org.deegree.security.drm
Class SecurityTransaction

java.lang.Object
  org.deegree.security.drm.SecurityAccess
      org.deegree.security.drm.SecurityTransaction

public class SecurityTransaction
extends SecurityAccess

Version:

$Revision: 25490 $, $Date: 2010-07-26 11:47:34 +0200 (Mo, 26 Jul 2010) $

Author:

Andreas Poth, last edited by: $Author: aschmitz $

Field Summary

Fields inherited from class org.deegree.security.drm.SecurityAccess

registry, user

Constructor Summary

SecurityTransaction(User user, SecurityRegistry registry, Role adminRole)

Method Summary

void	addRights(SecurableObject object, Role role, Right[] additionalRights) Adds the specified Rights on the passed object to the passed role.
void	addRights(SecurableObject object, Role role, RightType[] types) Adds the specified Rights on the passed object to the passed role.
Role[]	addRoles(Role[] roles, Role role) Returns the conjunction of an array of roles plus a single role.
void	clean() Deletes all data from the underlying Registry and sets the default objects (SEC_ADMIN user, role and group) and standard rights and privileges.
void	deregisterGroup(Group group) Removes a Group from the Registry.
void	deregisterRole(Role role) Removes a Role from the Registry.
void	deregisterSecuredObject(SecuredObject object) Removes a SecuredObject from the Registry.
void	deregisterService(Service service)
void	deregisterUser(User user) Removes a User from the Registry.
void	editService(Service service, java.lang.String newTitle, java.lang.String newAddress)
long	getTimestamp()
Group	registerGroup(java.lang.String name, java.lang.String title) Registers a new Group to the Registry.
Role	registerRole(java.lang.String name) Registers a new Role to the Registry.
SecuredObject	registerSecuredObject(java.lang.String type, java.lang.String name, java.lang.String title) Registers a new SecuredObject to the Registry.
Service	registerService(java.lang.String address, java.lang.String title, java.util.List<StringPair> objects, java.lang.String type)
User	registerUser(java.lang.String name, java.lang.String password, java.lang.String lastName, java.lang.String firstName, java.lang.String mailAddress) Registers a new User to the Registry.
void	removeRights(SecurableObject object, Role role, RightType[] types) Removes all rights of the specified types that the role may have on the given SecurableObject.
void	renameObject(Service service, java.lang.String oldName, java.lang.String newName)
(package private) void	renew()
void	setGroupsForGroup(Group group, Group[] newGroups) Sets the Group s that a given Group is a DIRECT member of.
void	setGroupsForUser(User user, Group[] newGroups) Sets the Groups that a given User is a DIRECT member of.
void	setGroupsInGroup(Group group, Group[] groups) Sets the members (groups) for a group.
void	setGroupsWithRole(Role role, Group[] groups) Sets the groups to be associated with the given role.
void	setPrivilegesForRole(Role role, Privilege[] privileges) Sets the privileges for a certain role.
void	setRights(SecurableObject[] objects, Role role, Right right) Sets one certain right that a certain role has on the given objects.
void	setRights(SecurableObject object, Role role, Right[] rights) Sets the Rights that a certain role has on a given object.
void	setServicesRights(java.util.Collection<java.lang.Integer> services, Role role)
void	setUsersInGroup(Group group, User[] users) Sets the members (users) in a group.
void	setUsersWithRole(Role role, User[] users) Sets the users to be associated with the given role (DIRECTLY, i.e. not via group memberships).
java.lang.String	toString()
void	updateService(Service oldService, Service newService)
void	updateUser(User user) Updates the data of an existing User in the Registry.

Methods inherited from class org.deegree.security.drm.SecurityAccess

checkForPrivilege, checkForRight, findGroupCycle, getAllGroups, getAllRoles, getAllRolesForGroup, getAllRolesForUser, getAllSecuredObjects, getAllServices, getAllUsers, getGroupById, getGroupByName, getPrivilegeByName, getRightByName, getRoleById, getRoleByName, getRolesByNS, getRolesServices, getSecuredObjectById, getSecuredObjectByName, getSecuredObjectsByNS, getServiceByAddress, getUser, getUserById, getUserByName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SecurityTransaction

SecurityTransaction(User user,
                    SecurityRegistry registry,
                    Role adminRole)

Parameters:

user -

registry -

adminRole -

Method Detail

addRoles

public Role[] addRoles(Role[] roles,
                       Role role)

Returns the conjunction of an array of roles plus a single role.

Parameters:

roles -

role -

Returns:

the conjunction of an array of roles plus a single role.

clean

public void clean()
           throws GeneralSecurityException

Deletes all data from the underlying Registry and sets the default objects (SEC_ADMIN user, role and group) and standard rights and privileges.

Throws:

GeneralSecurityException

deregisterGroup

public void deregisterGroup(Group group)
                     throws GeneralSecurityException,
                            UnauthorizedException

Removes a Group from the Registry. This means:

• owner role ($G:GROUPNAME) is removed
• group is removed

NOTE: Only performed if the acting user has the 'delete'-right on the group object.

