org.uberfire.security.impl.authz

Class DefaultPermissionManager

java.lang.Object

org.uberfire.security.impl.authz.DefaultPermissionManager

All Implemented Interfaces:

PermissionManager

@ApplicationScoped
public class DefaultPermissionManager
extends Object
implements PermissionManager

Constructor Summary

Constructors

Constructor and Description
DefaultPermissionManager()
DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry)
DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry, DefaultAuthzResultCache cache)

Method Summary

Modifier and Type	Method and Description
protected AuthorizationResult	_checkPermission(Permission permission, PermissionCollection collection)
protected AuthorizationResult	_checkPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user, VotingStrategy votingStrategy)
protected List<AuthorizationResult>	_checkRoleAndGroupPermissions(Permission permission, org.jboss.errai.security.shared.api.identity.User user)
AuthorizationResult	checkPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user) Check if the given permission is granted to the specified user.
AuthorizationResult	checkPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user, VotingStrategy votingStrategy) Check if the given permission is granted to the specified user.
Permission	createPermission(Resource resource, ResourceAction action, boolean granted) Creates a permission instance representing an action on a given resource..
Permission	createPermission(ResourceType resourceType, ResourceAction action, boolean granted) Creates a permission instance representing an action on a given resource..
Permission	createPermission(String name, boolean granted) Creates a permission instance.
AuthorizationPolicy	getAuthorizationPolicy() Gets the current authorization policy instance set.
VotingStrategy	getDefaultVotingStrategy() Gets the default voting strategy.
VotingAlgorithm	getVotingAlgorithm(VotingStrategy votingStrategy) Gets the VotingAlgorithm implementation associated with the specified VotingStrategy.
AuthorizationPolicyBuilder	newAuthorizationPolicy() Gets a builder reference in order to initialize a brand new AuthorizationPolicy instance.
PermissionCollection	resolvePermissions(org.jboss.errai.security.shared.api.identity.User user, VotingStrategy votingStrategy) Get the permissions assigned to a given user.
String	resolveResourceId(Permission permission) Given a permission it tries to determine what is the resource the permission refers to.
void	setAuthorizationPolicy(AuthorizationPolicy authorizationPolicy) Changes the current authorization policy instance.
void	setDefaultVotingStrategy(VotingStrategy votingStrategy) Set the default voting strategy to apply when checking permissions for users who have more than one role and/or group assigned.
void	setVotingAlgorithm(VotingStrategy votingStrategy, VotingAlgorithm votingAlgorithm) Sets the VotingAlgorithm implementation to be used every time the given VotingStrategy is applied.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultPermissionManager

@Inject
public DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry)

DefaultPermissionManager

public DefaultPermissionManager()

DefaultPermissionManager

public DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry,
                                DefaultAuthzResultCache cache)

Method Detail

getAuthorizationPolicy

public AuthorizationPolicy getAuthorizationPolicy()

Description copied from interface: PermissionManager

Gets the current authorization policy instance set.

Specified by:

getAuthorizationPolicy in interface PermissionManager

setAuthorizationPolicy

public void setAuthorizationPolicy(AuthorizationPolicy authorizationPolicy)

Description copied from interface: PermissionManager

Changes the current authorization policy instance.

Specified by:

setAuthorizationPolicy in interface PermissionManager

newAuthorizationPolicy

public AuthorizationPolicyBuilder newAuthorizationPolicy()

Description copied from interface: PermissionManager

Gets a builder reference in order to initialize a brand new AuthorizationPolicy instance.

Specified by:

newAuthorizationPolicy in interface PermissionManager

setDefaultVotingStrategy

public void setDefaultVotingStrategy(VotingStrategy votingStrategy)

Description copied from interface: PermissionManager

Set the default voting strategy to apply when checking permissions for users who have more than one role and/or group assigned.

Specified by:

setDefaultVotingStrategy in interface PermissionManager

Parameters:

votingStrategy - The voting strategy to apply when calling to PermissionManager.checkPermission(Permission, User)

getDefaultVotingStrategy

public VotingStrategy getDefaultVotingStrategy()

Description copied from interface: PermissionManager

Gets the default voting strategy.

Specified by:

getDefaultVotingStrategy in interface PermissionManager

Returns:

A VotingStrategy instance

getVotingAlgorithm

public VotingAlgorithm getVotingAlgorithm(VotingStrategy votingStrategy)

Description copied from interface: PermissionManager

Gets the VotingAlgorithm implementation associated with the specified VotingStrategy.

