org.mmbase.security.implementation.context
Class ContextAuthorization

java.lang.Object
  extended byorg.mmbase.security.Configurable
      extended byorg.mmbase.security.Authorization
          extended byorg.mmbase.security.implementation.context.ContextAuthorization

public class ContextAuthorization
extends Authorization

Authorization based on a XML-configuration file. The XML file contains users, groups and contexts. Contextes provide rights to users and/or groups and are identified by a string (which is stored in the owner field).

Version:
$Id: ContextAuthorization.java,v 1.33 2004/03/08 17:42:31 michiel Exp $
Author:
Eduard Witteveen, Pierre van Rooden, Michiel Meeuwissen
See Also:
ContextAuthentication

Nested Class Summary
 
Nested classes inherited from class org.mmbase.security.Authorization
Authorization.QueryCheck
 
Field Summary
protected  Cache allowingContextsCache
           
 
Fields inherited from class org.mmbase.security.Authorization
COMPLETE_CHECK, NO_CHECK
 
Fields inherited from class org.mmbase.security.Configurable
configFile, fileWatcher, manager
 
Constructor Summary
ContextAuthorization()
           
 
Method Summary
 boolean check(UserContext user, int nodeNumber, int srcNodeNumber, int dstNodeNumber, Operation operation)
          This method should be overrided by an extending class.
 boolean check(UserContext user, int nodeNumber, Operation operation)
          This method should be overrided by an extending class.
 Authorization.QueryCheck check(UserContext userContext, Query query, Operation operation)
          Checks rights on a query.
 void create(UserContext user, int nodeNumber)
          This method should be overrided by an extending class.
protected  java.util.SortedSet getAllContexts()
           
 java.lang.String getContext(UserContext user, int nodeNumber)
          This method could be overrided by an extending class.
 java.lang.String getDefaultContext(UserContext user)
           
protected  java.util.SortedSet getDisallowingContexts(UserContext user, Operation operation)
           
 java.util.Set getPossibleContexts(UserContext user, int nodeNumber)
          This method could be overrided by an extending class.
protected  void load()
          This method should be overrided by an extending class.
 void remove(UserContext user, int nodeNumber)
          This method should be overrided by an extending class.
 void setContext(UserContext user, int nodeNumber, java.lang.String context)
          This method could be overrided by an extending class.
 void update(UserContext user, int nodeNumber)
          This method should be overrided by an extending class.
 void verify(UserContext user, int nodeNumber, int srcNodeNumber, int dstNodeNumber, Operation operation)
          This method wraps the check-method with the same arguments.
 void verify(UserContext user, int nodeNumber, Operation operation)
          This method wraps the check-method with the same arguments.
 
Methods inherited from class org.mmbase.security.Configurable
load
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

allowingContextsCache

protected Cache allowingContextsCache
Constructor Detail

ContextAuthorization

public ContextAuthorization()
Method Detail

load

protected void load()
Description copied from class: Configurable
This method should be overrided by an extending class. It should further initialize the class. It can optionally retrieve settings from the general security configuration file (available as the 'configFile' member). Security implementations with complicated configuration would typically retrieve a path to their own configuration file only.

Specified by:
load in class Configurable

getDefaultContext

public java.lang.String getDefaultContext(UserContext user)
                                   throws SecurityException
Throws:
SecurityException

create

public void create(UserContext user,
                   int nodeNumber)
            throws SecurityException
Description copied from class: Authorization
This method should be overrided by an extending class. It has to be called, when a new Node has been created. This way, the authentication can create default rights for this object, depending on the UserContext and generate logging information.

Specified by:
create in class Authorization
Parameters:
user - The UserContext, containing the information about the user.
nodeNumber - The id of the MMObjectNode, which has just been added to the MMBase cloud.
Throws:
SecurityException

update

public void update(UserContext user,
                   int nodeNumber)
            throws SecurityException
Description copied from class: Authorization
This method should be overrided by an extending class. It has to be called, when a Node has been changed. This way, the authentication can generate log information for this object, which can be used for accountability

Specified by:
update in class Authorization
Parameters:
user - The UserContext, containing the information about the user.
nodeNumber - The id of the MMObjectNode, which has just been changed in the cloud.
Throws:
SecurityException

remove

public void remove(UserContext user,
                   int nodeNumber)
            throws SecurityException
Description copied from class: Authorization
This method should be overrided by an extending class. It has to be called, when a Node has been removed from the cloud. This way, the authentication can generate log information for this node, and remove the authorization object which belongs to this node.

Specified by:
remove in class Authorization
Parameters:
user - The UserContext, containing the information about the user.
nodeNumber - The id of the MMObjectNode, which has just been removed in the cloud.
Throws:
SecurityException

setContext

public void setContext(UserContext user,
                       int nodeNumber,
                       java.lang.String context)
                throws SecurityException
Description copied from class: Authorization
This method could be overrided by an extending class. This method changes the rights on a node, by telling the authorization that it should use the context which is defined.

