public interface AccessControlContext
authenticated
,
that is, security credentials have been associated with this session
authenticate
methods
impersonated
.
authenticate
,
unauthenticate
, unimpersonate
or a special case of createResource
, will fail
with a NotAuthenticatedException
.
In general, all methods should throw the following unchecked exceptions as described below:
NullPointerException
- if a null object reference is passed in any method parameter
(in general, all parameters are required)
IllegalArgumentException
- if a method parameter is empty or blank, or
if a set or sequence of arguments contains null or duplicate elements
Modifier and Type | Field and Description |
---|---|
static String |
SYSTEM_DOMAIN |
static String |
SYSTEM_RESOURCE_CLASS |
Modifier and Type | Method and Description |
---|---|
void |
assertDomainCreatePermissions(DomainCreatePermission domainCreatePermission,
DomainCreatePermission... domainCreatePermissions)
Checks if the session resource has the specified domain create permissions.
|
void |
assertDomainCreatePermissions(Resource accessorResource,
DomainCreatePermission domainCreatePermission,
DomainCreatePermission... domainCreatePermissions)
Checks if the specified accessor resource has the specified domain create permissions.
|
void |
assertDomainPermissions(Resource accessorResource,
String domainName,
DomainPermission domainPermission,
DomainPermission... domainPermissions)
Checks if the specified accessor resource has the specified domain permissions on
the specified domain.
|
void |
assertDomainPermissions(String domainName,
DomainPermission domainPermission,
DomainPermission... domainPermissions)
Checks if the session resource has the specified domain permissions on the specified domain.
|
void |
assertGlobalResourcePermissions(Resource accessorResource,
String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource has the specified global resource permissions on
the specified resource class in the session resource's domain.
|
void |
assertGlobalResourcePermissions(Resource accessorResource,
String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource has the specified global resource permissions on
the specified resource class in the specified domain.
|
void |
assertGlobalResourcePermissions(String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource has the specified global resource permissions on the specified
resource class in the session resource's domain.
|
void |
assertGlobalResourcePermissions(String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource has the specified global resource permissions on the specified
resource class in the specified domain.
|
void |
assertPostCreateDomainPermissions(DomainPermission domainPermission,
DomainPermission... domainPermissions)
Checks if the session resource would receive the specified domain permissions, if it were to create a domain.
|
void |
assertPostCreateDomainPermissions(Resource accessorResource,
DomainPermission domainPermission,
DomainPermission... domainPermissions)
Checks if the specified accessor resource would receive the specified domain permissions, if the accessor
were to create a domain.
|
void |
assertPostCreateResourcePermissions(Resource accessorResource,
String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource would receive the specified permissions on an object of
the specified class in the session resource's domain, if it were to create such an object.
|
void |
assertPostCreateResourcePermissions(Resource accessorResource,
String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource would receive the specified permissions on an object of
the specified class in the specified domain, if it were to create such an object.
|
void |
assertPostCreateResourcePermissions(String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource would receive the specified permissions on an object of
the specified class in the session resource's domain, if it were to create such an object.
|
void |
assertPostCreateResourcePermissions(String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource would receive the specified permissions on an object of
the specified class in the specified domain, if it were to create such an object.
|
void |
assertResourceCreatePermissions(Resource accessorResource,
String resourceClassName,
ResourceCreatePermission resourceCreatePermission,
ResourceCreatePermission... resourceCreatePermissions)
Checks if the specified accessor resource has the specified create permissions on an object of
the specified class in the session resource's domain.
|
void |
assertResourceCreatePermissions(Resource accessorResource,
String resourceClassName,
String domainName,
ResourceCreatePermission resourceCreatePermission,
ResourceCreatePermission... resourceCreatePermissions)
Checks if the specified accessor resource has the specified create permissions on an object of
the specified class in the specified domain.
