Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

net.sf.jguard.ext.authorization.manager
Class AbstractAuthorizationManager

java.lang.Object
  extended by net.sf.jguard.ext.authorization.manager.AbstractAuthorizationManager
All Implemented Interfaces:
net.sf.jguard.core.authorization.manager.AuthorizationManager, net.sf.jguard.core.authorization.manager.PermissionProvider
Direct Known Subclasses:
JdbcAuthorizationManager, XmlAuthorizationManager
public abstract class AbstractAuthorizationManager
extends java.lang.Object
implements net.sf.jguard.core.authorization.manager.AuthorizationManager

Abstract class inherited by all the AuthorizationManager implementations.

Author:
Charles Gay, Maximiliano Batelli

Field Summary
protected  java.security.Permissions alwaysGrantedPermissions
           
protected  java.lang.String applicationName
           
protected  java.util.Map domains
           
protected  java.util.Map domainsPermissions
           
protected static java.util.Set domainsSet
           
protected  java.util.Map hierarchyMap
           
protected  java.util.Map options
           
protected  java.util.Map permissions
           
protected  java.util.Set permissionsSet
           
protected  java.util.Map principals
           
protected  java.util.Set principalsSet
           
protected  net.sf.jguard.core.authorization.permissions.JGPermissionCollection urlp
           
 
Constructor Summary
AbstractAuthorizationManager(java.util.Map options)
          initialize AuthorizationManager implementation.
 
Method Summary
 void addAlwaysGrantedPermissions(java.security.Permissions permissions)
          add some permissions always granted by this Policy, like permission used to logoff in webapp, or permissions used to reached the AccessDenied page.
 void addInheritance(java.lang.String principalAscName, java.lang.String principalDescName)
          This commands establishes a new immediate inheritance relationship between the existing principals/principals roleAsc and the roleDesc.
 void addToPrincipal(java.lang.String roleName, net.sf.jguard.core.authorization.permissions.Domain domain)
          add the domain to the role, and persist the domain if it does not exists?
 void addToPrincipal(java.lang.String roleName, java.security.Permission perm)
          add the permission to the corresponding role.
protected  void assemblyHierarchy()
          assembly the hierarchy of jGuardPrincipals.
 java.security.Principal clonePrincipal(java.lang.String roleName)
          clone a RolePrincipal/Role and set its name with the name of the Principal to clone plus a random number.
 java.security.Principal clonePrincipal(java.lang.String roleName, java.lang.String cloneName)
          clone a RolePrincipal/Role.
 void deleteInheritance(java.lang.String roleAscName, java.lang.String roleDescName)
           
protected  void deleteReferenceInHierarchy(net.sf.jguard.core.principals.RolePrincipal principal)
           
 java.lang.String getApplicationName()
           
protected  net.sf.jguard.core.authorization.permissions.Domain getDomain(java.security.Permission permission)
          return the domain which contains the permission.
 java.util.Map getDomains()
           
 java.util.Set getDomains(java.util.Collection domainNames)
          with a collection of domain names, provide the corresponding set of URLDomains.
 java.util.Map getDomainsPermissions()
           
 java.util.Set getDomainsSet()
           
 java.util.Map getHierarchyMap()
           
protected static java.lang.String getLocalName(java.security.Principal principal)
           
 java.util.Map getOptions()
          return an unmodifiable Map of options.
 java.util.Map getPermissions()
           
 java.util.Set getPermissions(java.util.Collection permissionNames)
          with a collection of URLPermissions names, provide the corresponding set of URLPermissions.
 java.security.PermissionCollection getPermissions(java.security.ProtectionDomain protectionDomain)
          compare declared Principals in the application, with principals set of the user.
 java.util.Set getPermissionsSet()
           
 java.util.Map getPrincipals()
           
 java.util.Set getPrincipalsSet()
           
 void importAuthorizationManager(net.sf.jguard.core.authorization.manager.AuthorizationManager authManager)
          import data from the provided AbstractAuthorizationManager into our AuthorizationManager.
 java.util.Set listDomains()
          return Set of domains.
 net.sf.jguard.core.authorization.permissions.JGPermissionCollection listPermissions()
          return all the permissions.
 java.util.Set listPrincipals()
          return the principal's Set.
 net.sf.jguard.core.authorization.permissions.JGPermissionCollection readDomain(java.lang.String domainName)
          return an Domain with its associated URLPermission set.
 java.security.Permission readPermission(java.lang.String permissionName)
          read an URLPermission.
 java.security.Principal readPrincipal(java.lang.String roleName)
          return the corresponding application role.
abstract  void refresh()
           
