org.drools.guvnor.server.security
Class RoleBasedPermissionResolver
java.lang.Object
org.drools.guvnor.server.security.RoleBasedPermissionResolver
- All Implemented Interfaces:
- Serializable, org.jboss.seam.security.permission.PermissionResolver
@Name(value="org.jboss.seam.security.roleBasedPermissionResolver")
@Scope(value=APPLICATION)
@BypassInterceptors
@Install(precedence=20)
@Startup
public class RoleBasedPermissionResolver
- extends Object
- implements org.jboss.seam.security.permission.PermissionResolver, Serializable
PermissionResolvers are chained together to resolve permission check, the check returns true if
one of the PermissionResolvers in the chain returns true.
This PermissionResolver resolves category-based permissions and package-based permissions.
If the input is category-based request, the resolver returns true under following situations:
1. The user is admin
Or
2. The user has at least one analyst role that has access to the requested category path.
If the input is package-based request, the resolver returns true under following situations:
1. The user is admin
Or
2. The user has one of the following roles package.admin|package.developer|package.readonly on the requested
package, and requested role requires lower privilege than assigned role(I.e., package.admin>package.developer>package.readonly)
- See Also:
- Serialized Form
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
RoleBasedPermissionResolver
public RoleBasedPermissionResolver()
create
@Create
public void create()
hasPermission
public boolean hasPermission(Object requestedObject,
String requestedPermission)
- check permission
- Specified by:
hasPermission
in interface org.jboss.seam.security.permission.PermissionResolver
- Parameters:
requestedObject
- the requestedObject must be an instance of CategoryPathType,
or PackageNameType or PackageUUIDType.
Otherwise return false;requestedPermission
- the requestedRole must be an instance of String, its value has to be one of the
followings: admin|analyst|package.admin|package.developer|package.readonly,
otherwise return false;
- Returns:
- true if the permission can be granted on the requested object with the
requested role; return false otherwise.
filterSetByAction
public void filterSetByAction(Set<Object> targets,
String action)
- Specified by:
filterSetByAction
in interface org.jboss.seam.security.permission.PermissionResolver
isEnableRoleBasedAuthorization
public boolean isEnableRoleBasedAuthorization()
setEnableRoleBasedAuthorization
public void setEnableRoleBasedAuthorization(boolean enableRoleBasedAuthorization)
Copyright © 2001-2012 JBoss by Red Hat. All Rights Reserved.