Package ch.ivyteam.ivy.security

Interface ISecurityContext

    • Method Detail

      • roles

        IRoleRepository roles()

        Gets the role repository of this security context. Allows to find roles of this security context / application.

        Example:

        
 IRole manager = ivy.security.roles().find("Manager");
        Specified by:
        roles in interface ISecurity
        Returns:
        role repository
        Since:
        9.3
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • users

        IUserRepository users()

        Gets the user repository of this security context. Allows to create, delete, find, query users of this security context / application.

        Example:

        
 IUser user = ivy.security.users().find("Ivy");
        Specified by:
        users in interface ISecurity
        Returns:
        user repository
        Since:
        8.0.3
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • sessions

        ISessionRepository sessions()

        Gets the session repository of this security context. Allows to create, destroy, find sessions of this security context / application.

        Example:

        
 Number sessionCount = ivy.security.sessions().count();
        Specified by:
        sessions in interface ISecurity
        Returns:
        session repository
        Since:
        9.3
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • getRoles

        @Deprecated(forRemoval=true,
            since="9.3")
List<IRole> getRoles()
        Deprecated, for removal: This API element is subject to removal in a future version.
        instead use roles().all()
        Returns:
        All roles. Flat without any hierarchy, but the child roles of a role are always behind the parent role.
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • getActiveRoles

        @Deprecated(forRemoval=true,
            since="9.3")
List<IRole> getActiveRoles()
        Deprecated, for removal: This API element is subject to removal in a future version.
        instead use roles().active()
        Returns:
        all roles which could be actively used by the system. Flat without any hierarchy, but the child roles of a role are always behind the parent role.
        In comparison to getRoles() those roles will be excluded, which only exists in outdated Process Model Versions.
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • getTopLevelRole

        @Deprecated(forRemoval=true,
            since="9.3")
IRole getTopLevelRole()
        Deprecated, for removal: This API element is subject to removal in a future version.
        instead use roles().topLevel())
        Returns the top level role
        Returns:
        top level role
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • findRole

        @Deprecated(forRemoval=true,
            since="9.3")
IRole findRole​(String roleName)
        Deprecated, for removal: This API element is subject to removal in a future version.
        instead use roles().find(roleName)
        Finds a role by its name
        Parameters:
        roleName - The name of a role
        Returns:
        role or null if no role was found
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • findRole

        IRole findRole​(long roleId)
        Find a role by its identifier
        Parameters:
        roleId - the identifier of the role
        Returns:
        the role or null if role is not found
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • createUser

        @Deprecated(forRemoval=true,
            since="9.1")
IUser createUser​(String userName,
                 String fullUserName,
                 String password,
                 Locale eMailLanguage,
                 String eMailAddress,
                 String externalSecuritySystemName)
        Deprecated, for removal: This API element is subject to removal in a future version.
        use users().create(NewUser) instead
        Creates a new well-known user
        Parameters:
        userName - The user name
        fullUserName - The user's full name
        password - The user's password
        eMailLanguage - the language the e-mail notifications are written in
        eMailAddress - The users e-mail address
        externalSecuritySystemName - the name of the user in the external security system
        Returns:
        created user
        Throws:
        PersistencyException - if persistency access fails or user already exists
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • deleteUser

        @Deprecated(forRemoval=true,
            since="9.1")
void deleteUser​(String userName)
        Deprecated, for removal: This API element is subject to removal in a future version.
        use users().delete(String) instead
        Deletes a well-known user
        Parameters:
        userName - The user name
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • findUser

        @Deprecated(forRemoval=true,
            since="9.1")
IUser findUser​(String userName)
        Deprecated, for removal: This API element is subject to removal in a future version.
        use users().findWithExternalLookup(String) instead
        Find a user by its name. Does lookup the user in the external security system (e.g Active Directory) if the user is not yet synchronized.
        Parameters:
        userName - the name of the user to find
        Returns:
        user or null if no user with the name exists (also in the external security system if configured)
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • findUserWithoutLookup

        @Deprecated(forRemoval=true,
            since="9.1")
IUser findUserWithoutLookup​(String userName)
        Deprecated, for removal: This API element is subject to removal in a future version.
        use users().find(String) instead
        Finds a user by its name. Does not lookup the user in the external security system (e.g Active Directory) if the user is not synchronized yet.
        Parameters:
        userName - the name of the user to find
        Returns:
        user or null if no user with the name exists or the user was not yet synchronized from the external security system
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.
        Security:
        SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

