Package org.uberfire.security.impl.authz
Class DefaultPermissionManager
- java.lang.Object
-
- org.uberfire.security.impl.authz.DefaultPermissionManager
-
- All Implemented Interfaces:
PermissionManager
@ApplicationScoped public class DefaultPermissionManager extends Object implements PermissionManager
-
-
Constructor Summary
Constructors Constructor Description DefaultPermissionManager()DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry)DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry, DefaultAuthzResultCache cache)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected AuthorizationResult_checkPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)protected AuthorizationResult_checkPermission(Permission permission, PermissionCollection collection)protected List<AuthorizationResult>_checkRoleAndGroupPermissions(Permission permission, org.jboss.errai.security.shared.api.identity.User user)AuthorizationResultcheckPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user)Check if the given permission is granted to the specified user.AuthorizationResultcheckPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)Check if the given permission is granted to the specified user.PermissioncreatePermission(String name, boolean granted)Creates a permission instance.PermissioncreatePermission(org.uberfire.security.Resource resource, org.uberfire.security.ResourceAction action, boolean granted)Creates a permission instance representing an action on a given resource..PermissioncreatePermission(org.uberfire.security.ResourceType resourceType, org.uberfire.security.ResourceAction action, boolean granted)Creates a permission instance representing an action on a given resource..AuthorizationPolicygetAuthorizationPolicy()Gets the current authorization policy instance set.org.uberfire.security.authz.VotingStrategygetDefaultVotingStrategy()Gets the default voting strategy.VotingAlgorithmgetVotingAlgorithm(org.uberfire.security.authz.VotingStrategy votingStrategy)Gets theVotingAlgorithmimplementation associated with the specifiedVotingStrategy.voidinvalidate(org.jboss.errai.security.shared.api.identity.User user)Invalidate user related authorization data cachedAuthorizationPolicyBuildernewAuthorizationPolicy()Gets a builder reference in order to initialize a brand new AuthorizationPolicy instance.PermissionCollectionresolvePermissions(org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)Get the permissions assigned to a given user.StringresolveResourceId(Permission permission)Given a permission it tries to determine what is the resource the permission refers to.voidsetAuthorizationPolicy(AuthorizationPolicy authorizationPolicy)Changes the current authorization policy instance.voidsetDefaultVotingStrategy(org.uberfire.security.authz.VotingStrategy votingStrategy)Set the default voting strategy to apply when checking permissions for users who have more than one role and/or group assigned.voidsetVotingAlgorithm(org.uberfire.security.authz.VotingStrategy votingStrategy, VotingAlgorithm votingAlgorithm)Sets theVotingAlgorithmimplementation to be used every time the givenVotingStrategyis applied.
-
-
-
Constructor Detail
-
DefaultPermissionManager
@Inject public DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry)
-
DefaultPermissionManager
public DefaultPermissionManager()
-
DefaultPermissionManager
public DefaultPermissionManager(PermissionTypeRegistry permissionTypeRegistry, DefaultAuthzResultCache cache)
-
-
Method Detail
-
getAuthorizationPolicy
public AuthorizationPolicy getAuthorizationPolicy()
Description copied from interface:PermissionManagerGets the current authorization policy instance set.- Specified by:
getAuthorizationPolicyin interfacePermissionManager
-
setAuthorizationPolicy
public void setAuthorizationPolicy(AuthorizationPolicy authorizationPolicy)
Description copied from interface:PermissionManagerChanges the current authorization policy instance.- Specified by:
setAuthorizationPolicyin interfacePermissionManager
-
newAuthorizationPolicy
public AuthorizationPolicyBuilder newAuthorizationPolicy()
Description copied from interface:PermissionManagerGets a builder reference in order to initialize a brand new AuthorizationPolicy instance.- Specified by:
newAuthorizationPolicyin interfacePermissionManager
-
getDefaultVotingStrategy
public org.uberfire.security.authz.VotingStrategy getDefaultVotingStrategy()
Description copied from interface:PermissionManagerGets the default voting strategy.- Specified by:
getDefaultVotingStrategyin interfacePermissionManager- Returns:
- A
VotingStrategyinstance
-
setDefaultVotingStrategy
public void setDefaultVotingStrategy(org.uberfire.security.authz.VotingStrategy votingStrategy)
Description copied from interface:PermissionManagerSet the default voting strategy to apply when checking permissions for users who have more than one role and/or group assigned.- Specified by:
setDefaultVotingStrategyin interfacePermissionManager- Parameters:
votingStrategy- The voting strategy to apply when calling toPermissionManager.checkPermission(Permission, User)
-
getVotingAlgorithm
public VotingAlgorithm getVotingAlgorithm(org.uberfire.security.authz.VotingStrategy votingStrategy)
Description copied from interface:PermissionManagerGets theVotingAlgorithmimplementation associated with the specifiedVotingStrategy.- Specified by:
getVotingAlgorithmin interfacePermissionManager- Parameters:
votingStrategy- The voting strategy- Returns:
- The voting algorithm instance
-
setVotingAlgorithm
public void setVotingAlgorithm(org.uberfire.security.authz.VotingStrategy votingStrategy, VotingAlgorithm votingAlgorithm)Description copied from interface:PermissionManagerSets theVotingAlgorithmimplementation to be used every time the givenVotingStrategyis applied.- Specified by:
setVotingAlgorithmin interfacePermissionManager- Parameters:
votingStrategy- The voting strategyvotingAlgorithm- The voting algorithm to apply when calling toPermissionManager.checkPermission(Permission, User, VotingStrategy)with the proper voting strategy.
