deegree 2.5 (2011/06/29 09:44 build-8-official)

org.deegree.security.drm
Class SecurityTransaction

java.lang.Object
  extended by org.deegree.security.drm.SecurityAccess
      extended by org.deegree.security.drm.SecurityTransaction

public class SecurityTransaction
extends SecurityAccess

Version:
$Revision: 25490 $, $Date: 2010-07-26 11:47:34 +0200 (Mo, 26 Jul 2010) $
Author:
Andreas Poth, last edited by: $Author: aschmitz $

Field Summary
 
Fields inherited from class org.deegree.security.drm.SecurityAccess
registry, user
 
Constructor Summary
SecurityTransaction(User user, SecurityRegistry registry, Role adminRole)
           
 
Method Summary
 void addRights(SecurableObject object, Role role, Right[] additionalRights)
          Adds the specified Rights on the passed object to the passed role.
 void addRights(SecurableObject object, Role role, RightType[] types)
          Adds the specified Rights on the passed object to the passed role.
 Role[] addRoles(Role[] roles, Role role)
          Returns the conjunction of an array of roles plus a single role.
 void clean()
          Deletes all data from the underlying Registry and sets the default objects (SEC_ADMIN user, role and group) and standard rights and privileges.
 void deregisterGroup(Group group)
          Removes a Group from the Registry.
 void deregisterRole(Role role)
          Removes a Role from the Registry.
 void deregisterSecuredObject(SecuredObject object)
          Removes a SecuredObject from the Registry.
 void deregisterService(Service service)
           
 void deregisterUser(User user)
          Removes a User from the Registry.
 void editService(Service service, java.lang.String newTitle, java.lang.String newAddress)
           
 long getTimestamp()
           
 Group registerGroup(java.lang.String name, java.lang.String title)
          Registers a new Group to the Registry.
 Role registerRole(java.lang.String name)
          Registers a new Role to the Registry.
 SecuredObject registerSecuredObject(java.lang.String type, java.lang.String name, java.lang.String title)
          Registers a new SecuredObject to the Registry.
 Service registerService(java.lang.String address, java.lang.String title, java.util.List<StringPair> objects, java.lang.String type)
           
 User registerUser(java.lang.String name, java.lang.String password, java.lang.String lastName, java.lang.String firstName, java.lang.String mailAddress)
          Registers a new User to the Registry.
 void removeRights(SecurableObject object, Role role, RightType[] types)
          Removes all rights of the specified types that the role may have on the given SecurableObject.
 void renameObject(Service service, java.lang.String oldName, java.lang.String newName)
           
(package private)  void renew()
           
 void setGroupsForGroup(Group group, Group[] newGroups)
          Sets the Group s that a given Group is a DIRECT member of.
 void setGroupsForUser(User user, Group[] newGroups)
          Sets the Groups that a given User is a DIRECT member of.
 void setGroupsInGroup(Group group, Group[] groups)
          Sets the members (groups) for a group.
 void setGroupsWithRole(Role role, Group[] groups)
          Sets the groups to be associated with the given role.
 void setPrivilegesForRole(Role role, Privilege[] privileges)
          Sets the privileges for a certain role.
 void setRights(SecurableObject[] objects, Role role, Right right)
          Sets one certain right that a certain role has on the given objects.
 void setRights(SecurableObject object, Role role, Right[] rights)
          Sets the Rights that a certain role has on a given object.
 void setServicesRights(java.util.Collection<java.lang.Integer> services, Role role)
           
 void setUsersInGroup(Group group, User[] users)
          Sets the members (users) in a group.
 void setUsersWithRole(Role role, User[] users)
          Sets the users to be associated with the given role (DIRECTLY, i.e. not via group memberships).
 java.lang.String toString()
           
 void updateService(Service oldService, Service newService)
           
 void updateUser(User user)
          Updates the data of an existing User in the Registry.
 
Methods inherited from class org.deegree.security.drm.SecurityAccess
checkForPrivilege, checkForRight, findGroupCycle, getAllGroups, getAllRoles, getAllRolesForGroup, getAllRolesForUser, getAllSecuredObjects, getAllServices, getAllUsers, getGroupById, getGroupByName, getPrivilegeByName, getRightByName, getRoleById, getRoleByName, getRolesByNS, getRolesServices, getSecuredObjectById, getSecuredObjectByName, getSecuredObjectsByNS, getServiceByAddress, getUser, getUserById, getUserByName
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SecurityTransaction

SecurityTransaction(User user,
                    SecurityRegistry registry,
                    Role adminRole)
Parameters:
user -
registry -
adminRole -
Method Detail

addRoles

public Role[] addRoles(Role[] roles,
                       Role role)
Returns the conjunction of an array of roles plus a single role.