|
void |
assertResourceCreatePermissions(String resourceClassName,
ResourceCreatePermission resourceCreatePermission,
ResourceCreatePermission... resourceCreatePermissions)
Checks if the session resource has the specified create permissions on an object of the specified
resource class in the session resource's domain.
|
void |
assertResourceCreatePermissions(String resourceClassName,
String domainName,
ResourceCreatePermission resourceCreatePermission,
ResourceCreatePermission... resourceCreatePermissions)
Checks if the session resource has the specified create permissions on an object of the specified
resource class in the specified domain.
|
void |
assertResourcePermissions(Resource accessedResource,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource has the specified resource permissions to the specified accessed resource.
|
void |
assertResourcePermissions(Resource accessorResource,
Resource accessedResource,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource has the specified resource permissions
to the specified accessed resource.
|
void |
authenticate(Resource resource)
Authenticates this security session against an
AuthenticationProvider without
specifying authentication credentials, if that AuthenticationProvider supports such an operation. |
void |
authenticate(Resource resource,
Credentials credentials)
Authenticates this security session.
|
void |
createDomain(String domainName)
Creates a new domain (at the root level of the domain hierarchy).
|
void |
createDomain(String domainName,
String parentDomainName)
Creates a new domain under the specified parent domain.
|
Resource |
createResource(String resourceClassName)
Creates a new resource of the specified resource class in the same domain as this session resource.
|
Resource |
createResource(String resourceClassName,
Credentials credentials)
Creates a new authenticatable resource of the specified resource class in the same domain as the session resource.
|
Resource |
createResource(String resourceClassName,
String domainName)
Creates a new resource of the specified resource class within the specified domain.
|
Resource |
createResource(String resourceClassName,
String domainName,
Credentials credentials)
Creates a new authenticatable resource of the specified resource class within the specified domain.
|
void |
createResourceClass(String resourceClassName,
boolean authenticatable,
boolean unauthenticatedCreateAllowed)
Creates a new resource class.
|
void |
createResourcePermission(String resourceClassName,
String permissionName)
Creates a new resource permission that may be applied to objects of the specified resource class.
|
Set<Resource> |
getAccessorResourcesByResourcePermissions(Resource accessedResource,
String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Returns a set of resources that have the specified permissions to the specified accessed resource.
|
Resource |
getAuthenticatedResource()
Returns the resource that is currently authenticated in this session.
|
Set<DomainCreatePermission> |
getDomainCreatePermissions(Resource accessorResource)
Gets all direct domain create permissions the specified accessor resource has.
|
Set<String> |
getDomainDescendants(String domainName)
Returns the domains which are descendants of the specified domain.
|
String |
getDomainNameByResource(Resource resource)
Returns the domain to which the specified resource belongs.
|
Set<DomainPermission> |
getDomainPermissions(Resource accessorResource,
String domainName)
Gets all domain permissions the accessor resource has directly to the specified domain.
|
Map<String,Set<DomainPermission>> |
getDomainPermissionsMap(Resource accessorResource)
Gets all domain permissions the accessor resource has directly to any domain, mapped by domain name.
|
Set<DomainCreatePermission> |
getEffectiveDomainCreatePermissions(Resource accessorResource)
Gets all effective domain create permissions the specified accessor resource has, both directly
and inherited (from other resources).
|
Set<DomainPermission> |
getEffectiveDomainPermissions(Resource accessorResource,
String domainName)
Gets all effective domain permissions the accessor resource has to the specified domain.
|
Map<String,Set<DomainPermission>> |
getEffectiveDomainPermissionsMap(Resource accessorResource)
Gets all effective domain permissions the accessor resource has to any domain, mapped by domain name.
|
Set<ResourcePermission> |
getEffectiveGlobalResourcePermissions(Resource accessorResource,
String resourceClassName)
Gets the effective global resource permissions the specified accessor resource has to the resources of
the specified resource class in the current session resource's domain.
