SecurityTransaction (deegree framework 2.2)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

deegree 2.2 (2008/12/22 11:33 build-3038-official)

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.deegree.security.drm
Class SecurityTransaction

java.lang.Object
  org.deegree.security.drm.SecurityAccess
      org.deegree.security.drm.SecurityTransaction

public class SecurityTransaction
extends SecurityAccess
extends SecurityAccess

Version:: $Revision: 9346 $, $Date: 2007-12-27 17:39:07 +0100 (Do, 27 Dez 2007) $
Author:: Andreas Poth, last edited by: $Author: apoth $

Field Summary

Fields inherited from class org.deegree.security.drm.SecurityAccess
`registry, user`

Constructor Summary
`SecurityTransaction(User user, SecurityRegistry registry, Role adminRole)`

Method Summary
`void`	`addRights(SecurableObject object, Role role, Right[] additionalRights)` Adds the specified `Rights` on the passed object to the passed role.
`void`	`addRights(SecurableObject object, Role role, RightType[] types)` Adds the specified `Rights` on the passed object to the passed role.
`Role[]`	`addRoles(Role[] roles, Role role)` Returns the conjunction of an array of roles plus a single role.
`void`	`clean()` Deletes all data from the underlying `Registry` and sets the default objects (SEC_ADMIN user, role and group) and standard rights and privileges.
`void`	`deregisterGroup(Group group)` Removes a `Group` from the `Registry`.
`void`	`deregisterRole(Role role)` Removes a `Role` from the `Registry`.
`void`	`deregisterSecuredObject(SecuredObject object)` Removes a `SecuredObject` from the `Registry`.
`void`	`deregisterUser(User user)` Removes a `User` from the `Registry`.
`long`	`getTimestamp()`
`Group`	`registerGroup(String name, String title)` Registers a new `Group` to the `Registry`.
`Role`	`registerRole(String name)` Registers a new `Role` to the `Registry`.
`SecuredObject`	`registerSecuredObject(String type, String name, String title)` Registers a new `SecuredObject` to the `Registry`.
`User`	`registerUser(String name, String password, String lastName, String firstName, String mailAddress)` Registers a new `User` to the `Registry`.
`void`	`removeRights(SecurableObject object, Role role, RightType[] types)` Removes all rights of the specified types that the role may have on the given `SecurableObject`.
`(package private) void`	`renew()`
`void`	`setGroupsForGroup(Group group, Group[] newGroups)` Sets the `Group` s that a given `Group` is a DIRECT member of.
`void`	`setGroupsForUser(User user, Group[] newGroups)` Sets the `Groups` that a given `User` is a DIRECT member of.
`void`	`setGroupsInGroup(Group group, Group[] groups)` Sets the members (groups) for a group.
`void`	`setGroupsWithRole(Role role, Group[] groups)` Sets the groups to be associated with the given role.
`void`	`setPrivilegesForRole(Role role, Privilege[] privileges)` Sets the privileges for a certain role.
`void`	`setRights(SecurableObject[] objects, Role role, Right right)` Sets one certain right that a certain role has on the given objects.
`void`	`setRights(SecurableObject object, Role role, Right[] rights)` Sets the `Rights` that a certain role has on a given object.
`void`	`setUsersInGroup(Group group, User[] users)` Sets the members (users) in a group.
`void`	`setUsersWithRole(Role role, User[] users)` Sets the users to be associated with the given role (DIRECTLY, i.e. not via group memberships).
`String`	`toString()`
`void`	`updateUser(User user)` Updates the data of an existing `User` in the `Registry`.

Methods inherited from class org.deegree.security.drm.SecurityAccess
`checkForPrivilege, checkForRight, findGroupCycle, getAllGroups, getAllRoles, getAllRolesForGroup, getAllRolesForUser, getAllSecuredObjects, getAllUsers, getGroupById, getGroupByName, getPrivilegeByName, getRightByName, getRoleById, getRoleByName, getRolesByNS, getSecuredObjectById, getSecuredObjectByName, getSecuredObjectsByNS, getUser, getUserById, getUserByName`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Constructor Detail

SecurityTransaction

SecurityTransaction(User user,
                    SecurityRegistry registry,
                    Role adminRole)

Parameters:: user -; registry -; adminRole -

Method Detail

addRoles

public Role[] addRoles(Role[] roles,
                       Role role)

Returns the conjunction of an array of roles plus a single role.

Parameters:: roles -; role -
Returns:: the conjunction of an array of roles plus a single role.

clean

public void clean()
           throws GeneralSecurityException

Deletes all data from the underlying Registry and sets the default objects (SEC_ADMIN user, role and group) and standard rights and privileges.

