Interface ISecurityContext
-
- All Superinterfaces:
org.eclipse.core.runtime.IAdaptable
,ISecurity
,ISynchronizableSecuritySystem
public interface ISecurityContext extends ISecurity, org.eclipse.core.runtime.IAdaptable, ISynchronizableSecuritySystem
The security context is responsible to manage users, roles and sessions.- Since:
- 17.05.2006
- API:
- This is a public API.
-
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description void
checkPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
Checks if the current session has a certain permission on the security descriptorISession
createSession()
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.create()
ISession
createSession(int sessionIdentifier)
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.create()
IUser
createUser(String userName, String fullUserName, String password, Locale eMailLanguage, String eMailAddress, String externalSecuritySystemName)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.create(NewUser)
insteadstatic ISecurityContext
current()
Gets the current security context.void
deleteUser(String userName)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.delete(String)
insteadvoid
destroySession(int sessionIdentifier)
Deprecated, for removal: This API element is subject to removal in a future version.<T> T
executeAs(Callable<T> callable, ISession executionContext)
Executes the callable in the context of the given execution contextIRole
findRole(long roleId)
Find a role by its identifierIRole
findRole(String roleName)
Deprecated, for removal: This API element is subject to removal in a future version.instead useroles()
.find(roleName)
ISecurityMember
findSecurityMember(String securityMemberName)
Deprecated, for removal: This API element is subject to removal in a future version.ISession
findSession(int sessionIdentifier)
Deprecated, for removal: This API element is subject to removal in a future version.IUser
findUser(long userId)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.find(long)
insteadIUser
findUser(String userName)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.findWithExternalLookup(String)
insteadIUser
findUserWithoutLookup(String userName)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.find(String)
insteadList<IRole>
getActiveRoles()
ClusterSessionsSnapshot
getClusterSessionsSnapshot()
Deprecated, for removal: This API element is subject to removal in a future version.ClusterSessionsSnapshot
getClusterSessionsSnapshot(long maxAge)
Deprecated, for removal: This API element is subject to removal in a future version.ISession
getCurrentSession()
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.current()
String
getExternalSecuritySystemName()
Gets the name of the external security system providerlong
getId()
Gets the identifier of the security contextList<IRole>
getRoles()
long
getSessionCount()
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.count()
List<ISession>
getSessions()
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.all()
IUser
getSystemUser()
ISession
getSystemUserSession()
Deprecated, for removal: This API element is subject to removal in a future version.IRole
getTopLevelRole()
Deprecated, for removal: This API element is subject to removal in a future version.instead useroles()
.topLevel())
IUserQueryExecutor
getUserQueryExecutor()
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.queryExecutor()
;List<IUser>
getUsers()
boolean
hasPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
Checks if the current session has a certain permission on the security descriptorIRoleRepository
roles()
Gets the role repository of this security context.ISessionRepository
sessions()
Gets the session repository of this security context.IUserRepository
users()
Gets the user repository of this security context.-
Methods inherited from interface ch.ivyteam.ivy.security.synch.ISynchronizableSecuritySystem
isSynchronizationRunning, synchronizeUser, triggerSynchronization, triggerSynchronization
-
-
-
-
Method Detail
-
roles
IRoleRepository roles()
Gets the role repository of this security context. Allows to find
roles
of this security context / application.Example:
IRole manager = ivy.security.roles().find("Manager");
-
users
IUserRepository users()
Gets the user repository of this security context. Allows to create, delete, find, query
users
of this security context / application.Example:
IUser user = ivy.security.users().find("Ivy");
-
sessions
ISessionRepository sessions()
Gets the session repository of this security context. Allows to create, destroy, find sessions of this security context / application.
Example:
Number sessionCount = ivy.security.sessions().count();
-
getRoles
@Deprecated(forRemoval=true, since="9.3") List<IRole> getRoles()
Deprecated, for removal: This API element is subject to removal in a future version.- Returns:
- All roles. Flat without any hierarchy, but the child roles of a role are always behind the parent role.
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
getActiveRoles
@Deprecated(forRemoval=true, since="9.3") List<IRole> getActiveRoles()
Deprecated, for removal: This API element is subject to removal in a future version.- Returns:
- all roles which could be actively used by the system. Flat without any hierarchy, but the
child roles of a role are always behind the parent role.