|
Set<ResourcePermission> |
getEffectiveGlobalResourcePermissions(Resource accessorResource,
String resourceClassName,
String domainName)
Gets the effective global resource permissions the specified accessor resource has to the resources of
the specified resource class in the specified domain.
|
Map<String,Map<String,Set<ResourcePermission>>> |
getEffectiveGlobalResourcePermissionsMap(Resource accessorResource)
Gets all effective global resource permissions the specified accessor resource has to the resources of
the any resource class in any domain, mapped by domain name and resource class name.
|
Set<ResourceCreatePermission> |
getEffectiveResourceCreatePermissions(Resource accessorResource,
String resourceClassName)
Gets all effective resource create permissions the accessor resource has to the specified
resource class in the the current session resource's domain (which effectively define
the resource permissions the accessor resource will receive directly, if it created
a resource of the specified resource class in the current session resource's domain).
|
Set<ResourceCreatePermission> |
getEffectiveResourceCreatePermissions(Resource accessorResource,
String resourceClassName,
String domainName)
Gets all effective resource create permissions the accessor resource has to the specified
resource class in the specified domain (which effectively define the resource permissions
the accessor resource will receive directly, if it created a resource of the specified
resource class in the specified domain).
|
Map<String,Map<String,Set<ResourceCreatePermission>>> |
getEffectiveResourceCreatePermissionsMap(Resource accessorResource)
Gets all effective resource create permissions the accessor resource has to any resource class in
any domain, mapped by domain name and resource class name.
|
Set<ResourcePermission> |
getEffectiveResourcePermissions(Resource accessorResource,
Resource accessedResource)
Gets the effective resource permissions that the specified accessor resource has to the
specified accessed resource.
|
Set<ResourcePermission> |
getGlobalResourcePermissions(Resource accessorResource,
String resourceClassName)
Gets the global resource permissions the specified accessor resource has directly to the resources of
the specified resource class in the current session resource's domain.
|
Set<ResourcePermission> |
getGlobalResourcePermissions(Resource accessorResource,
String resourceClassName,
String domainName)
Gets the global resource permissions the specified accessor resource has directly to the resources of
the specified resource class in the specified domain.
|
Map<String,Map<String,Set<ResourcePermission>>> |
getGlobalResourcePermissionsMap(Resource accessorResource)
Gets all global resource permissions the specified accessor resource has directly to any resources
of any resource class in any domain, mapped by domain name and resource class name.
|
ResourceClassInfo |
getResourceClassInfo(String resourceClassName)
Returns information about the specified resource class.
|
ResourceClassInfo |
getResourceClassInfoByResource(Resource resource)
Returns information about the resource class to which the specified resource belongs.
|
List<String> |
getResourceClassNames()
Returns the list of names of all resource classes defined in the system
|
Set<ResourceCreatePermission> |
getResourceCreatePermissions(Resource accessorResource,
String resourceClassName)
Gets all direct resource create permissions the accessor resource has to the specified
resource class in the the current session resource's domain (which define a subset of
the resource permissions the accessor resource would receive directly, if it created a
resource of the specified resource class in the current session resource's domain).
|
Set<ResourceCreatePermission> |
getResourceCreatePermissions(Resource accessorResource,
String resourceClassName,
String domainName)
Gets all direct resource create permissions the accessor resource has to the specified
resource class in the specified domain (which define a subset of the resource permissions
the accessor resource would receive directly, if it created a resource of the specified
resource class in the specified domain).
|
Map<String,Map<String,Set<ResourceCreatePermission>>> |
getResourceCreatePermissionsMap(Resource accessorResource)
Gets all direct resource create permissions the accessor resource has to any resource class in
any domain, mapped by domain name and resource class name.
|
List<String> |
getResourcePermissionNames(String resourceClassName)
Returns the list of all resource permission names defined for the specified resource class name
|
Set<ResourcePermission> |
getResourcePermissions(Resource accessorResource,
Resource accessedResource)
Gets the resource permissions that the specified accessor resource has directly to the
specified accessed resource.