Throws:: GeneralSecurityException

deregisterGroup

public void deregisterGroup(Group group)
                     throws GeneralSecurityException,
                            UnauthorizedException

Removes a Group from the Registry. This means:

owner role ($G:GROUPNAME) is removed
group is removed

NOTE: Only performed if the acting user has the 'delete'-right on the group object.

Parameters:: group -
Throws:: GeneralSecurityException; UnauthorizedException

deregisterRole

public void deregisterRole(Role role)
                    throws GeneralSecurityException,
                           UnauthorizedException

Removes a Role from the Registry. This means:

owner role ($R:ROLENAME) is removed
role is removed

NOTE: Only performed if acting user has the 'delete'-right on the role object.

Parameters:: role -
Throws:: GeneralSecurityException; UnauthorizedException

deregisterSecuredObject

public void deregisterSecuredObject(SecuredObject object)
                             throws GeneralSecurityException,
                                    UnauthorizedException

Removes a SecuredObject from the Registry. This means:

owner role ($O:OBJECTNAME) is removed
object is removed

NOTE: Only performed if acting user has the 'delete'-right on the secured object.

Parameters:: object -
Throws:: GeneralSecurityException; UnauthorizedException

deregisterUser

public void deregisterUser(User user)
                    throws GeneralSecurityException,
                           UnauthorizedException

Removes a User from the Registry. This means:

owner role ($U:USERNAME) is removed
user is removed

NOTE: Only performed if acting user has the 'delete'-right on the user object.

Parameters:: user -
Throws:: GeneralSecurityException; UnauthorizedException

getTimestamp

public long getTimestamp()

Returns:: timestamp

registerGroup

public Group registerGroup(String name,
                           String title)
                    throws GeneralSecurityException

Registers a new Group to the Registry. This means:

a group is created in the registry
a corresponding owner role is created: $G:GROUPNAME
rights for the owner role are set up; creator has delete, update and grant rights on the group, administrator role gets these right, too

NOTE: Only performed if acting user has the 'addgroup'-privilege.

Parameters:: name -; title -
Returns:
Throws:: GeneralSecurityException

registerRole

public Role registerRole(String name)
                  throws GeneralSecurityException

Registers a new Role to the Registry. This means:

a role is created in the registry
a corresponding owner role is created: $R:ROLENAME
rights for the owner role are set up; creator has delete, update and grant rights on the role, administrator role gets these right, too

NOTE: Only performed if acting user has the 'addrole'-privilege.

Parameters:: name -
Returns:
Throws:: GeneralSecurityException

registerSecuredObject

public SecuredObject registerSecuredObject(String type,
                                           String name,
                                           String title)
                                    throws GeneralSecurityException

Registers a new SecuredObject to the Registry. This means:

a secured object is created in the registry
a corresponding owner role is created: $O:OBJECTNAME
rights for the owner role are set up; creator has delete, update and grant rights on the object, administrator role gets these right, too

Parameters:: type -; name -; title -
Returns:
Throws:: GeneralSecurityException

registerUser

public User registerUser(String name,
                         String password,
                         String lastName,
                         String firstName,
                         String mailAddress)
                  throws GeneralSecurityException

Registers a new User to the Registry. This means:

a user is created in the registry
a corresponding owner role is created: $U:USERNAME
rights for the owner role are set up; creator has delete, update and grant rights on the user, administrator role gets these right, too

NOTE: Only performed if acting user has the 'adduser'-privilege.

Parameters:: name -; password - null means that password checking is disabled; lastName -; firstName -; mailAddress -
Returns:
Throws:: GeneralSecurityException

updateUser

public void updateUser(User user)
                throws GeneralSecurityException

Updates the data of an existing User in the Registry. NOTE: Only performed if acting user has the 'update'-right on the user.

Parameters:: user -
Throws:: GeneralSecurityException

setGroupsForGroup

public void setGroupsForGroup(Group group,
                              Group[] newGroups)
                       throws GeneralSecurityException,
                              UnauthorizedException

Sets the Group s that a given Group is a DIRECT member of. NOTE: Only performed if the acting user has the 'grant'-right for all the groups that are requested to be added / removed.

Parameters:: group -; newGroups -
Throws:: GeneralSecurityException; UnauthorizedException

setGroupsForUser

public void setGroupsForUser(User user,
                             Group[] newGroups)
                      throws GeneralSecurityException,
                             UnauthorizedException

Sets the Groups that a given User is a DIRECT member of. NOTE: Only performed if the acting user has the 'grant'-right for all the groups that are requested to be added / removed.