protected  void removeDomainFromPrincipals(java.lang.String domainName)
          Remove the domain from all principals that have relationship with this domain.
protected  void removePermissionFromPrincipals(java.lang.String permissionName)
          Remove the permission from all principals that have relationship with this permission like a orphaned permission (directly), or through a domain (indirectly).
 void setApplicationName(java.lang.String applicationName)
          define the application's name, and propagate it into Principals.
 void updatePrincipal(java.security.Principal principal)
          replace the inital principal with the new one.
protected  void updatePrincipals(net.sf.jguard.core.authorization.permissions.Domain domain)
          Update the permissions from jGuardPrincipals that contains this domain.
protected  void updatePrincipals(net.sf.jguard.core.authorization.permissions.JGPermissionCollection newDomain, java.lang.String oldDomainName)
          update the principals with this updated domain.
protected  void updatePrincipals(java.security.Permission permission)
          Update the permissions from jGuardPrincipals and the associated domain.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface net.sf.jguard.core.authorization.manager.AuthorizationManager
createDomain, createPermission, createPrincipal, deleteDomain, deletePermission, deletePrincipal, getInitParameters, isEmpty, updateDomain, updatePermission, updatePrincipal
 

Field Detail

applicationName

protected java.lang.String applicationName

principals

protected java.util.Map principals

principalsSet

protected java.util.Set principalsSet

domains

protected java.util.Map domains

domainsSet

protected static java.util.Set domainsSet

urlp

protected net.sf.jguard.core.authorization.permissions.JGPermissionCollection urlp

permissions

protected java.util.Map permissions

permissionsSet

protected java.util.Set permissionsSet

domainsPermissions

protected java.util.Map domainsPermissions

hierarchyMap

protected java.util.Map hierarchyMap

options

protected java.util.Map options

alwaysGrantedPermissions

protected java.security.Permissions alwaysGrantedPermissions
Constructor Detail

AbstractAuthorizationManager

public AbstractAuthorizationManager(java.util.Map options)
initialize AuthorizationManager implementation.

Parameters:
options -
Method Detail

setApplicationName

public void setApplicationName(java.lang.String applicationName)
define the application's name, and propagate it into Principals. this mechanism is done because application's name can only be known when the first request is here (bad j2ee design....).

Parameters:
applicationName -

getDomains

public java.util.Set getDomains(java.util.Collection domainNames)
with a collection of domain names, provide the corresponding set of URLDomains.

Specified by:
getDomains in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
domainNames - collection of domains.
Returns:
URLPermission's Set

getPermissions

public java.util.Set getPermissions(java.util.Collection permissionNames)
with a collection of URLPermissions names, provide the corresponding set of URLPermissions.

Specified by:
getPermissions in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
permissionNames - collection of permission names to grab.
Returns:
URLPermission's Set

refresh

public abstract void refresh()
Specified by:
refresh in interface net.sf.jguard.core.authorization.manager.PermissionProvider
See Also:
net.sf.jguard.ext.authorization.manager.AuthorizationManager#refresh()

getPermissions

public java.security.PermissionCollection getPermissions(java.security.ProtectionDomain protectionDomain)
compare declared Principals in the application, with principals set of the user. for the principals of the user, we retrieve corresponding permissions declared in the application, and we regroup them in a PermissionCollection.

Specified by:
getPermissions in interface net.sf.jguard.core.authorization.manager.PermissionProvider
Parameters:
principals -
Returns:
PermissionCollection
See Also:
net.sf.jguard.ext.authorization.manager.AuthorizationManager#getPermissionCollection(java.util.Set), PermissionProvider

clonePrincipal

public java.security.Principal clonePrincipal(java.lang.String roleName)
                                       throws net.sf.jguard.core.authorization.AuthorizationException
clone a RolePrincipal/Role and set its name with the name of the Principal to clone plus a random number.

Specified by:
clonePrincipal in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
roleName - RolePrincipal name to clone
Returns:
cloned RolePrincipal with a different name : original JguardPrincipal name + Random integer betweeen 0 and 99999
Throws:
net.sf.jguard.core.authorization.AuthorizationException

clonePrincipal

public java.security.Principal clonePrincipal(java.lang.String roleName,
                                              java.lang.String cloneName)
                                       throws net.sf.jguard.core.authorization.AuthorizationException
clone a RolePrincipal/Role.