Specified by:
setContext in class Authorization
Parameters:
user - The UserContext, containing the information about the user.
nodeNumber - The id of the MMObjectNode, which has to be asserted.
context - The context which rights the node will get
Throws:
SecurityException - If operation is not allowed

getContext

public java.lang.String getContext(UserContext user,
                                   int nodeNumber)
                            throws SecurityException
Description copied from class: Authorization
This method could be overrided by an extending class. This method returns the context of a specific node.

Specified by:
getContext in class Authorization
Parameters:
user - The UserContext, containing the information about the user.
nodeNumber - The id of the MMObjectNode, which has to be asserted.
Returns:
the context setting of the node.
Throws:
SecurityException - If operation is not allowed(needs read rights)

getPossibleContexts

public java.util.Set getPossibleContexts(UserContext user,
                                         int nodeNumber)
                                  throws SecurityException
Description copied from class: Authorization
This method could be overrided by an extending class. This method returns a list of contexts which can be used to change the node.

Specified by:
getPossibleContexts in class Authorization
Parameters:
user - The UserContext, containing the information about the user.
nodeNumber - The id of the MMObjectNode, which has to be asserted.
Returns:
a Set of Strings which represent a context in readable form..
Throws:
SecurityException

check

public boolean check(UserContext user,
                     int nodeNumber,
                     Operation operation)
              throws SecurityException
Description copied from class: Authorization
This method should be overrided by an extending class. This method checks if an operation is permitted on a certain node done by a certain user.

Specified by:
check in class Authorization
Parameters:
user - The UserContext, containing the information the user.
nodeNumber - The id of the MMObjectNode, which has to be checked. It the action is CREATE then this will be interpreted as a typedef node.
operation - The operation which will be performed.
Returns:
true if the operation is permitted, false if the operation is not permitted,
Throws:
SecurityException

verify

public void verify(UserContext user,
                   int nodeNumber,
                   Operation operation)
            throws SecurityException
Description copied from class: Authorization
This method wraps the check-method with the same arguments. The only difference being that it throws on exception if the specified operation is not permitted. It is wise to override check, and not verify (And I wonder why this method is not simply final).

Overrides:
verify in class Authorization
Throws:
SecurityException - If the assertion fails
See Also:
Authorization.check(UserContext, int, Operation)

check

public boolean check(UserContext user,
                     int nodeNumber,
                     int srcNodeNumber,
                     int dstNodeNumber,
                     Operation operation)
              throws SecurityException
Description copied from class: Authorization
This method should be overrided by an extending class. This method checks if the creation of a certain relation or changing the source or destination of a certain relation done by a certain user is permitted.

Specified by:
check in class Authorization
Parameters:
user - The UserContext, containing the information about the user.
nodeNumber - The id of the relation which has to be checked. If the operation is CREATE then this will be interpreted as the typedef node (extending insrel) for the relation to be created.
srcNodeNumber - The id of the (new) source node of the relation.
dstNodeNumber - The id of the (new) destination node of the relation.
operation - The operation which will be performed (CREATE (create relation) or CHANGE_RELATION (source and/or destination are changed).
Returns:
true if the operation is permitted, false if the operation is not permitted,
Throws:
SecurityException

verify

public void verify(UserContext user,
                   int nodeNumber,
                   int srcNodeNumber,
                   int dstNodeNumber,
                   Operation operation)
            throws SecurityException
Description copied from class: Authorization
This method wraps the check-method with the same arguments. The only difference being that it throws on exception if the specified operation is not permitted. It is wise to override check, and not verify (And I wonder why this method is not simply final).

Overrides:
verify in class Authorization
Throws:
SecurityException - If the assertion fails
See Also:
Authorization.check(UserContext, int, int, int, Operation)

getAllContexts

protected java.util.SortedSet getAllContexts()

getDisallowingContexts

protected java.util.SortedSet getDisallowingContexts(UserContext user,
                                                     Operation operation)

check

public Authorization.QueryCheck check(UserContext userContext,
                                      Query query,
                                      Operation operation)
Description copied from class: Authorization
Checks rights on a query. This means that the query is explored and (if possible) a constraint for it is constructed, which, if appied to the query, makes it return only checked results for the given user. Of course, this will normally only be implemented for the 'READ' operation. The constraint is not applied automaticly. This has to be done by using BasicQuery.setSecurityConstraint().

Overrides:
check in class Authorization
Parameters:
userContext - The UserContext, for which the query must be considered
query - The query to be explored
Returns:
A Authorization.QueryCheck structure (containing whether the constriant is sufficient, and the new constraint or null).


MMBase build 1.7.4.20050922