|
Set<Resource> |
getResourcesByResourcePermissions(Resource accessorResource,
String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Returns a set of resources (of the specified resource class) on which
the specified accessor resource has the specified permissions, regardless of domain.
|
Set<Resource> |
getResourcesByResourcePermissions(String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Returns a set of resources (of the specified resource class) on which
the current session resource has the specified permissions.
|
Set<Resource> |
getResourcesByResourcePermissionsAndDomain(Resource accessorResource,
String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Returns a set of resources (of the specified resource class) on which
the specified accessor resource has the specified permissions, within the
specified domain or within any descendant domains.
|
Set<Resource> |
getResourcesByResourcePermissionsAndDomain(String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Returns a set of resources (of the specified resource class) on which
the current session resource has the specified permissions, within the specified domain
or within any descendant domains.
|
Resource |
getSessionResource()
Returns the session resource, that is, the resource whose security credentials are
associated with this session.
|
boolean |
hasDomainCreatePermissions(DomainCreatePermission domainCreatePermission,
DomainCreatePermission... domainCreatePermissions)
Checks if the session resource has the specified domain create permissions.
|
boolean |
hasDomainCreatePermissions(Resource accessorResource,
DomainCreatePermission domainCreatePermission,
DomainCreatePermission... domainCreatePermissions)
Checks if the specified accessor resource has the specified domain create permissions.
|
boolean |
hasDomainPermissions(Resource accessorResource,
String domainName,
DomainPermission domainPermission,
DomainPermission... domainPermissions)
Checks if the specified accessor resource has the specified domain permissions on
the specified domain.
|
boolean |
hasDomainPermissions(String domainName,
DomainPermission domainPermission,
DomainPermission... domainPermissions)
Checks if the session resource has the specified domain permissions on the specified domain.
|
boolean |
hasGlobalResourcePermissions(Resource accessorResource,
String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource has the specified global resource permissions on
the specified resource class in the session resource's domain.
|
boolean |
hasGlobalResourcePermissions(Resource accessorResource,
String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource has the specified global resource permissions on
the specified resource class in the specified domain.
|
boolean |
hasGlobalResourcePermissions(String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource has the specified global resource permissions on the specified
resource class in the session resource's domain.
|
boolean |
hasGlobalResourcePermissions(String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource has the specified global resource permissions on the specified
resource class in the specified domain.
|
boolean |
hasPostCreateDomainPermissions(DomainPermission domainPermission,
DomainPermission... domainPermissions)
Checks if the session resource would receive the specified domain permissions, if it were to create a domain.
|
boolean |
hasPostCreateDomainPermissions(Resource accessorResource,
DomainPermission domainPermission,
DomainPermission... domainPermissions)
Checks if the specified accessor resource would receive the specified domain permissions, if the accessor
were to create a domain.
|
boolean |
hasPostCreateResourcePermissions(Resource accessorResource,
String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource would receive the specified permissions on an object of
the specified class in the session resource's domain, if it were to create such an object.
|
boolean |
hasPostCreateResourcePermissions(Resource accessorResource,
String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource would receive the specified permissions on an object of
the specified class in the specified domain, if it were to create such an object.
|
boolean |
hasPostCreateResourcePermissions(String resourceClassName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource would receive the specified permissions on an object of
the specified class in the session resource's domain, if it were to create such an object.
|
boolean |
hasPostCreateResourcePermissions(String resourceClassName,
String domainName,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource would receive the specified permissions on an object of
the specified class in the specified domain, if it were to create such an object.
|
boolean |
hasResourceCreatePermissions(Resource accessorResource,
String resourceClassName,
ResourceCreatePermission resourceCreatePermission,
ResourceCreatePermission... resourceCreatePermissions)
Checks if the specified accessor resource has the specified create permissions on an object of
the specified class in the session resource's domain.