Specified by:

getVotingAlgorithm in interface PermissionManager

Parameters:

votingStrategy - The voting strategy

Returns:

The voting algorithm instance

setVotingAlgorithm

public void setVotingAlgorithm(VotingStrategy votingStrategy,
                               VotingAlgorithm votingAlgorithm)

Description copied from interface: PermissionManager

Sets the VotingAlgorithm implementation to be used every time the given VotingStrategy is applied.

Specified by:

setVotingAlgorithm in interface PermissionManager

Parameters:

votingStrategy - The voting strategy

votingAlgorithm - The voting algorithm to apply when calling to PermissionManager.checkPermission(Permission, User, VotingStrategy) with the proper voting strategy.

createPermission

public Permission createPermission(String name,
                                   boolean granted)

Description copied from interface: PermissionManager

Creates a permission instance.

Specified by:

createPermission in interface PermissionManager

Parameters:

name - The name of the permission to create

granted - true=granted, false=denied

Returns:

A brand new permission instance

createPermission

public Permission createPermission(Resource resource,
                                   ResourceAction action,
                                   boolean granted)

Description copied from interface: PermissionManager

Creates a permission instance representing an action on a given resource..

Specified by:

createPermission in interface PermissionManager

Parameters:

resource - The resource instance

action - The action to check. If null then an "access" permission is created. The term access refers to the ability to reach, read, view ... the resource, depending on the resource type.

Returns:

A permission instance

createPermission

public Permission createPermission(ResourceType resourceType,
                                   ResourceAction action,
                                   boolean granted)

Description copied from interface: PermissionManager

Creates a permission instance representing an action on a given resource..

Specified by:

createPermission in interface PermissionManager

Parameters:

resourceType - The resource type

action - The action to check. If null then an "access" permission is created. The term access refers to the ability to reach, read, view ... the resource, depending on the resource type.

Returns:

A permission instance

checkPermission

public AuthorizationResult checkPermission(Permission permission,
                                           org.jboss.errai.security.shared.api.identity.User user)

Description copied from interface: PermissionManager

Check if the given permission is granted to the specified user.

NOTE: If voting is required (users with more than one role and/or group assigned) then the default voting strategy is used

Specified by:

checkPermission in interface PermissionManager

Parameters:

permission - The permission to check

user - The user instance

Returns:

The authorization result: GRANTED / DENIED / ABSTAIN

See Also:

AuthorizationResult

checkPermission

public AuthorizationResult checkPermission(Permission permission,
                                           org.jboss.errai.security.shared.api.identity.User user,
                                           VotingStrategy votingStrategy)

Description copied from interface: PermissionManager

Check if the given permission is granted to the specified user.

Specified by:

checkPermission in interface PermissionManager

Parameters:

permission - The permission to check

user - The user instance

votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned). If null then the default voting strategy is used.

Returns:

The authorization result: GRANTED / DENIED / ABSTAIN

_checkPermission

protected AuthorizationResult _checkPermission(Permission permission,
                                               org.jboss.errai.security.shared.api.identity.User user,
                                               VotingStrategy votingStrategy)

_checkRoleAndGroupPermissions

protected List<AuthorizationResult> _checkRoleAndGroupPermissions(Permission permission,
                                                                  org.jboss.errai.security.shared.api.identity.User user)

_checkPermission

protected AuthorizationResult _checkPermission(Permission permission,
                                               PermissionCollection collection)

resolveResourceId

public String resolveResourceId(Permission permission)

Description copied from interface: PermissionManager

Given a permission it tries to determine what is the resource the permission refers to.

The resolution mechanism works only if the permission instance was created by a previous call to PermissionManager.createPermission(Resource, ResourceAction, boolean). In such case the identifier of the Resource instance is the value returned.

Specified by:

resolveResourceId in interface PermissionManager

Parameters:

permission - The permission which resource id. has to be inferred.

Returns:

A resource id. or null if it can bot be inferred.

resolvePermissions

public PermissionCollection resolvePermissions(org.jboss.errai.security.shared.api.identity.User user,
                                               VotingStrategy votingStrategy)

Description copied from interface: PermissionManager

Get the permissions assigned to a given user.

Usually, the user's permissions is obtained by mixing all the permissions assigned to each role and group instance the user belongs to.

Every interface implementation must take into account the voting strategy specified, which is used to resolve permission collision.

Specified by:

resolvePermissions in interface PermissionManager

Parameters:

user - The user instance

votingStrategy - The voting strategy

Returns:

The permission collection

See Also:

AuthorizationPolicy.getPriority(Role), AuthorizationPolicy.getPriority(Group)