org.mmbase.security.implementation.basic

Class OwnerAuthorization

java.lang.Object

org.mmbase.security.Configurable

org.mmbase.security.Authorization

org.mmbase.security.implementation.basic.OwnerAuthorization

public class OwnerAuthorization
extends Authorization

A very simple Authorization implementation, based an a property file. Every user will be present in this file as one property. Only the keys are of importance when authorizing, because it determines the 'possible users' and 'possible contexts'. Furthermore everybody is authorized to read, you may create if you are known, (so not anonymous), and you may edit, if you are either administrator or editing your 'own' node.

Version:

$Id$

Author:

Eduard Witteveen, Michiel Meeuwissen

Nested Class Summary

Nested classes/interfaces inherited from class org.mmbase.security.Authorization

Authorization.QueryCheck

Field Summary

Fields inherited from class org.mmbase.security.Authorization

COMPLETE_CHECK, NO_CHECK

Fields inherited from class org.mmbase.security.Configurable

configResource, configWatcher, manager

Constructor Summary

Constructors

Constructor and Description
OwnerAuthorization()

Method Summary

Modifier and Type	Method and Description
boolean	check(UserContext user, int nodeNumber, int srcNodeNumber, int dstNodeNumber, Operation operation) This method should be overrided by an extending class.
boolean	check(UserContext user, int nodeNumber, Operation operation) This method should be overrided by an extending class.
Authorization.QueryCheck	check(UserContext user, Query query, Operation operation) Checks rights on a query.
void	create(UserContext user, int nodeNumber) This method should be overrided by an extending class.
String	getContext(UserContext user, int nodeNumber) This method could be overrided by an extending class.
Set<String>	getPossibleContexts(UserContext user, int nodeNumber) Returns a list of all users in accounts.properties
void	load() This method should be overridden by an extending class.
void	remove(UserContext user, int node) This method should be overrided by an extending class.
void	setContext(UserContext user, int nodeNumber, String context) This method does nothing, except from checking if the setContext was valid..
void	update(UserContext user, int nodeNumber) This method should be overrided by an extending class.

Methods inherited from class org.mmbase.security.Authorization

check, getPossibleContexts, verify, verify, verify

Methods inherited from class org.mmbase.security.Configurable

load

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OwnerAuthorization

public OwnerAuthorization()

Method Detail

load

public void load()

Description copied from class: Configurable

This method should be overridden by an extending class. It should further initialize the class. It can optionally retrieve settings from the general security configuration file (available as the 'configResource' member). Security implementations with complicated configuration would typically retrieve a path to their own configuration file only.

Specified by:

load in class Configurable

create

public void create(UserContext user,
                   int nodeNumber)

Description copied from class: Authorization

This method should be overrided by an extending class. It has to be called, when a new Node has been created. This way, the authentication can create default rights for this object, depending on the UserContext and generate logging information.

Specified by:

create in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeNumber - The id of the MMObjectNode, which has just been added to the MMBase cloud.

update

public void update(UserContext user,
                   int nodeNumber)

Description copied from class: Authorization

This method should be overrided by an extending class. It has to be called, when a Node has been changed. This way, the authentication can generate log information for this object, which can be used for accountability

Specified by:

update in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeNumber - The id of the MMObjectNode, which has just been changed in the cloud.

remove

public void remove(UserContext user,
                   int node)

Description copied from class: Authorization

This method should be overrided by an extending class. It has to be called, when a Node has been removed from the cloud. This way, the authentication can generate log information for this node, and remove the authorization object which belongs to this node.

Specified by:

remove in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

node - The id of the MMObjectNode, which has just been removed in the cloud.

check

public boolean check(UserContext user,
                     int nodeNumber,
                     Operation operation)

Description copied from class: Authorization

This method should be overrided by an extending class. This method checks if an operation is permitted on a certain node done by a certain user.

Specified by:

check in class Authorization

Parameters:

user - The UserContext, containing the information the user.

nodeNumber - The id of the MMObjectNode, which has to be checked. It the action is CREATE then this will be interpreted as a typedef node.

operation - The operation which will be performed.

Returns:

true if the operation is permitted, false if the operation is not permitted,

check

public boolean check(UserContext user,
                     int nodeNumber,
                     int srcNodeNumber,
                     int dstNodeNumber,
                     Operation operation)

Description copied from class: Authorization

This method should be overrided by an extending class. This method checks if the creation of a certain relation or changing the source or destination of a certain relation done by a certain user is permitted.

Specified by:

check in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeNumber - The id of the relation which has to be checked. If the operation is CREATE then this will be interpreted as the typedef node (extending insrel) for the relation to be created.

srcNodeNumber - The id of the (new) source node of the relation.

dstNodeNumber - The id of the (new) destination node of the relation.

operation - The operation which will be performed (CREATE (create relation) or CHANGE_RELATION (source and/or destination are changed).

Returns:

true if the operation is permitted, false if the operation is not permitted,

getContext

public String getContext(UserContext user,
                         int nodeNumber)
                  throws SecurityException

Description copied from class: Authorization

This method could be overrided by an extending class. This method returns the context of a specific node.

Specified by:

getContext in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeNumber - The id of the MMObjectNode, which has to be asserted.

Returns:

the context setting of the node.

Throws:

SecurityException - If operation is not allowed(needs read rights)

setContext

public void setContext(UserContext user,
                       int nodeNumber,
                       String context)
                throws SecurityException

This method does nothing, except from checking if the setContext was valid..

Specified by:

setContext in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeNumber - The id of the MMObjectNode, which has to be asserted.

context - The context which rights the node will get

Throws:

SecurityException - If operation is not allowed

getPossibleContexts

public Set<String> getPossibleContexts(UserContext user,
                                       int nodeNumber)
                                throws SecurityException

Returns a list of all users in accounts.properties

Specified by:

getPossibleContexts in class Authorization

Parameters:

user - The UserContext, containing the information about the user.

nodeNumber - The id of the MMObjectNode, which has to be asserted.

Returns:

a Set of Strings which represent a context in readable form..

Throws:

SecurityException

check

public Authorization.QueryCheck check(UserContext user,
                                      Query query,
                                      Operation operation)

Description copied from class: Authorization

Checks rights on a query. This means that the query is explored and (if possible) a constraint for it is constructed, which, if appied to the query, makes it return only checked results for the given user. Of course, this will normally only be implemented for the 'READ' operation. The constraint is not applied automaticly. This has to be done by using BasicQuery.setSecurityConstraint().

Overrides:

check in class Authorization

Parameters:

user - The UserContext, for which the query must be considered

query - The query to be explored

Returns:

A Authorization.QueryCheck structure (containing whether the constriant is sufficient, and the new constraint or null).