|
boolean |
hasResourceCreatePermissions(Resource accessorResource,
String resourceClassName,
String domainName,
ResourceCreatePermission resourceCreatePermission,
ResourceCreatePermission... resourceCreatePermissions)
Checks if the specified accessor resource has the specified create permissions on an object of
the specified class in the specified domain.
|
boolean |
hasResourceCreatePermissions(String resourceClassName,
ResourceCreatePermission resourceCreatePermission,
ResourceCreatePermission... resourceCreatePermissions)
Checks if the session resource has the specified create permissions on an object of the specified
resource class in the session resource's domain.
|
boolean |
hasResourceCreatePermissions(String resourceClassName,
String domainName,
ResourceCreatePermission resourceCreatePermission,
ResourceCreatePermission... resourceCreatePermissions)
Checks if the session resource has the specified create permissions on an object of the specified
resource class in the specified domain.
|
boolean |
hasResourcePermissions(Resource accessedResource,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the session resource has the specified resource permissions to the specified accessed resource.
|
boolean |
hasResourcePermissions(Resource accessorResource,
Resource accessedResource,
ResourcePermission resourcePermission,
ResourcePermission... resourcePermissions)
Checks if the specified accessor resource has the specified resource permissions
to the specified accessed resource.
|
void |
impersonate(Resource resource)
Switches the security credentials of this session to those of the specified resource.
|
void |
setCredentials(Resource resource,
Credentials newCredentials)
Sets the authentication credentials of the specified authenticatable resource (= a resource of a
resource class that has been defined with the
isAuthenticatable flag set to true). |
void |
setDomainCreatePermissions(Resource accessorResource,
Set<DomainCreatePermission> domainCreatePermissions)
Sets the domain permissions the specified accessor resource will receive if it created a domain.
|
void |
setDomainPermissions(Resource accessorResource,
String domainName,
Set<DomainPermission> domainPermissions)
Sets the direct domain permissions the specified accessor resource has on the specified domain.
|
void |
setGlobalResourcePermissions(Resource accessorResource,
String resourceClassName,
Set<ResourcePermission> resourcePermissions)
Sets the global resource permissions a resource has on any resource of the specified
resource class in the current session resource's domain.
|
void |
setGlobalResourcePermissions(Resource accessorResource,
String resourceClassName,
String domainName,
Set<ResourcePermission> resourcePermissions)
Sets the global resource permissions a resource has on any resource of the specified
resource class in the specified domain.
|
void |
setResourceCreatePermissions(Resource accessorResource,
String resourceClassName,
Set<ResourceCreatePermission> resourceCreatePermissions)
Sets the resource permissions the specified accessor resource will receive directly, if it
created a resource of the specified resource class in the current session resource's domain.
|
void |
setResourceCreatePermissions(Resource accessorResource,
String resourceClassName,
String domainName,
Set<ResourceCreatePermission> resourceCreatePermissions)
Sets the resource permissions the specified accessor resource will receive directly, if it
created a resource of the specified resource class in the specified domain.
|
void |
setResourcePermissions(Resource accessorResource,
Resource accessedResource,
Set<ResourcePermission> resourcePermissions)
Sets the specified resource permissions that the specified accessor resource has to the
specified accessed resource directly, that is not via inheritance or globally.
|
void |
unauthenticate()
Logs out of this session, to be specific, disassociates any security credentials from this session.
|
void |
unimpersonate()
Unimpersonates the currently impersonated resource.
|
static final String SYSTEM_DOMAIN
static final String SYSTEM_RESOURCE_CLASS
void authenticate(Resource resource, Credentials credentials)
authenticate
) will fail.resource
- the resource to be authenticatedcredentials
- the credentials to authenticate the resourceIllegalArgumentException
- if the resource does not exist or is not of an authenticatable resource classAuthenticationException
- if authentication failsvoid authenticate(Resource resource)
AuthenticationProvider
without
specifying authentication credentials, if that AuthenticationProvider supports such an operation.
