String context) This method could be overrided by an extending class.
abstract void	update(UserContext user, int nodeid) This method could be overrided by an extending class.
void	verify(UserContext user, int nodeid, int srcnodeid, int dstnodeid, Operation operation) This method could be overrided by an extending class.
void	verify(UserContext user, int nodeid, Operation operation) This method could be overrided by an extending class.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

manager

protected MMBaseCop manager

The SecurityManager, who created this instance

configFile

protected java.io.File configFile

The absolute file which is the config file

fileWatcher

protected FileWatcher fileWatcher

The file watcher

Constructor Detail

Authorization

public Authorization()

Method Detail

load

public final void load(MMBaseCop manager,
                       FileWatcher fileWatcher,
                       java.lang.String configPath)

The method which sets the settings of this class. This method is shouldn't be overrided. This class will set the member variables of this class and then call the member function load();

Parameters:

manager - The class that created this instance.

fileWatcher - checks the files

configPath - The url which contains the config information for. the authorization.

load

protected abstract void load()

This method could be overrided by an extending class. It should set the settings for this class, and when needed retrieve them from the file at location configPath.

create

public abstract void create(UserContext user,
                            int nodeid)

This method could be overrided by an extending class. It has to be called, when a new Node has been created. This way, the authentication can create default rights for this object, depending on the UserContext and generate logging information.

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has just been added to the MMBase cloud.

update

public abstract void update(UserContext user,
                            int nodeid)

This method could be overrided by an extending class. It has to be called, when a Node has been changed. This way, the authentication can generate log information for this object, which can be used for accountability

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has just been changed in the cloud.

remove

public abstract void remove(UserContext user,
                            int nodeid)

This method could be overrided by an extending class. It has to be called, when a Node has been removed from the cloud. This way, the authentication can generate log information for this node, and remove the authorization object which belongs to this node.

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has just been removed in the cloud.

check

public abstract boolean check(UserContext user,
                              int nodeid,
                              Operation operation)

This method could be overrided by an extending class. This method checks if an operation is permitted on a certain node done by a certain user.

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has to be checked.

operation - The operation which will be performed.

Returns:

true if the operation is permitted, false if the operation is not permitted,

verify

public void verify(UserContext user,
                   int nodeid,
                   Operation operation)
            throws SecurityException

This method could be overrided by an extending class. This method asserts that an operation is permitted on a certain node done by a certain user. If not, a exception is thrown

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has to be asserted.

operation - The operation which will be performed.

Throws:

org.mmbase.SecurityException - If the assertion fails

check

public abstract boolean check(UserContext user,
                              int nodeid,
                              int srcnodeid,
                              int dstnodeid,
                              Operation operation)

This method could be overrided by an extending class. This method checks if the creation of a certain relation or changing the source or destination of a certain relation done by a certain user is permitted.

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the relation which has to be checked.

srcnodeid - The id of the (new) source node of the relation.

dstnodeid - The id of the (new) destination node of the relation.

operation - The operation which will be performed (CREATE (create relation) or CHANGE_RELATION (source and/or destination are changed).

Returns:

true if the operation is permitted, false if the operation is not permitted,

verify

public void verify(UserContext user,
                   int nodeid,
                   int srcnodeid,
                   int dstnodeid,
                   Operation operation)
            throws SecurityException

This method could be overrided by an extending class. This method asserts that creation of a certain relation or changing the source or destination of a certain relation done by a certain user is permitted. If not, an exception is thrown

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the relation which has to be asserted.

srcnodeid - The id of the (new) source node of the relation.

dstnodeid - The id of the (new) destination node of the relation.

operation - The operation which will be performed (CREATE (create relation) or CHANGE_RELATION (source and/or destination are changed).

Throws:

org.mmbase.SecurityException - If the assertion fails

getContext

public abstract java.lang.String getContext(UserContext user,
                                            int nodeid)
                                     throws SecurityException

This method could be overrided by an extending class. This method returns the context of a specific node.

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has to be asserted.

Returns:

the context setting of the node.

Throws:

org.mmbase.SecurityException - If operation is not allowed(needs read rights)

setContext

public abstract void setContext(UserContext user,
                                int nodeid,
                                java.lang.String context)
                         throws SecurityException

This method could be overrided by an extending class. This method changes the rights on a node, by telling the authorization that it should use the context which is defined.

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has to be asserted.

context - The context which rights the node will get

Throws:

org.mmbase.SecurityException - If operation is not allowed

org.mmbase.SecurityException - If context is not known

getPossibleContexts

public abstract java.util.Set getPossibleContexts(UserContext user,
                                                  int nodeid)
                                           throws SecurityException

This method could be overrided by an extending class. This method returns a list of contexts which can be used to change the node.

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has to be asserted.

Returns:

a Set of Strings which represent a context in readable form..

Throws:

org.mmbase.SecurityException - maybe