In comparison togetRoles()
thoseroles
will be excluded, which only exists in outdated Process Model Versions. - Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
getTopLevelRole
@Deprecated(forRemoval=true, since="9.3") IRole getTopLevelRole()
Deprecated, for removal: This API element is subject to removal in a future version.instead useroles()
.topLevel())
Returns the top level role- Returns:
- top level role
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
findRole
@Deprecated(forRemoval=true, since="9.3") IRole findRole(String roleName)
Deprecated, for removal: This API element is subject to removal in a future version.instead useroles()
.find(roleName)
Finds a role by its name- Parameters:
roleName
- The name of a role- Returns:
- role or null if no role was found
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
findRole
IRole findRole(long roleId)
Find a role by its identifier- Parameters:
roleId
- the identifier of the role- Returns:
- the role or null if role is not found
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
createUser
@Deprecated(forRemoval=true, since="9.1") IUser createUser(String userName, String fullUserName, String password, Locale eMailLanguage, String eMailAddress, String externalSecuritySystemName)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.create(NewUser)
insteadCreates a new well-known user- Parameters:
userName
- The user namefullUserName
- The user's full namepassword
- The user's passwordeMailLanguage
- the language the e-mail notifications are written ineMailAddress
- The users e-mail addressexternalSecuritySystemName
- the name of the user in the external security system- Returns:
- created user
- Throws:
PersistencyException
- if persistency access fails or user already exists- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
deleteUser
@Deprecated(forRemoval=true, since="9.1") void deleteUser(String userName)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.delete(String)
insteadDeletes a well-known user- Parameters:
userName
- The user name- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
findUser
@Deprecated(forRemoval=true, since="9.1") IUser findUser(String userName)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.findWithExternalLookup(String)
insteadFind a user by its name. Does lookup the user in the external security system (e.g Active Directory) if the user is not yet synchronized.- Parameters:
userName
- the name of the user to find- Returns:
- user or
null
if no user with the name exists (also in the external security system if configured) - Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
findUserWithoutLookup
@Deprecated(forRemoval=true, since="9.1") IUser findUserWithoutLookup(String userName)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.find(String)
insteadFinds a user by its name. Does not lookup the user in the external security system (e.g Active Directory) if the user is not synchronized yet.- Parameters:
userName
- the name of the user to find- Returns:
- user or
null
if no user with the name exists or the user was not yet synchronized from the external security system - Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
findUser
@Deprecated(forRemoval=true, since="9.1") IUser findUser(long userId)
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.find(long)
insteadFind a user by its identifier- Parameters:
userId
- the identifier of the user- Returns:
- the user or null if user is not found
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
getSystemUser
@Deprecated(forRemoval=true, since="9.3") IUser getSystemUser()
Deprecated, for removal: This API element is subject to removal in a future version.Gets the system user- Returns:
- system user
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
createSession
@Deprecated(forRemoval=true, since="9.3") ISession createSession(int sessionIdentifier)
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.create()
Creates a new session- Parameters:
sessionIdentifier
- the session identifier- Returns:
- new session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
createSession
@Deprecated(forRemoval=true, since="9.3") ISession createSession()
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.create()
Creates a new session- Returns:
- new session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
findSession
@Deprecated(forRemoval=true, since="9.3") ISession findSession(int sessionIdentifier)
Deprecated, for removal: This API element is subject to removal in a future version.Find session- Parameters:
sessionIdentifier
- session identifier- Returns:
- session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getSystemUserSession
@Deprecated(forRemoval=true, since="9.3") ISession getSystemUserSession()
Deprecated, for removal: This API element is subject to removal in a future version.Gets the session of the system user- Returns:
- system user session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
destroySession
@Deprecated(forRemoval=true, since="9.3") void destroySession(int sessionIdentifier)
Deprecated, for removal: This API element is subject to removal in a future version.Destroys a session- Parameters:
sessionIdentifier
- session identifier- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getUsers
@Deprecated(forRemoval=true, since="9.1") List<IUser> getUsers()
Deprecated, for removal: This API element is subject to removal in a future version.WARNING: This methods loads the all users into memory.