Specified by:
clonePrincipal in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
roleName - RolePrincipal name to clone
cloneName - RolePrincipal cloned name
Returns:
cloned RolePrincipal with a different name : original JguardPrincipal name + Random integer betweeen 0 and 99999
Throws:
net.sf.jguard.core.authorization.AuthorizationException

listDomains

public java.util.Set listDomains()
                          throws net.sf.jguard.core.authorization.AuthorizationException
return Set of domains.

Specified by:
listDomains in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Returns:
domains Set
Throws:
net.sf.jguard.core.authorization.AuthorizationException
See Also:
net.sf.jguard.ext.authorization.manager.AuthorizationManager#listDomains()

readPermission

public java.security.Permission readPermission(java.lang.String permissionName)
                                        throws net.sf.jguard.core.authorization.AuthorizationException
read an URLPermission.

Specified by:
readPermission in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
permissionName -
Throws:
net.sf.jguard.core.authorization.AuthorizationException
See Also:
net.sf.jguard.ext.authorization.manager.AuthorizationManager#readPermission(java.lang.String)

readDomain

public net.sf.jguard.core.authorization.permissions.JGPermissionCollection readDomain(java.lang.String domainName)
                                                                               throws net.sf.jguard.core.authorization.AuthorizationException
return an Domain with its associated URLPermission set.

Specified by:
readDomain in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
domainName -
Returns:
Domain
Throws:
net.sf.jguard.core.authorization.AuthorizationException
See Also:
net.sf.jguard.ext.authorization.manager.AuthorizationManager#readDomain(java.lang.String)

readPrincipal

public java.security.Principal readPrincipal(java.lang.String roleName)
                                      throws net.sf.jguard.core.authorization.AuthorizationException
return the corresponding application role.

Specified by:
readPrincipal in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Returns:
role
Throws:
net.sf.jguard.core.authorization.AuthorizationException
See Also:
net.sf.jguard.ext.authorization.manager.AuthorizationManager#readPrincipal(java.lang.String)

updatePrincipals

protected void updatePrincipals(net.sf.jguard.core.authorization.permissions.Domain domain)

Update the permissions from jGuardPrincipals that contains this domain.

Note: This method is need because, first, there are no warranty that the reference of domain in the RolePrincipal object are the same from domainsSet and map and, second, the getPermissions method from RolePrincipal don't load the permissions from domains objects (it use a internal set of permissions).

Parameters:
domain - the domain that will be updated in the principals

updatePrincipals

protected void updatePrincipals(java.security.Permission permission)

Update the permissions from jGuardPrincipals and the associated domain.

Note: This method is need because, first, there are no warranty that the reference of domain in the RolePrincipal object are the same from domainsSet and map and, second, the getPermissions method from RolePrincipal don't load the permissions from domains objects (it use a internal set of permissions).

Parameters:
permission - whose domain will be updated in the principals

updatePrincipals

protected void updatePrincipals(net.sf.jguard.core.authorization.permissions.JGPermissionCollection newDomain,
                                java.lang.String oldDomainName)
update the principals with this updated domain. it implies a suppress and an addition.

Parameters:
newDomain -
oldDomainName -

removeDomainFromPrincipals

protected void removeDomainFromPrincipals(java.lang.String domainName)
Remove the domain from all principals that have relationship with this domain.

Parameters:
domainName - the name of the domain that will be removed

removePermissionFromPrincipals

protected void removePermissionFromPrincipals(java.lang.String permissionName)
Remove the permission from all principals that have relationship with this permission like a orphaned permission (directly), or through a domain (indirectly).

Parameters:
permissionName - the name of the permission that will be removed

getDomain

protected net.sf.jguard.core.authorization.permissions.Domain getDomain(java.security.Permission permission)
return the domain which contains the permission.

Parameters:
permission -
Returns:
domain which owns the permission or null if no domain contains this permisison

addToPrincipal

public void addToPrincipal(java.lang.String roleName,
                           java.security.Permission perm)
                    throws net.sf.jguard.core.authorization.AuthorizationException
add the permission to the corresponding role. if the permission is not persisted, we persist it and create a corresponding Domain with the same name.

Specified by:
addToPrincipal in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
roleName - role updated
perm - permission to add
Throws:
net.sf.jguard.core.authorization.AuthorizationException

addToPrincipal

public void addToPrincipal(java.lang.String roleName,
                           net.sf.jguard.core.authorization.permissions.Domain domain)
                    throws net.sf.jguard.core.authorization.AuthorizationException
add the domain to the role, and persist the domain if it does not exists?