      • findUser

        @Deprecated(forRemoval=true,
            since="9.1")
IUser findUser​(long userId)
        Deprecated, for removal: This API element is subject to removal in a future version.
        use users().find(long) instead
        Find a user by its identifier
        Parameters:
        userId - the identifier of the user
        Returns:
        the user or null if user is not found
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

      • getSystemUser

        @Deprecated(forRemoval=true,
            since="9.3")
IUser getSystemUser()
        Deprecated, for removal: This API element is subject to removal in a future version.
        use users().system()
        Gets the system user
        Returns:
        system user
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.
        Security:
        SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

      • createSession

        @Deprecated(forRemoval=true,
            since="9.3")
ISession createSession​(int sessionIdentifier)
        Deprecated, for removal: This API element is subject to removal in a future version.
        use sessions().create()
        Creates a new session
        Parameters:
        sessionIdentifier - the session identifier
        Returns:
        new session
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in Java.

      • getUsers

        @Deprecated(forRemoval=true,
            since="9.1")
List<IUser> getUsers()
        Deprecated, for removal: This API element is subject to removal in a future version.
        use users().paged(), users().query() or UserQuery instead

        WARNING: This methods loads the all users into memory.
        This can cause out of memory exceptions and bad performance depending on the number of users in your application.

        Returns:
        enumeration with all users
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

      • getSessions

        @Deprecated(forRemoval=true,
            since="9.3")
List<ISession> getSessions()
        Deprecated, for removal: This API element is subject to removal in a future version.
        use sessions().all()
        Gets all sessions of the web application. In a cluster environment returns only the sessions of the local cluster node. To get information of session on all cluster nodes use getClusterSessionsSnapshot()
        Returns:
        enumeration with the sessions
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • getSessionCount

        @Deprecated(forRemoval=true,
            since="9.3")
long getSessionCount()
        Deprecated, for removal: This API element is subject to removal in a future version.
        use sessions().count()
        Get count of all sessions of this local running engine.
        Returns:
        count of sessions (without system user session)
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • hasPermission

        boolean hasPermission​(ISecurityDescriptor securityDescriptor,
                      IPermission permission)
        Checks if the current session has a certain permission on the security descriptor
        Parameters:
        securityDescriptor - the security descriptor to check for the permission
        permission - the identifier of the permission to check
        Returns:
        true if session has permission, otherwise false
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • checkPermission

        void checkPermission​(ISecurityDescriptor securityDescriptor,
                     IPermission permission)
        Checks if the current session has a certain permission on the security descriptor
        Parameters:
        securityDescriptor - the security descriptor to check for the permission
        permission - the permission to check
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • getCurrentSession

        @Deprecated(forRemoval=true,
            since="9.3")
ISession getCurrentSession()
        Deprecated, for removal: This API element is subject to removal in a future version.
        use sessions().current()
        Gets the current session. Gets the current session associated to the current thread
        Returns:
        current session or null if current thread has no session associated
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • findSecurityMember

        @Deprecated(forRemoval=true,
            since="9.3")
ISecurityMember findSecurityMember​(String securityMemberName)
        Deprecated, for removal: This API element is subject to removal in a future version.
        use ISecurity.members().find(String)
        Finds a security member with its name
        Parameters:
        securityMemberName - the security member name
        Returns:
        the security member found or null.
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • getExternalSecuritySystemName

        String getExternalSecuritySystemName()
        Gets the name of the external security system provider
        Returns:
        name of the external security system provider
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityReadExternalSecuritySystemProvider PERMISSION OR OWNS SecurityReadExternalSecuritySystemProvider@SYSTEM PERMISSION

      • getId

        long getId()
        Gets the identifier of the security context
        Returns:
        identifier
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • executeAs

        <T> T executeAs​(Callable<T> callable,
                ISession executionContext)
         throws Exception
        Executes the callable in the context of the given execution context
        Type Parameters:
        T - the type of the result
        Parameters:
        callable - the callable
        executionContext - the execution context
        Returns:
        the result of the callable
        Throws:
        Exception - if callable throws an exception
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • current

        static ISecurityContext current()

        Gets the current security context.

        Will return null if called out of scope. The scope is set if you call this method from an ivy process or any supported ivy environment. It is not set in non supported ivy environments (e.g. if you start your own threads, etc.).

        Returns:
        current security context or null if out of scope
        Since:
        9.3
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.