-
createPermission
public Permission createPermission(String name, boolean granted)
Description copied from interface:PermissionManagerCreates a permission instance.- Specified by:
createPermissionin interfacePermissionManager- Parameters:
name- The name of the permission to creategranted- true=granted, false=denied- Returns:
- A brand new permission instance
-
createPermission
public Permission createPermission(org.uberfire.security.Resource resource, org.uberfire.security.ResourceAction action, boolean granted)
Description copied from interface:PermissionManagerCreates a permission instance representing an action on a given resource..- Specified by:
createPermissionin interfacePermissionManager- Parameters:
resource- The resource instanceaction- The action to check. If null then an "access" permission is created. The term access refers to the ability to reach, read, view ... the resource, depending on the resource type.- Returns:
- A permission instance
-
createPermission
public Permission createPermission(org.uberfire.security.ResourceType resourceType, org.uberfire.security.ResourceAction action, boolean granted)
Description copied from interface:PermissionManagerCreates a permission instance representing an action on a given resource..- Specified by:
createPermissionin interfacePermissionManager- Parameters:
resourceType- The resource typeaction- The action to check. If null then an "access" permission is created. The term access refers to the ability to reach, read, view ... the resource, depending on the resource type.- Returns:
- A permission instance
-
checkPermission
public AuthorizationResult checkPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user)
Description copied from interface:PermissionManagerCheck if the given permission is granted to the specified user.NOTE: If voting is required (users with more than one role and/or group assigned) then the default voting strategy is used
- Specified by:
checkPermissionin interfacePermissionManager- Parameters:
permission- The permission to checkuser- The user instance- Returns:
- The authorization result: GRANTED / DENIED / ABSTAIN
- See Also:
AuthorizationResult
-
checkPermission
public AuthorizationResult checkPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
Description copied from interface:PermissionManagerCheck if the given permission is granted to the specified user.- Specified by:
checkPermissionin interfacePermissionManager- Parameters:
permission- The permission to checkuser- The user instancevotingStrategy- The voting strategy to use when voting is required (users with more than one role and/or group assigned). If null then the default voting strategy is used.- Returns:
- The authorization result: GRANTED / DENIED / ABSTAIN
-
_checkPermission
protected AuthorizationResult _checkPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
-
_checkRoleAndGroupPermissions
protected List<AuthorizationResult> _checkRoleAndGroupPermissions(Permission permission, org.jboss.errai.security.shared.api.identity.User user)
-
_checkPermission
protected AuthorizationResult _checkPermission(Permission permission, PermissionCollection collection)
-
resolveResourceId
public String resolveResourceId(Permission permission)
Description copied from interface:PermissionManagerGiven a permission it tries to determine what is the resource the permission refers to.The resolution mechanism works only if the permission instance was created by a previous call to
PermissionManager.createPermission(Resource, ResourceAction, boolean). In such case the identifier of theResourceinstance is the value returned.- Specified by:
resolveResourceIdin interfacePermissionManager- Parameters:
permission- The permission which resource id. has to be inferred.- Returns:
- A resource id. or null if it can bot be inferred.
-
resolvePermissions
public PermissionCollection resolvePermissions(org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
Description copied from interface:PermissionManagerGet the permissions assigned to a given user.Usually, the user's permissions is obtained by mixing all the permissions assigned to each role and group instance the user belongs to.
Every interface implementation must take into account the voting strategy specified, which is used to resolve permission collision.
- Specified by:
resolvePermissionsin interfacePermissionManager- Parameters:
user- The user instancevotingStrategy- The voting strategy- Returns:
- The permission collection
- See Also:
AuthorizationPolicy.getPriority(Role),AuthorizationPolicy.getPriority(Group)
-
invalidate
public void invalidate(org.jboss.errai.security.shared.api.identity.User user)
Description copied from interface:PermissionManagerInvalidate user related authorization data cached- Specified by:
invalidatein interfacePermissionManager- Parameters:
user- user to invalidate cache
-
-