Package ch.ivyteam.ivy.security

Interface ISecurityContext

All Superinterfaces:
org.eclipse.core.runtime.IAdaptable, ISecurity, ISynchronizableSecuritySystem
public interface ISecurityContext extends ISecurity, org.eclipse.core.runtime.IAdaptable, ISynchronizableSecuritySystem
The security context is responsible to manage users, roles and sessions.
Since:
17.05.2006
API:
This is a public API.

  • Method Details

    • roles

      IRoleRepository roles()

      Gets the role repository of this security context. Allows to find roles of this security context / application.

      Example:

      
 IRole manager = ivy.security.roles().find("Manager");
      Specified by:
      roles in interface ISecurity
      Returns:
      role repository
      Since:
      9.3
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • users

      IUserRepository users()

      Gets the user repository of this security context. Allows to create, delete, find, query users of this security context / application.

      Example:

      
 IUser user = ivy.security.users().find("Ivy");
      Specified by:
      users in interface ISecurity
      Returns:
      user repository
      Since:
      8.0.3
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • sessions

      ISessionRepository sessions()

      Gets the session repository of this security context. Allows to create, destroy, find sessions of this security context / application.

      Example:

      
 Number sessionCount = ivy.security.sessions().count();
      Specified by:
      sessions in interface ISecurity
      Returns:
      session repository
      Since:
      9.3
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • getRoles

      @Deprecated(forRemoval=true, since="9.3") List<IRole> getRoles()
      Deprecated, for removal: This API element is subject to removal in a future version.
      instead use roles().all()
      Returns:
      All roles. Flat without any hierarchy, but the child roles of a role are always behind the parent role.
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • getActiveRoles

      @Deprecated(forRemoval=true, since="9.3") List<IRole> getActiveRoles()
      Deprecated, for removal: This API element is subject to removal in a future version.
      instead use roles().active()
      Returns:
      all roles which could be actively used by the system. Flat without any hierarchy, but the child roles of a role are always behind the parent role.
      In comparison to getRoles() those roles will be excluded, which only exists in outdated Process Model Versions.
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • getTopLevelRole

      @Deprecated(forRemoval=true, since="9.3") IRole getTopLevelRole()
      Deprecated, for removal: This API element is subject to removal in a future version.
      instead use roles().topLevel())
      Returns the top level role
      Returns:
      top level role
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • findRole

      @Deprecated(forRemoval=true, since="9.3") IRole findRole(String roleName)
      Deprecated, for removal: This API element is subject to removal in a future version.
      instead use roles().find(roleName)
      Migration Example: ivy.session().getSecurityContext().findRole("ivy") ==> ivy.security.roles().find("ivy")
      Finds a role by its name
      Parameters:
      roleName - The name of a role
      Returns:
      role or null if no role was found
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • createUser

      @Deprecated(forRemoval=true, since="9.1") IUser createUser(String userName, String fullUserName, String password, Locale eMailLanguage, String eMailAddress, String externalSecuritySystemName)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use users().create(NewUser) instead
      Migration Example: ivy.session().getSecurityContext().createUser("jd", "John Doe", "1234", Locale.ENGLISH, "john.doe@axonivy.com", null) ==> ivy.security.users.create(NewUser.create("jd").fullName("John Doe").password("1234").mailLanguage(Locale.ENGLISH).mailAddress("john.doe@axonivy.com").toNewUser())
      Creates a new well-known user
      Parameters:
      userName - The user name
      fullUserName - The user's full name
      password - The user's password
      eMailLanguage - the language the e-mail notifications are written in
      eMailAddress - The users e-mail address
      externalSecuritySystemName - the name of the user in the external security system
      Returns:
      created user
      Throws:
      PersistencyException - if persistency access fails or user already exists
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • deleteUser

      @Deprecated(forRemoval=true, since="9.1") void deleteUser(String userName)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use users().delete(String) instead
      Deletes a well-known user
      Parameters:
      userName - The user name
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • findUser

      @Deprecated(forRemoval=true, since="9.1") IUser findUser(String userName)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use users().findWithExternalLookup(String) instead
      Migration Example: ivy.session().getSecurityContext().findUser("ivy") ==> ivy.security.users().findWithExternalLookup("ivy")

      Find a user by its name. Does lookup the user in the external security system (e.g Active Directory) if the user is not yet synchronized.

      Parameters:
      userName - the name of the user to find
      Returns:
      user or null if no user with the name exists (also in the external security system if configured)
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • findUserWithoutLookup

      @Deprecated(forRemoval=true, since="9.1") IUser findUserWithoutLookup(String userName)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use users().find(String) instead
      Finds a user by its name. Does not lookup the user in the external security system (e.g Active Directory) if the user is not synchronized yet.
      Parameters:
      userName - the name of the user to find
      Returns:
      user or null if no user with the name exists or the user was not yet synchronized from the external security system
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.
      Security:
      SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

    • findUser

      @Deprecated(forRemoval=true, since="9.1") IUser findUser(long userId)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use users().find(long) instead
      Find a user by its identifier
      Parameters:
      userId - the identifier of the user
      Returns:
      the user or null if user is not found
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

    • getSystemUser

      @Deprecated(forRemoval=true, since="9.3") IUser getSystemUser()
      Deprecated, for removal: This API element is subject to removal in a future version.
      use users().system()
      Gets the system user
      Returns:
      system user
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.
      Security:
      SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

    • createSession

      @Deprecated(forRemoval=true, since="9.3") ISession createSession(int sessionIdentifier)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().create()
      Creates a new session
      Parameters:
      sessionIdentifier - the session identifier
      Returns:
      new session
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in Java.