Parameters:
roles -
role -
Returns:
the conjunction of an array of roles plus a single role.

clean

public void clean()
           throws GeneralSecurityException
Deletes all data from the underlying Registry and sets the default objects (SEC_ADMIN user, role and group) and standard rights and privileges.

Throws:
GeneralSecurityException

deregisterGroup

public void deregisterGroup(Group group)
                     throws GeneralSecurityException,
                            UnauthorizedException
Removes a Group from the Registry. This means: NOTE: Only performed if the acting user has the 'delete'-right on the group object.

Parameters:
group -
Throws:
GeneralSecurityException
UnauthorizedException

deregisterRole

public void deregisterRole(Role role)
                    throws GeneralSecurityException,
                           UnauthorizedException
Removes a Role from the Registry. This means: NOTE: Only performed if acting user has the 'delete'-right on the role object.

Parameters:
role -
Throws:
GeneralSecurityException
UnauthorizedException

deregisterSecuredObject

public void deregisterSecuredObject(SecuredObject object)
                             throws GeneralSecurityException,
                                    UnauthorizedException
Removes a SecuredObject from the Registry. This means: NOTE: Only performed if acting user has the 'delete'-right on the secured object.

Parameters:
object -
Throws:
GeneralSecurityException
UnauthorizedException

deregisterUser

public void deregisterUser(User user)
                    throws GeneralSecurityException,
                           UnauthorizedException
Removes a User from the Registry. This means: NOTE: Only performed if acting user has the 'delete'-right on the user object.

Parameters:
user -
Throws:
GeneralSecurityException
UnauthorizedException

getTimestamp

public long getTimestamp()
Returns:
timestamp

registerGroup

public Group registerGroup(java.lang.String name,
                           java.lang.String title)
                    throws GeneralSecurityException
Registers a new Group to the Registry. This means: NOTE: Only performed if acting user has the 'addgroup'-privilege.

Parameters:
name -
title -
Returns:
the new Group
Throws:
GeneralSecurityException

registerRole

public Role registerRole(java.lang.String name)
                  throws GeneralSecurityException
Registers a new Role to the Registry. This means: NOTE: Only performed if acting user has the 'addrole'-privilege.

Parameters:
name -
Returns:
the new Role
Throws:
GeneralSecurityException

registerSecuredObject

public SecuredObject registerSecuredObject(java.lang.String type,
                                           java.lang.String name,
                                           java.lang.String title)
                                    throws GeneralSecurityException
Registers a new SecuredObject to the Registry. This means:

Parameters:
type -
name -
title -
Returns:
the new SecuredObject
Throws:
GeneralSecurityException

registerUser

public User registerUser(java.lang.String name,
                         java.lang.String password,
                         java.lang.String lastName,
                         java.lang.String firstName,
                         java.lang.String mailAddress)
                  throws GeneralSecurityException
Registers a new User to the Registry. This means: NOTE: Only performed if acting user has the 'adduser'-privilege.

Parameters:
name -
password - null means that password checking is disabled
lastName -
firstName -
mailAddress -
Returns:
the new User
Throws:
GeneralSecurityException

updateUser

public void updateUser(User user)
                throws GeneralSecurityException
Updates the data of an existing User in the Registry. NOTE: Only performed if acting user has the 'update'-right on the user.

Parameters:
user -
Throws:
GeneralSecurityException

setGroupsForGroup

public void setGroupsForGroup(Group group,
                              Group[] newGroups)
                       throws GeneralSecurityException,
                              UnauthorizedException
Sets the Group s that a given Group is a DIRECT member of. NOTE: Only performed if the acting user has the 'grant'-right for all the groups that are requested to be added / removed.

Parameters:
group -
newGroups -
Throws:
GeneralSecurityException
UnauthorizedException

setGroupsForUser

public void setGroupsForUser(User user,
                             Group[] newGroups)
                      throws GeneralSecurityException,
                             UnauthorizedException
Sets the Groups that a given User is a DIRECT member of. NOTE: Only performed if the acting user has the 'grant'-right for all the groups that are requested to be added / removed.

Parameters:
user -
newGroups -
Throws:
GeneralSecurityException
UnauthorizedException

setGroupsInGroup

public void setGroupsInGroup(Group group,
                             Group[] groups)
                      throws GeneralSecurityException,
                             UnauthorizedException
Sets the members (groups) for a group. NOTE: Only performed if the acting user has the 'grant'-right on the group.

Parameters:
group -
groups -
Throws:
GeneralSecurityException
UnauthorizedException

setGroupsWithRole

public void setGroupsWithRole(Role role,
                              Group[] groups)
                       throws GeneralSecurityException,
                              UnauthorizedException
Sets the groups to be associated with the given role. NOTE: Only performed if the acting user has the 'grant'-right on the role.