Parameters:

group -

Throws:

GeneralSecurityException

UnauthorizedException

deregisterRole

public void deregisterRole(Role role)
                    throws GeneralSecurityException,
                           UnauthorizedException

Removes a Role from the Registry. This means:

• owner role ($R:ROLENAME) is removed
• role is removed

NOTE: Only performed if acting user has the 'delete'-right on the role object.

Parameters:

role -

Throws:

GeneralSecurityException

UnauthorizedException

deregisterSecuredObject

public void deregisterSecuredObject(SecuredObject object)
                             throws GeneralSecurityException,
                                    UnauthorizedException

Removes a SecuredObject from the Registry. This means:

• owner role ($O:OBJECTNAME) is removed
• object is removed

NOTE: Only performed if acting user has the 'delete'-right on the secured object.

Parameters:

object -

Throws:

GeneralSecurityException

UnauthorizedException

deregisterUser

public void deregisterUser(User user)
                    throws GeneralSecurityException,
                           UnauthorizedException

Removes a User from the Registry. This means:

• owner role ($U:USERNAME) is removed
• user is removed

NOTE: Only performed if acting user has the 'delete'-right on the user object.

Parameters:

user -

Throws:

GeneralSecurityException

UnauthorizedException

getTimestamp

public long getTimestamp()

Returns:

timestamp

registerGroup

public Group registerGroup(java.lang.String name,
                           java.lang.String title)
                    throws GeneralSecurityException

Registers a new Group to the Registry. This means:

• a group is created in the registry
• a corresponding owner role is created: $G:GROUPNAME
• rights for the owner role are set up; creator has delete, update and grant rights on the group, administrator role gets these right, too

NOTE: Only performed if acting user has the 'addgroup'-privilege.

Parameters:

name -

title -

Returns:

the new Group

Throws:

GeneralSecurityException

registerRole

public Role registerRole(java.lang.String name)
                  throws GeneralSecurityException

Registers a new Role to the Registry. This means:

• a role is created in the registry
• a corresponding owner role is created: $R:ROLENAME
• rights for the owner role are set up; creator has delete, update and grant rights on the role, administrator role gets these right, too

NOTE: Only performed if acting user has the 'addrole'-privilege.

Parameters:

name -

Returns:

the new Role

Throws:

GeneralSecurityException

registerSecuredObject

public SecuredObject registerSecuredObject(java.lang.String type,
                                           java.lang.String name,
                                           java.lang.String title)
                                    throws GeneralSecurityException

Registers a new SecuredObject to the Registry. This means:

• a secured object is created in the registry
• a corresponding owner role is created: $O:OBJECTNAME
• rights for the owner role are set up; creator has delete, update and grant rights on the object, administrator role gets these right, too

Parameters:

type -

name -

title -

Returns:

the new SecuredObject

Throws:

GeneralSecurityException

registerUser

public User registerUser(java.lang.String name,
                         java.lang.String password,
                         java.lang.String lastName,
                         java.lang.String firstName,
                         java.lang.String mailAddress)
                  throws GeneralSecurityException

Registers a new User to the Registry. This means:

• a user is created in the registry
• a corresponding owner role is created: $U:USERNAME
• rights for the owner role are set up; creator has delete, update and grant rights on the user, administrator role gets these right, too

NOTE: Only performed if acting user has the 'adduser'-privilege.

Parameters:

name -

password - null means that password checking is disabled

lastName -

firstName -

mailAddress -

Returns:

the new User

Throws:

GeneralSecurityException

updateUser

public void updateUser(User user)
                throws GeneralSecurityException

Updates the data of an existing User in the Registry. NOTE: Only performed if acting user has the 'update'-right on the user.

Parameters:

user -

Throws:

GeneralSecurityException

setGroupsForGroup

public void setGroupsForGroup(Group group,
                              Group[] newGroups)
                       throws GeneralSecurityException,
                              UnauthorizedException

Sets the Group s that a given Group is a DIRECT member of. NOTE: Only performed if the acting user has the 'grant'-right for all the groups that are requested to be added / removed.

Parameters:

group -

newGroups -

Throws:

GeneralSecurityException

UnauthorizedException

setGroupsForUser

public void setGroupsForUser(User user,
                             Group[] newGroups)
                      throws GeneralSecurityException,
                             UnauthorizedException

Sets the Groups that a given User is a DIRECT member of. NOTE: Only performed if the acting user has the 'grant'-right for all the groups that are requested to be added / removed.

Parameters:

user -

newGroups -

Throws:

GeneralSecurityException

UnauthorizedException

setGroupsInGroup

public void setGroupsInGroup(Group group,
                             Group[] groups)
                      throws GeneralSecurityException,
                             UnauthorizedException

Sets the members (groups) for a group. NOTE: Only performed if the acting user has the 'grant'-right on the group.

