Interface ISecurityContext
- All Superinterfaces:
ISecurity
,ISynchronizableSecuritySystem
- Since:
- 17.05.2006
- API:
- This is a public API.
-
Method Summary
Modifier and TypeMethodDescriptionvoid
checkPermission
(ISecurityDescriptor securityDescriptor, IPermission permission) Checks if the current session has a certain permission on the security descriptorDeprecated, for removal: This API element is subject to removal in a future version.createSession
(int sessionIdentifier) Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.create()
createUser
(String userName, String fullUserName, String password, Locale eMailLanguage, String eMailAddress, String externalSecuritySystemName) Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.create(NewUser)
instead
Migration Example:ivy.session().getSecurityContext().createUser("jd", "John Doe", "1234", Locale.ENGLISH, "john.doe@axonivy.com", null)
==>ivy.security.users.create(NewUser.create("jd").fullName("John Doe").password("1234").mailLanguage(Locale.ENGLISH).mailAddress("john.doe@axonivy.com").toNewUser())
static ISecurityContext
current()
Gets the current security context.void
deleteUser
(String userName) Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.delete(String)
insteadvoid
destroySession
(int sessionIdentifier) Deprecated, for removal: This API element is subject to removal in a future version.<T> T
Executes the callable in the context of the given execution contextfindRole
(long roleId) Deprecated, for removal: This API element is subject to removal in a future version.Deprecated, for removal: This API element is subject to removal in a future version.instead useroles()
.find(roleName)
Migration Example:ivy.session().getSecurityContext().findRole("ivy")
==>ivy.security.roles().find("ivy")
findSecurityMember
(String securityMemberName) Deprecated, for removal: This API element is subject to removal in a future version.findSession
(int sessionIdentifier) Deprecated, for removal: This API element is subject to removal in a future version.findUser
(long userId) Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.find(long)
insteadDeprecated, for removal: This API element is subject to removal in a future version.useusers()
.findWithExternalLookup(String)
instead
Migration Example:ivy.session().getSecurityContext().findUser("ivy")
==>ivy.security.users().findWithExternalLookup("ivy")
findUserWithoutLookup
(String userName) Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.find(String)
insteadDeprecated, for removal: This API element is subject to removal in a future version.getClusterSessionsSnapshot
(long maxAge) Deprecated, for removal: This API element is subject to removal in a future version.Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.current()
long
getId()
Gets the identifier of the security contextgetRoles()
long
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.count()
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.all()
Deprecated, for removal: This API element is subject to removal in a future version.Deprecated, for removal: This API element is subject to removal in a future version.instead useroles()
.topLevel())
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.queryExecutor()
;getUsers()
boolean
hasPermission
(ISecurityDescriptor securityDescriptor, IPermission permission) Checks if the current session has a certain permission on the security descriptorroles()
Gets the role repository of this security context.sessions()
Gets the session repository of this security context.users()
Gets the user repository of this security context.Methods inherited from interface ch.ivyteam.ivy.security.synch.ISynchronizableSecuritySystem
isSynchronizationRunning, synchronizeUser, triggerSynchronization, triggerSynchronization
-
Method Details
-
roles
IRoleRepository roles()Gets the role repository of this security context. Allows to find
roles
of this security context / application.Example:
IRole manager = ivy.security.roles().find("Manager");
-
users
IUserRepository users()Gets the user repository of this security context. Allows to create, delete, find, query
users
of this security context / application.Example:
IUser user = ivy.security.users().find("Ivy");
-
sessions
ISessionRepository sessions()Gets the session repository of this security context. Allows to create, destroy, find sessions of this security context / application.
Example:
Number sessionCount = ivy.security.sessions().count();
-
getRoles
Deprecated, for removal: This API element is subject to removal in a future version.- Returns:
- All roles. Flat without any hierarchy, but the child roles of a role are always behind the parent role.
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getActiveRoles
Deprecated, for removal: This API element is subject to removal in a future version.- Returns:
- all roles which could be actively used by the system. Flat without any hierarchy, but the
child roles of a role are always behind the parent role.
In comparison togetRoles()
thoseroles
will be excluded, which only exists in outdated Process Model Versions. - Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getTopLevelRole
Deprecated, for removal: This API element is subject to removal in a future version.instead useroles()
.topLevel())
Returns the top level role- Returns:
- top level role
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
findRole
Deprecated, for removal: This API element is subject to removal in a future version.instead useroles()
.find(roleName)
Migration Example:ivy.session().getSecurityContext().findRole("ivy")
==>ivy.security.roles().find("ivy")
Finds a role by its name- Parameters:
roleName
- The name of a role- Returns:
- role or null if no role was found
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
findRole
Deprecated, for removal: This API element is subject to removal in a future version.- API:
- This public API is available in Java.
-
createUser
@Deprecated(forRemoval=true, since="9.1") IUser createUser(String userName, String fullUserName, String password, Locale eMailLanguage, String eMailAddress, String externalSecuritySystemName) Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.create(NewUser)
instead
Migration Example:ivy.session().getSecurityContext().createUser("jd", "John Doe", "1234", Locale.ENGLISH, "john.doe@axonivy.com", null)
==>ivy.security.users.create(NewUser.create("jd").fullName("John Doe").password("1234").mailLanguage(Locale.ENGLISH).mailAddress("john.doe@axonivy.com").toNewUser())
Creates a new well-known user- Parameters:
userName
- The user namefullUserName
- The user's full namepassword
- The user's passwordeMailLanguage
- the language the e-mail notifications are written ineMailAddress
- The users e-mail addressexternalSecuritySystemName
- the name of the user in the external security system- Returns:
- created user
- Throws:
PersistencyException
- if persistency access fails or user already exists- API:
- This public API is available in Java.
