Package ch.ivyteam.ivy.security
Interface ISecurityDescriptor
public interface ISecurityDescriptor
A Security Descriptor is used to decide if a session has a permission
to do something. A Security Descriptor typically is associated to an object,
like a web application or the ivyGrid Server. Therefore a session can do something
on an object if the session has the permission on the object's security descriptor.
The security descriptor can be modified by session who has the right to do that.
Modifications are grant or deny a permission to a user or role.
- Since:
- 17.05.2006
- API:
- This is a public API.
-
Method Summary
Modifier and TypeMethodDescriptionvoid
checkPermission
(ISession currentSession, IPermission permission) Checks if the session has a certain permissionvoid
denyPermission
(IPermission permission, ISecurityMember member) Denies a permission to a security membervoid
denyPermissions
(IPermissionGroup permissionGroup, ISecurityMember member) Denies a all permissions of a permission group to a security membergetAccessControlsForPermission
(IPermission permission) Gets the access control entries for a certain permissionlong
getId()
Gets the identifier of the security descriptordefault IUser
getOwner()
Deprecated, for removal: This API element is subject to removal in a future version.Not supported anymore.getPermissionAccess
(IPermission permission, ISecurityMember member) Gets the permission access of a security membergetPermissionAccesses
(ISecurityMember member) Gets all permission accesses of all permissions for a security membergetPermissionGroupAccess
(IPermissionGroup permissionGroup, ISecurityMember member) Gets the permission group access of a security member (all permissions of the group, including all sub groups are checked).Gets the permissions that can be granted and denied on this security descriptorGets the security descriptor typevoid
grantPermission
(IPermission permission, ISecurityMember member) Grants a permission to a security membervoid
grantPermissions
(IPermissionGroup permissionGroup, ISecurityMember member) Grants all permissions of a permission group to a security memberboolean
hasPermission
(ISession session, IPermission permission) Checks if the session has a certain permissionvoid
undenyPermission
(IPermission permission, ISecurityMember member) Undeny a permission from a security membervoid
undenyPermissions
(IPermissionGroup permissionGroup, ISecurityMember member) Undeny a all permissions of a permission group from a security membervoid
ungrantPermission
(IPermission permission, ISecurityMember member) Ungrants a permission from a security membervoid
ungrantPermissions
(IPermissionGroup permissionGroup, ISecurityMember member) Ungrants a all permissions of a permission group from a security member
-
Method Details
-
hasPermission
Checks if the session has a certain permission- Parameters:
session
- the session to checkpermission
- the permission to check- Returns:
- true if sesion has permission, otherwise false
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getPermissions
List<IPermission> getPermissions()Gets the permissions that can be granted and denied on this security descriptor- Returns:
- list with the permissions
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorReadAllPermissions PERMISSION OR OWNS SecurityDescriptorReadAllPermissions@SYSTEM PERMISSION
-
getOwner
Deprecated, for removal: This API element is subject to removal in a future version.Not supported anymore. Always returns null.- API:
- This public API is available in Java.
-
getSecurityDescriptorType
ISecurityDescriptorType getSecurityDescriptorType()Gets the security descriptor type- Returns:
- security descriptor type
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorReadSecurityDescriptorType PERMISSION OR OWNS SecurityDescriptorReadSecurityDescriptorType@SYSTEM PERMISSION
-
getAccessControlsForPermission
Gets the access control entries for a certain permission- Parameters:
permission
- The permission whichs access control entries should be return- Returns:
- list with AccessControls for a permission
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorReadAccessControl PERMISSION OR OWNS SecurityDescriptorReadAccessControl@SYSTEM PERMISSION
-
grantPermission
Grants a permission to a security member- Parameters:
permission
- the permission to grantmember
- the security member to which the permission should be granted- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
ungrantPermission
Ungrants a permission from a security member- Parameters:
permission
- the permission to ungrantmember
- the security memberr from which the permission should be ungranted- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorUngrantPermission PERMISSION OR OWNS SecurityDescriptorUngrantPermission@SYSTEM PERMISSION
-
denyPermission
Denies a permission to a security member- Parameters:
permission
- the permission to denymember
- the security member to which the permission should be denied- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorDenyPermission PERMISSION OR OWNS SecurityDescriptorDenyPermission@SYSTEM PERMISSION
-
undenyPermission
Undeny a permission from a security member- Parameters:
permission
- the permission to undenymember
- the security memberr from which the permission should be undenied- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorUndenyPermission PERMISSION OR OWNS SecurityDescriptorUndenyPermission@SYSTEM PERMISSION
-
grantPermissions
Grants all permissions of a permission group to a security member- Parameters:
permissionGroup
- the permission group to grant all permissions ofmember
- the security member to which the permission should be granted- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
ungrantPermissions
Ungrants a all permissions of a permission group from a security member- Parameters:
permissionGroup
- the permission group to ungrant all permissions ofmember
- the security memberr from which the permission should be ungranted- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorUngrantPermission PERMISSION OR OWNS SecurityDescriptorUngrantPermission@SYSTEM PERMISSION
-
denyPermissions
Denies a all permissions of a permission group to a security member- Parameters:
permissionGroup
- the permission group to deny all permissions ofmember
- the security member to which the permission should be denied- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorDenyPermission PERMISSION OR OWNS SecurityDescriptorDenyPermission@SYSTEM PERMISSION
-
undenyPermissions
Undeny a all permissions of a permission group from a security member- Parameters:
permissionGroup
- the permission group to undeny all permissions ofmember
- the security memberr from which the permission should be undenied- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorUndenyPermission PERMISSION OR OWNS SecurityDescriptorUndenyPermission@SYSTEM PERMISSION
-
getPermissionAccess
Gets the permission access of a security member- Parameters:
permission
- the permission which permission access should be returnmember
- the security member which permission access should be returned- Returns:
- permisssion access
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorReadPermissionAccess PERMISSION OR OWNS SecurityDescriptorReadPermissionAccess@SYSTEM PERMISSION
-
getPermissionAccesses
Gets all permission accesses of all permissions for a security member- Parameters:
member
- the security member which permission accesses should be returned- Returns:
- list with the permission accesses
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SecurityDescriptorReadAllPermissionAccess PERMISSION OR OWNS SecurityDescriptorReadAllPermissionAccess@SYSTEM PERMISSION
-
getPermissionGroupAccess
IPermissionGroupAccess getPermissionGroupAccess(IPermissionGroup permissionGroup, ISecurityMember member) Gets the permission group access of a security member (all permissions of the group, including all sub groups are checked).- Parameters:
permissionGroup
- The permission group whose permission access should be determinedmember
- The security member for which the access should be determined- Returns:
- permisssion access group
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
checkPermission
Checks if the session has a certain permission- Parameters:
currentSession
- the session to checkpermission
- the permission to check- Throws:
ch.ivyteam.ivy.security.PermissionDeniedException
- if session does not own permissionPersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getId
long getId()Gets the identifier of the security descriptor- Returns:
- identifier
- API:
- This public API is available in Java.
-