This can cause out of memory exceptions and bad performance depending on the number of users in your application.- Returns:
- enumeration with all users
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
getSessions
@Deprecated(forRemoval=true, since="9.3") List<ISession> getSessions()
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.all()
Gets all sessions of the web application. In a cluster environment returns only the sessions of the local cluster node. To get information of session on all cluster nodes usegetClusterSessionsSnapshot()
- Returns:
- enumeration with the sessions
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getSessionCount
@Deprecated(forRemoval=true, since="9.3") long getSessionCount()
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.count()
Get count of all sessions of this local running engine.- Returns:
- count of sessions (without system user session)
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getClusterSessionsSnapshot
@Deprecated(forRemoval=true, since="9.3") ClusterSessionsSnapshot getClusterSessionsSnapshot()
Deprecated, for removal: This API element is subject to removal in a future version.CallsgetClusterSessionsSnapshot(long)
with the default value of maxAge=1000 (1 second)- Returns:
- a cluster session snapshot. Never null
- Throws:
PersistencyException
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getClusterSessionsSnapshot
@Deprecated(forRemoval=true, since="9.3") ClusterSessionsSnapshot getClusterSessionsSnapshot(long maxAge)
Deprecated, for removal: This API element is subject to removal in a future version.Returns a snapshot containing information of all sessions at the time this method was invoked. If there is only one cluster node theClusterSessionsSnapshot
contains the same information which can be fetched withgetSessions()
. If there are multiple cluster nodes theClusterSessionsSnapshot
contains as well information about sessions on other nodes. The parametermaxAge
controls how old theClusterSessionsSnapshot
can be. For example withmaxAge=5000
theClusterSessionsSnapshot
is maximal 5 seconds old. The longer themaxAge
is the less network traffic is caused.- Parameters:
maxAge
- in milliSeconds- Returns:
- a cluster session snapshot. Never null
- Throws:
PersistencyException
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
hasPermission
boolean hasPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
Checks if the current session has a certain permission on the security descriptor- Parameters:
securityDescriptor
- the security descriptor to check for the permissionpermission
- the identifier of the permission to check- Returns:
- true if session has permission, otherwise false
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
checkPermission
void checkPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
Checks if the current session has a certain permission on the security descriptor- Parameters:
securityDescriptor
- the security descriptor to check for the permissionpermission
- the permission to check- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getCurrentSession
@Deprecated(forRemoval=true, since="9.3") ISession getCurrentSession()
Deprecated, for removal: This API element is subject to removal in a future version.usesessions()
.current()
Gets the current session. Gets the current session associated to the current thread- Returns:
- current session or null if current thread has no session associated
- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
findSecurityMember
@Deprecated(forRemoval=true, since="9.3") ISecurityMember findSecurityMember(String securityMemberName)
Deprecated, for removal: This API element is subject to removal in a future version.Finds a security member with its name- Parameters:
securityMemberName
- the security member name- Returns:
- the security member found or null.
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
getExternalSecuritySystemName
String getExternalSecuritySystemName()
Gets the name of the external security system provider- Returns:
- name of the external security system provider
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityReadExternalSecuritySystemProvider PERMISSION OR OWNS SecurityReadExternalSecuritySystemProvider@SYSTEM PERMISSION
-
getId
long getId()
Gets the identifier of the security context- Returns:
- identifier
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
executeAs
<T> T executeAs(Callable<T> callable, ISession executionContext) throws Exception
Executes the callable in the context of the given execution context- Type Parameters:
T
- the type of the result- Parameters:
callable
- the callableexecutionContext
- the execution context- Returns:
- the result of the callable
- Throws:
Exception
- if callable throws an exception- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getUserQueryExecutor
@Deprecated(forRemoval=true, since="8.0.3") IUserQueryExecutor getUserQueryExecutor()
Deprecated, for removal: This API element is subject to removal in a future version.useusers()
.queryExecutor()
;Executor foruser queries
on this security context.- Returns:
- user query executor
- Since:
- 8.0.2
- See Also:
UserQuery
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
current
static ISecurityContext current()
Gets the current security context.
Will return null if called out of scope. The scope is set if you call this method from an ivy process or any supported ivy environment. It is not set in non supported ivy environments (e.g. if you start your own threads, etc.).
- Returns:
- current security context or null if out of scope
- Since:
- 9.3
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
-