Specified by:
addToPrincipal in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
roleName -
domain -
Throws:
net.sf.jguard.core.authorization.AuthorizationException

addInheritance

public void addInheritance(java.lang.String principalAscName,
                           java.lang.String principalDescName)
                    throws net.sf.jguard.core.authorization.AuthorizationException
This commands establishes a new immediate inheritance relationship between the existing principals/principals roleAsc and the roleDesc. The command is valid if and only if the role roleAsc is not an immediate ascendant of roleDesc, and descendant does not properly inherit roleAsc principal/role (in order to avoid cycle creation).

Specified by:
addInheritance in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
principalAscName - the principal/role local name that will inherite.
principalDescName - the principal/role local name that will be inherited.
Throws:
net.sf.jguard.core.authorization.AuthorizationException - if the inheritance already exists or create a cycle.

deleteInheritance

public void deleteInheritance(java.lang.String roleAscName,
                              java.lang.String roleDescName)
                       throws net.sf.jguard.core.authorization.AuthorizationException
Specified by:
deleteInheritance in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
roleAscName - the role that inherit.
roleDescName - the role that is inherited.
Throws:
net.sf.jguard.core.authorization.AuthorizationException - if the inheritance already exists or create a cycle.

updatePrincipal

public void updatePrincipal(java.security.Principal principal)
                     throws net.sf.jguard.core.authorization.AuthorizationException
replace the inital principal with the new one.

Specified by:
updatePrincipal in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
principal - RolePrincipal updated
Throws:
net.sf.jguard.core.authorization.AuthorizationException
See Also:
net.sf.jguard.ext.authorization.manager.AuthorizationManager#updatePrincipal(net.sf.jguard.core.principals.RolePrincipal)

assemblyHierarchy

protected void assemblyHierarchy()
assembly the hierarchy of jGuardPrincipals.

deleteReferenceInHierarchy

protected void deleteReferenceInHierarchy(net.sf.jguard.core.principals.RolePrincipal principal)
Parameters:
principal -

listPrincipals

public java.util.Set listPrincipals()
return the principal's Set.

Specified by:
listPrincipals in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Returns:
principal's Set
See Also:
net.sf.jguard.ext.authorization.manager.AuthorizationManager#listPrincipals()

listPermissions

public net.sf.jguard.core.authorization.permissions.JGPermissionCollection listPermissions()
return all the permissions.

Specified by:
listPermissions in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Returns:
URLPermission container
See Also:
net.sf.jguard.ext.authorization.manager.AuthorizationManager#listPermissions()

importAuthorizationManager

public void importAuthorizationManager(net.sf.jguard.core.authorization.manager.AuthorizationManager authManager)
                                throws net.sf.jguard.core.authorization.AuthorizationException
import data from the provided AbstractAuthorizationManager into our AuthorizationManager.

Specified by:
importAuthorizationManager in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Parameters:
authManager -
Throws:
net.sf.jguard.core.authorization.AuthorizationException

getDomainsSet

public final java.util.Set getDomainsSet()
Specified by:
getDomainsSet in interface net.sf.jguard.core.authorization.manager.AuthorizationManager

getDomains

public final java.util.Map getDomains()

getDomainsPermissions

public final java.util.Map getDomainsPermissions()

getHierarchyMap

public final java.util.Map getHierarchyMap()

getPermissions

public final java.util.Map getPermissions()

getPermissionsSet

public final java.util.Set getPermissionsSet()
Specified by:
getPermissionsSet in interface net.sf.jguard.core.authorization.manager.AuthorizationManager

getPrincipals

public final java.util.Map getPrincipals()

getPrincipalsSet

public final java.util.Set getPrincipalsSet()
Specified by:
getPrincipalsSet in interface net.sf.jguard.core.authorization.manager.AuthorizationManager

getLocalName

protected static java.lang.String getLocalName(java.security.Principal principal)

addAlwaysGrantedPermissions

public final void addAlwaysGrantedPermissions(java.security.Permissions permissions)
add some permissions always granted by this Policy, like permission used to logoff in webapp, or permissions used to reached the AccessDenied page.

Specified by:
addAlwaysGrantedPermissions in interface net.sf.jguard.core.authorization.manager.PermissionProvider
Parameters:
permissions - permissions always granted by this Policy

getOptions

public final java.util.Map getOptions()
return an unmodifiable Map of options.

getApplicationName

public java.lang.String getApplicationName()
Specified by:
getApplicationName in interface net.sf.jguard.core.authorization.manager.AuthorizationManager
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2009. All Rights Reserved.