org.mmbase.security
Class NoAuthorization

java.lang.Object
  org.mmbase.security.Configurable
      org.mmbase.security.Authorization
          org.mmbase.security.NoAuthorization

public final class NoAuthorization

extends Authorization

This class is used when no authorization is configured. Everything is allowed.

Version:

$Id: NoAuthorization.java,v 1.11 2005/01/30 16:46:34 nico Exp $

Author:

Eduard Witteveen

Nested Class Summary

Nested classes inherited from class org.mmbase.security.Authorization

Authorization.QueryCheck

Field Summary

Fields inherited from class org.mmbase.security.Authorization

COMPLETE_CHECK, NO_CHECK

Fields inherited from class org.mmbase.security.Configurable

configFile, configResource, configWatcher, manager

Constructor Summary

NoAuthorization()

Method Summary

boolean	check(UserContext user, int nodeid, int srcNodeid, int dstNodeid, Operation operation) No authorization means that everyting is allowed
boolean	check(UserContext user, int nodeid, Operation operation) No authorization means that everyting is allowed
Authorization.QueryCheck	check(UserContext user, Query query, Operation operation) Checks rights on a query.
void	create(UserContext user, int nodeid) This method does nothing
String	getContext(UserContext user, int nodeid) This method does nothing, except from giving a specified string back
Set	getPossibleContexts(UserContext user, int nodeid) This method does nothing, except from returning a dummy value
protected void	load() This method does nothing
void	remove(UserContext user, int nodeid) This method does nothing
void	setContext(UserContext user, int nodeid, String context) Since this is not authorization, we simply allow every change of context.
void	update(UserContext user, int nodeid) This method does nothing
void	verify(UserContext user, int nodeid, int srcNodeid, int dstNodeid, Operation operation) This method does nothing
void	verify(UserContext user, int nodeid, Operation operation) This method does nothing

Methods inherited from class org.mmbase.security.Configurable

load

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NoAuthorization

public NoAuthorization()

Method Detail

load

protected void load()

This method does nothing

Specified by:

load in class Configurable

create

public void create(UserContext user,
                   int nodeid)

This method does nothing

Specified by:

create in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has just been added to the MMBase cloud.

update

public void update(UserContext user,
                   int nodeid)

This method does nothing

Specified by:

update in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has just been changed in the cloud.

remove

public void remove(UserContext user,
                   int nodeid)

This method does nothing

Specified by:

remove in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has just been removed in the cloud.

check

public boolean check(UserContext user,
                     int nodeid,
                     Operation operation)

No authorization means that everyting is allowed

Specified by:

check in class Authorization

Parameters:

user - The UserContext, containing the information the user.

nodeid - The id of the MMObjectNode, which has to be checked. It the action is CREATE then this will be interpreted as a typedef node.

operation - The operation which will be performed.

Returns:

true

verify

public void verify(UserContext user,
                   int nodeid,
                   Operation operation)
            throws SecurityException

This method does nothing

Overrides:

verify in class Authorization

Throws:

SecurityException - If the assertion fails

See Also:

Authorization.check(UserContext, int, Operation)

check

public boolean check(UserContext user,
                     int nodeid,
                     int srcNodeid,
                     int dstNodeid,
                     Operation operation)

No authorization means that everyting is allowed

Specified by:

check in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the relation which has to be checked. If the operation is CREATE then this will be interpreted as the typedef node (extending insrel) for the relation to be created.

srcNodeid - The id of the (new) source node of the relation.

dstNodeid - The id of the (new) destination node of the relation.

operation - The operation which will be performed (CREATE (create relation) or CHANGE_RELATION (source and/or destination are changed).

Returns:

true

verify

public void verify(UserContext user,
                   int nodeid,
                   int srcNodeid,
                   int dstNodeid,
                   Operation operation)
            throws SecurityException

This method does nothing

Overrides:

verify in class Authorization

Throws:

SecurityException - If the assertion fails

See Also:

Authorization.check(UserContext, int, int, int, Operation)

getContext

public String getContext(UserContext user,
                         int nodeid)
                  throws SecurityException

This method does nothing, except from giving a specified string back

Specified by:

getContext in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has to be asserted.

Returns:

the context setting of the node.

Throws:

SecurityException - If operation is not allowed(needs read rights)

setContext

public void setContext(UserContext user,
                       int nodeid,
                       String context)
                throws SecurityException

Since this is not authorization, we simply allow every change of context.

Specified by:

setContext in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has to be asserted.

context - The context which rights the node will get

Throws:

SecurityException - If operation is not allowed

getPossibleContexts

public Set getPossibleContexts(UserContext user,
                               int nodeid)
                        throws SecurityException

This method does nothing, except from returning a dummy value

Specified by:

getPossibleContexts in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeid - The id of the MMObjectNode, which has to be asserted.

Returns:

a Set of Strings which represent a context in readable form..

Throws:

SecurityException

check

public Authorization.QueryCheck check(UserContext user,
                                      Query query,
                                      Operation operation)

Description copied from class: Authorization

Checks rights on a query. This means that the query is explored and (if possible) a constraint for it is constructed, which, if appied to the query, makes it return only checked results for the given user. Of course, this will normally only be implemented for the 'READ' operation. The constraint is not applied automaticly. This has to be done by using BasicQuery.setSecurityConstraint().

Overrides:

check in class Authorization

Parameters:

user - The UserContext, for which the query must be considered

query - The query to be explored

Returns:

A Authorization.QueryCheck structure (containing whether the constriant is sufficient, and the new constraint or null).