-
deleteUser
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.delete(String)
insteadDeletes a well-known user- Parameters:
userName
- The user name- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
findUser
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.findWithExternalLookup(String)
instead
Migration Example:ivy.session().getSecurityContext().findUser("ivy")
==>ivy.security.users().findWithExternalLookup("ivy")
Find a user by its name. Does lookup the user in the external security system (e.g Active Directory) if the user is not yet synchronized.
- Parameters:
userName
- the name of the user to find- Returns:
- user or
null
if no user with the name exists (also in the external security system if configured) - Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
findUserWithoutLookup
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.find(String)
insteadFinds a user by its name. Does not lookup the user in the external security system (e.g Active Directory) if the user is not synchronized yet.- Parameters:
userName
- the name of the user to find- Returns:
- user or
null
if no user with the name exists or the user was not yet synchronized from the external security system - Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
findUser
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.find(long)
insteadFind a user by its identifier- Parameters:
userId
- the identifier of the user- Returns:
- the user or null if user is not found
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
getSystemUser
Deprecated, for removal: This API element is subject to removal in a future version.Gets the system user- Returns:
- system user
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
createSession
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.create()
Creates a new session- Parameters:
sessionIdentifier
- the session identifier- Returns:
- new session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
createSession
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.create()
Creates a new session- Returns:
- new session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
findSession
Deprecated, for removal: This API element is subject to removal in a future version.Find session- Parameters:
sessionIdentifier
- session identifier- Returns:
- session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getSystemUserSession
Deprecated, for removal: This API element is subject to removal in a future version.Gets the session of the system user- Returns:
- system user session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
destroySession
Deprecated, for removal: This API element is subject to removal in a future version.Destroys a session- Parameters:
sessionIdentifier
- session identifier- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getUsers
Deprecated, for removal: This API element is subject to removal in a future version.WARNING: This methods loads the all users into memory.
This can cause out of memory exceptions and bad performance depending on the number of users in your application.- Returns:
- enumeration with all users
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
getSessions
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.all()
Gets all sessions of the web application. In a cluster environment returns only the sessions of the local cluster node. To get information of session on all cluster nodes usegetClusterSessionsSnapshot()
- Returns:
- enumeration with the sessions
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getSessionCount
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.count()
Get count of all sessions of this local running engine.- Returns:
- count of sessions (without system user session)
- API:
- This public API is available in Java.
-
getClusterSessionsSnapshot
Deprecated, for removal: This API element is subject to removal in a future version.CallsgetClusterSessionsSnapshot(long)
with the default value of maxAge=1000 (1 second)- Returns:
- a cluster session snapshot. Never null
- Throws:
PersistencyException
- API:
- This public API is available in Java.
-
getClusterSessionsSnapshot
@Deprecated(forRemoval=true, since="9.3") ClusterSessionsSnapshot getClusterSessionsSnapshot(long maxAge) Deprecated, for removal: This API element is subject to removal in a future version.Returns a snapshot containing information of all sessions at the time this method was invoked. If there is only one cluster node theClusterSessionsSnapshot
contains the same information which can be fetched withgetSessions()
. If there are multiple cluster nodes theClusterSessionsSnapshot
contains as well information about sessions on other nodes. The parametermaxAge
controls how old theClusterSessionsSnapshot
can be. For example withmaxAge=5000
theClusterSessionsSnapshot
is maximal 5 seconds old. The longer themaxAge
is the less network traffic is caused.- Parameters:
maxAge
- in milliSeconds- Returns:
- a cluster session snapshot. Never null
- Throws:
PersistencyException
- API:
- This public API is available in Java.
-
hasPermission
Checks if the current session has a certain permission on the security descriptor- Parameters:
securityDescriptor
- the security descriptor to check for the permissionpermission
- the identifier of the permission to check- Returns:
- true if session has permission, otherwise false
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
checkPermission
Checks if the current session has a certain permission on the security descriptor- Parameters:
securityDescriptor
- the security descriptor to check for the permissionpermission
- the permission to check- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getCurrentSession
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.current()
Gets the current session. Gets the current session associated to the current thread- Returns:
- current session or null if current thread has no session associated
- API:
- This public API is available in Java.
-
findSecurityMember
@Deprecated(forRemoval=true, since="9.3") ISecurityMember findSecurityMember(String securityMemberName) Deprecated, for removal: This API element is subject to removal in a future version.Finds a security member with its name- Parameters:
securityMemberName
- the security member name- Returns:
- the security member found or null.
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getId
long getId()Gets the identifier of the security context- Returns:
- identifier
- API:
- This public API is available in Java.
-
executeAs
Executes the callable in the context of the given execution context- Type Parameters:
T
- the type of the result- Parameters:
callable
- the callableexecutionContext
- the execution context- Returns:
- the result of the callable
- Throws:
Exception
- if callable throws an exception- API:
- This public API is available in Java.
-
getUserQueryExecutor
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.queryExecutor()
;Executor foruser queries
on this security context.- Returns:
- user query executor
- Since:
- 8.0.2
- See Also:
- API:
- This public API is available in Java.
-
current
Gets the current security context.
Will return null if called out of scope. The scope is set if you call this method from an ivy process or any supported ivy environment. It is not set in non supported ivy environments (e.g. if you start your own threads, etc.).
- Returns:
- current security context or null if out of scope
- Since:
- 9.3
- API:
- This public API is available in Java.
-
sessions()
.create()