Parameters:

group -

groups -

Throws:

GeneralSecurityException

UnauthorizedException

setGroupsWithRole

public void setGroupsWithRole(Role role,
                              Group[] groups)
                       throws GeneralSecurityException,
                              UnauthorizedException

Sets the groups to be associated with the given role. NOTE: Only performed if the acting user has the 'grant'-right on the role.

Parameters:

role -

groups -

Throws:

GeneralSecurityException - if not permitted

UnauthorizedException

setPrivilegesForRole

public void setPrivilegesForRole(Role role,
                                 Privilege[] privileges)
                          throws GeneralSecurityException

Sets the privileges for a certain role. NOTE: Only performed if the acting user has all the privileges he is trying to grant. FIXME: Shouldn't that be "... to grant / withdraw"?

Parameters:

role -

privileges -

Throws:

GeneralSecurityException - if not permitted

setServicesRights

public void setServicesRights(java.util.Collection<java.lang.Integer> services,
                              Role role)
                       throws GeneralSecurityException

Parameters:

transaction -

services -

role -

Throws:

GeneralSecurityException

setRights

public void setRights(SecurableObject object,
                      Role role,
                      Right[] rights)
               throws GeneralSecurityException,
                      UnauthorizedException

Sets the Rights that a certain role has on a given object. NOTE: Only performed if the acting user has the 'update'-right on the role and the 'grant'-right on the securable object.

Parameters:

object -

role -

rights -

Throws:

GeneralSecurityException - if not permitted

UnauthorizedException

setRights

public void setRights(SecurableObject[] objects,
                      Role role,
                      Right right)
               throws GeneralSecurityException,
                      UnauthorizedException

Sets one certain right that a certain role has on the given objects. NOTE: Only performed if the acting user has the 'update'-right on the role and the 'grant'-right on the securable objects.

Parameters:

objects -

role -

right -

Throws:

GeneralSecurityException - if not permitted

UnauthorizedException

addRights

public void addRights(SecurableObject object,
                      Role role,
                      Right[] additionalRights)
               throws GeneralSecurityException,
                      UnauthorizedException

Adds the specified Rights on the passed object to the passed role. If they are already present, nothing happens.

Parameters:

object -

role -

additionalRights -

Throws:

GeneralSecurityException

UnauthorizedException

addRights

public void addRights(SecurableObject object,
                      Role role,
                      RightType[] types)
               throws UnauthorizedException,
                      GeneralSecurityException

Adds the specified Rights on the passed object to the passed role. If they are already present, nothing happens.

Parameters:

object -

role -

types -

Throws:

UnauthorizedException

GeneralSecurityException

removeRights

public void removeRights(SecurableObject object,
                         Role role,
                         RightType[] types)
                  throws GeneralSecurityException,
                         UnauthorizedException

Removes all rights of the specified types that the role may have on the given SecurableObject.

Parameters:

object -

role -

types -

Throws:

GeneralSecurityException

UnauthorizedException

setUsersInGroup

public void setUsersInGroup(Group group,
                            User[] users)
                     throws GeneralSecurityException,
                            UnauthorizedException

Sets the members (users) in a group. NOTE: Only performed if the acting user has the 'grant'-right on the group.

Parameters:

group -

users -

Throws:

GeneralSecurityException

UnauthorizedException

setUsersWithRole

public void setUsersWithRole(Role role,
                             User[] users)
                      throws GeneralSecurityException,
                             UnauthorizedException

Sets the users to be associated with the given role (DIRECTLY, i.e. not via group memberships). NOTE: Only performed if the user has the 'grant'-right on the role.

Parameters:

role -

users -

Throws:

GeneralSecurityException - if not permitted

UnauthorizedException

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

registerService

public Service registerService(java.lang.String address,
                               java.lang.String title,
                               java.util.List<StringPair> objects,
                               java.lang.String type)
                        throws GeneralSecurityException

Parameters:

address -

title -

objects -

type -

Returns:

the new service

Throws:

GeneralSecurityException

deregisterService

public void deregisterService(Service service)
                       throws GeneralSecurityException

Parameters:

service -

Throws:

GeneralSecurityException

updateService

public void updateService(Service oldService,
                          Service newService)
                   throws ReadWriteLockInvalidException,
                          GeneralSecurityException

Parameters:

oldService -

newService -

Throws:

ReadWriteLockInvalidException

GeneralSecurityException

renameObject

public void renameObject(Service service,
                         java.lang.String oldName,
                         java.lang.String newName)
                  throws ReadWriteLockInvalidException,
                         GeneralSecurityException

Parameters:

service -

oldName -

newName -

Throws:

ReadWriteLockInvalidException

GeneralSecurityException

editService

public void editService(Service service,
                        java.lang.String newTitle,
                        java.lang.String newAddress)
                 throws GeneralSecurityException

Parameters:

service -

newTitle -

newAddress -

Throws:

GeneralSecurityException

renew

void renew()