Parameters:
role -
groups -
Throws:
GeneralSecurityException - if not permitted
UnauthorizedException

setPrivilegesForRole

public void setPrivilegesForRole(Role role,
                                 Privilege[] privileges)
                          throws GeneralSecurityException
Sets the privileges for a certain role. NOTE: Only performed if the acting user has all the privileges he is trying to grant. FIXME: Shouldn't that be "... to grant / withdraw"?

Parameters:
role -
privileges -
Throws:
GeneralSecurityException - if not permitted

setServicesRights

public void setServicesRights(java.util.Collection<java.lang.Integer> services,
                              Role role)
                       throws GeneralSecurityException
Parameters:
transaction -
services -
role -
Throws:
GeneralSecurityException

setRights

public void setRights(SecurableObject object,
                      Role role,
                      Right[] rights)
               throws GeneralSecurityException,
                      UnauthorizedException
Sets the Rights that a certain role has on a given object. NOTE: Only performed if the acting user has the 'update'-right on the role and the 'grant'-right on the securable object.

Parameters:
object -
role -
rights -
Throws:
GeneralSecurityException - if not permitted
UnauthorizedException

setRights

public void setRights(SecurableObject[] objects,
                      Role role,
                      Right right)
               throws GeneralSecurityException,
                      UnauthorizedException
Sets one certain right that a certain role has on the given objects. NOTE: Only performed if the acting user has the 'update'-right on the role and the 'grant'-right on the securable objects.

Parameters:
objects -
role -
right -
Throws:
GeneralSecurityException - if not permitted
UnauthorizedException

addRights

public void addRights(SecurableObject object,
                      Role role,
                      Right[] additionalRights)
               throws GeneralSecurityException,
                      UnauthorizedException
Adds the specified Rights on the passed object to the passed role. If they are already present, nothing happens.

Parameters:
object -
role -
additionalRights -
Throws:
GeneralSecurityException
UnauthorizedException

addRights

public void addRights(SecurableObject object,
                      Role role,
                      RightType[] types)
               throws UnauthorizedException,
                      GeneralSecurityException
Adds the specified Rights on the passed object to the passed role. If they are already present, nothing happens.

Parameters:
object -
role -
types -
Throws:
UnauthorizedException
GeneralSecurityException

removeRights

public void removeRights(SecurableObject object,
                         Role role,
                         RightType[] types)
                  throws GeneralSecurityException,
                         UnauthorizedException
Removes all rights of the specified types that the role may have on the given SecurableObject.

Parameters:
object -
role -
types -
Throws:
GeneralSecurityException
UnauthorizedException

setUsersInGroup

public void setUsersInGroup(Group group,
                            User[] users)
                     throws GeneralSecurityException,
                            UnauthorizedException
Sets the members (users) in a group. NOTE: Only performed if the acting user has the 'grant'-right on the group.

Parameters:
group -
users -
Throws:
GeneralSecurityException
UnauthorizedException

setUsersWithRole

public void setUsersWithRole(Role role,
                             User[] users)
                      throws GeneralSecurityException,
                             UnauthorizedException
Sets the users to be associated with the given role (DIRECTLY, i.e. not via group memberships). NOTE: Only performed if the user has the 'grant'-right on the role.

Parameters:
role -
users -
Throws:
GeneralSecurityException - if not permitted
UnauthorizedException

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

registerService

public Service registerService(java.lang.String address,
                               java.lang.String title,
                               java.util.List<StringPair> objects,
                               java.lang.String type)
                        throws GeneralSecurityException
Parameters:
address -
title -
objects -
type -
Returns:
the new service
Throws:
GeneralSecurityException

deregisterService

public void deregisterService(Service service)
                       throws GeneralSecurityException
Parameters:
service -
Throws:
GeneralSecurityException

updateService

public void updateService(Service oldService,
                          Service newService)
                   throws ReadWriteLockInvalidException,
                          GeneralSecurityException
Parameters:
oldService -
newService -
Throws:
ReadWriteLockInvalidException
GeneralSecurityException

renameObject

public void renameObject(Service service,
                         java.lang.String oldName,
                         java.lang.String newName)
                  throws ReadWriteLockInvalidException,
                         GeneralSecurityException
Parameters:
service -
oldName -
newName -
Throws:
ReadWriteLockInvalidException
GeneralSecurityException

editService

public void editService(Service service,
                        java.lang.String newTitle,
                        java.lang.String newAddress)
                 throws GeneralSecurityException
Parameters:
service -
newTitle -
newAddress -
Throws:
GeneralSecurityException

renew

void renew()

deegree 2.5 (2011/06/29 09:44 build-8-official)

an open source project founded by lat/lon, Bonn, Germany.
For more information visit: http://www.deegree.org