Parameters:: user -; newGroups -
Throws:: GeneralSecurityException; UnauthorizedException

setGroupsInGroup

public void setGroupsInGroup(Group group,
                             Group[] groups)
                      throws GeneralSecurityException,
                             UnauthorizedException

Sets the members (groups) for a group. NOTE: Only performed if the acting user has the 'grant'-right on the group.

Parameters:: group -; groups -
Throws:: GeneralSecurityException; UnauthorizedException

setGroupsWithRole

public void setGroupsWithRole(Role role,
                              Group[] groups)
                       throws GeneralSecurityException,
                              UnauthorizedException

Sets the groups to be associated with the given role. NOTE: Only performed if the acting user has the 'grant'-right on the role.

Parameters:: role -; groups -
Throws:: GeneralSecurityException - if not permitted; UnauthorizedException

setPrivilegesForRole

public void setPrivilegesForRole(Role role,
                                 Privilege[] privileges)
                          throws GeneralSecurityException

Sets the privileges for a certain role. NOTE: Only performed if the acting user has all the privileges he is trying to grant. FIXME: Shouldn't that be "... to grant / withdraw"?

Parameters:: role -; privileges -
Throws:: GeneralSecurityException - if not permitted

setRights

public void setRights(SecurableObject object,
                      Role role,
                      Right[] rights)
               throws GeneralSecurityException,
                      UnauthorizedException

Sets the Rights that a certain role has on a given object. NOTE: Only performed if the acting user has the 'update'-right on the role and the 'grant'-right on the securable object.

Parameters:: object -; role -; rights -
Throws:: GeneralSecurityException - if not permitted; UnauthorizedException

setRights

public void setRights(SecurableObject[] objects,
                      Role role,
                      Right right)
               throws GeneralSecurityException,
                      UnauthorizedException

Sets one certain right that a certain role has on the given objects. NOTE: Only performed if the acting user has the 'update'-right on the role and the 'grant'-right on the securable objects.

Parameters:: objects -; role -; right -
Throws:: GeneralSecurityException - if not permitted; UnauthorizedException

addRights

public void addRights(SecurableObject object,
                      Role role,
                      Right[] additionalRights)
               throws GeneralSecurityException,
                      UnauthorizedException

Adds the specified Rights on the passed object to the passed role. If they are already present, nothing happens.

Parameters:: object -; role -; additionalRights -
Throws:: GeneralSecurityException; UnauthorizedException

addRights

public void addRights(SecurableObject object,
                      Role role,
                      RightType[] types)
               throws UnauthorizedException,
                      GeneralSecurityException

Adds the specified Rights on the passed object to the passed role. If they are already present, nothing happens.

Parameters:: object -; role -; types -
Throws:: UnauthorizedException; GeneralSecurityException

removeRights

public void removeRights(SecurableObject object,
                         Role role,
                         RightType[] types)
                  throws GeneralSecurityException,
                         UnauthorizedException

Removes all rights of the specified types that the role may have on the given SecurableObject.

Parameters:: object -; role -; types -
Throws:: GeneralSecurityException; UnauthorizedException

setUsersInGroup

public void setUsersInGroup(Group group,
                            User[] users)
                     throws GeneralSecurityException,
                            UnauthorizedException

Sets the members (users) in a group. NOTE: Only performed if the acting user has the 'grant'-right on the group.

Parameters:: group -; users -
Throws:: GeneralSecurityException; UnauthorizedException

setUsersWithRole

public void setUsersWithRole(Role role,
                             User[] users)
                      throws GeneralSecurityException,
                             UnauthorizedException

Sets the users to be associated with the given role (DIRECTLY, i.e. not via group memberships). NOTE: Only performed if the user has the 'grant'-right on the role.

Parameters:: role -; users -
Throws:: GeneralSecurityException - if not permitted; UnauthorizedException

toString

public String toString()

Overrides:: toString in class Object

renew

void renew()

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

deegree 2.2 (2008/12/22 11:33 build-3038-official)

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

an open source project founded by lat/lon, Bonn, Germany.
For more information visit: http://deegree.sourceforge.net

org.deegree.security.drm Class SecurityTransaction

SecurityTransaction

addRoles

clean

deregisterGroup

deregisterRole

deregisterSecuredObject

deregisterUser

getTimestamp

registerGroup

registerRole

registerSecuredObject

registerUser

updateUser

setGroupsForGroup

setGroupsForUser

setGroupsInGroup

setGroupsWithRole

setPrivilegesForRole

setRights

setRights

addRights

addRights

removeRights

setUsersInGroup

setUsersWithRole

toString

renew

org.deegree.security.drm
Class SecurityTransaction