    • createSession

      @Deprecated(forRemoval=true, since="9.3") ISession createSession()
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().create()
      Creates a new session
      Returns:
      new session
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in Java.

    • findSession

      @Deprecated(forRemoval=true, since="9.3") ISession findSession(int sessionIdentifier)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().find(sessionIdentifier)
      Find session
      Parameters:
      sessionIdentifier - session identifier
      Returns:
      session
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in Java.

    • getSystemUserSession

      @Deprecated(forRemoval=true, since="9.3") ISession getSystemUserSession()
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().systemUser()
      Gets the session of the system user
      Returns:
      system user session
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in Java.

    • destroySession

      @Deprecated(forRemoval=true, since="9.3") void destroySession(int sessionIdentifier)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().destroy(sessionIdentifier)
      Destroys a session
      Parameters:
      sessionIdentifier - session identifier
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in Java.

    • getUsers

      @Deprecated(forRemoval=true, since="9.1") List<IUser> getUsers()
      Deprecated, for removal: This API element is subject to removal in a future version.
      use users().paged(), users().query() or UserQuery instead

      WARNING: This methods loads the all users into memory.
      This can cause out of memory exceptions and bad performance depending on the number of users in your application.

      Returns:
      enumeration with all users
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.
      Security:
      SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

    • getSessions

      @Deprecated(forRemoval=true, since="9.3") List<ISession> getSessions()
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().all()
      Gets all sessions of the web application. In a cluster environment returns only the sessions of the local cluster node. To get information of session on all cluster nodes use getClusterSessionsSnapshot()
      Returns:
      enumeration with the sessions
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getSessionCount

      @Deprecated(forRemoval=true, since="9.3") long getSessionCount()
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().count()
      Get count of all sessions of this local running engine.
      Returns:
      count of sessions (without system user session)
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getClusterSessionsSnapshot

      @Deprecated(forRemoval=true, since="9.3") ClusterSessionsSnapshot getClusterSessionsSnapshot()
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().clusterSnapshot()
      Calls getClusterSessionsSnapshot(long) with the default value of maxAge=1000 (1 second)
      Returns:
      a cluster session snapshot. Never null
      Throws:
      PersistencyException
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getClusterSessionsSnapshot

      @Deprecated(forRemoval=true, since="9.3") ClusterSessionsSnapshot getClusterSessionsSnapshot(long maxAge)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().clusterSnapshot(maxAge)
      Returns a snapshot containing information of all sessions at the time this method was invoked. If there is only one cluster node the ClusterSessionsSnapshot contains the same information which can be fetched with getSessions(). If there are multiple cluster nodes the ClusterSessionsSnapshot contains as well information about sessions on other nodes. The parameter maxAge controls how old the ClusterSessionsSnapshot can be. For example with maxAge=5000 the ClusterSessionsSnapshot is maximal 5 seconds old. The longer the maxAge is the less network traffic is caused.
      Parameters:
      maxAge - in milliSeconds
      Returns:
      a cluster session snapshot. Never null
      Throws:
      PersistencyException
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • hasPermission

      boolean hasPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
      Checks if the current session has a certain permission on the security descriptor
      Parameters:
      securityDescriptor - the security descriptor to check for the permission
      permission - the identifier of the permission to check
      Returns:
      true if session has permission, otherwise false
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • checkPermission

      void checkPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
      Checks if the current session has a certain permission on the security descriptor
      Parameters:
      securityDescriptor - the security descriptor to check for the permission
      permission - the permission to check
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getCurrentSession

      @Deprecated(forRemoval=true, since="9.3") ISession getCurrentSession()
      Deprecated, for removal: This API element is subject to removal in a future version.
      use sessions().current()
      Gets the current session. Gets the current session associated to the current thread
      Returns:
      current session or null if current thread has no session associated
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • findSecurityMember

      @Deprecated(forRemoval=true, since="9.3") ISecurityMember findSecurityMember(String securityMemberName)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use ISecurity.members().find(String)
      Finds a security member with its name
      Parameters:
      securityMemberName - the security member name
      Returns:
      the security member found or null.
      Throws:
      PersistencyException - if persistency access fails
      API:
      This public API is available in IvyScript and Java. It has the visibility ADVANCED.

    • getId

      long getId()
      Gets the identifier of the security context
      Returns:
      identifier
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • executeAs

      <T> T executeAs(Callable<T> callable, ISession executionContext) throws Exception
      Executes the callable in the context of the given execution context
      Type Parameters:
      T - the type of the result
      Parameters:
      callable - the callable
      executionContext - the execution context
      Returns:
      the result of the callable
      Throws:
      Exception - if callable throws an exception
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • getUserQueryExecutor

      @Deprecated(forRemoval=true, since="8.0.3") IUserQueryExecutor getUserQueryExecutor()
      Deprecated, for removal: This API element is subject to removal in a future version.
      use users().queryExecutor();
      Executor for user queries on this security context.
      Returns:
      user query executor
      Since:
      8.0.2
      See Also:
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.

    • current

      static ISecurityContext current()

      Gets the current security context.

      Will return null if called out of scope. The scope is set if you call this method from an ivy process or any supported ivy environment. It is not set in non supported ivy environments (e.g. if you start your own threads, etc.).

      Returns:
      current security context or null if out of scope
      Since:
      9.3
      API:
      This public API is available in IvyScript and Java. It has the visibility EXPERT.