The security credentials for this session will be those of the specified and authenticated resource.
Note: Unless a session is authenticated, all attempts to call any other methods (except authenticate
) will fail.resource
- the resource to be authenticatedIllegalArgumentException
- if the resource does not exist or is not of an authenticatable resource classvoid unauthenticate()
void impersonate(Resource resource)
resource
- the resource to be impersonatedIllegalArgumentException
- if the resource does not exist, or
if the resource is not of an authenticatable resource classNotAuthorizedException
- if the authenticated resource does not have permission to
impersonate the specified resourcevoid unimpersonate()
void setCredentials(Resource resource, Credentials newCredentials)
isAuthenticatable
flag set to true).
One of the following has to be true for this method to succeed:
resource
- the resource for which the credentials should be updated. The resource for which the credentials are
to be changed must be the current auth resource, or the current auth resource must have SUPER-USER permissions
to the domain containing the resource whose credentials are to be changed or must have RESET-CREDENTIALS
permissions to the resource whose credentials are to be changed, otherwise an exception is thrown.newCredentials
- the new credentials for the resourceIllegalArgumentException
- if the resource does not exist, or
if the resource is not of an authenticatable resource classIllegalStateException
- if called while impersonating another resourceInvalidCredentialsException
- if newCredentials is invalidNotAuthorizedException
- if the authenticated resource does not have permission to
reset the credentials of the specified resourcevoid assertDomainPermissions(Resource accessorResource, String domainName, DomainPermission domainPermission, DomainPermission... domainPermissions)
accessorResource
- the resource on which access is being checkeddomainName
- the domain for which the permission should be checkeddomainPermission
- the permission to be checkeddomainPermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no domain of domainName existsNotAuthorizedException
- if the accessor resource does not have the
specified domain permissions, or
if the accessor resource does not existvoid assertDomainPermissions(String domainName, DomainPermission domainPermission, DomainPermission... domainPermissions)
domainName
- the domain for which the permission should be checkeddomainPermission
- the permission to be checkeddomainPermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if no domain of domainName existsNotAuthorizedException
- if the session resource does not have the
specified domain permissionsboolean hasDomainPermissions(Resource accessorResource, String domainName, DomainPermission domainPermission, DomainPermission... domainPermissions)
accessorResource
- the resource on which access is being checkeddomainName
- the domain for which the permission should be checkeddomainPermission
- the permission to be checkeddomainPermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no domain of domainName existsboolean hasDomainPermissions(String domainName, DomainPermission domainPermission, DomainPermission... domainPermissions)
domainName
- the domain for which the permission should be checkeddomainPermission
- the permission to be checkeddomainPermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if no domain of domainName existsvoid assertDomainCreatePermissions(Resource accessorResource, DomainCreatePermission domainCreatePermission, DomainCreatePermission... domainCreatePermissions)
accessorResource
- the resource on which access is being checkeddomainCreatePermission
- the domain create permission to be checkeddomainCreatePermissions
- the other (optional) domain create permissions to be checkedIllegalArgumentException
- if the accessorResource does not existNotAuthorizedException
- if the accessor resource does not have the
specified domain create permissions, or
if the accessor resource does not existvoid assertDomainCreatePermissions(DomainCreatePermission domainCreatePermission, DomainCreatePermission... domainCreatePermissions)
domainCreatePermission
- the domain create permission to be checkeddomainCreatePermissions
- the other (optional) domain create permissions to be checkedNotAuthorizedException
- if the session resource does not have the
specified domain create permissionsboolean hasDomainCreatePermissions(Resource accessorResource, DomainCreatePermission domainCreatePermission, DomainCreatePermission... domainCreatePermissions)
accessorResource
- the resource on which access is being checkeddomainCreatePermission
- the domain create permission to be checkeddomainCreatePermissions
- the other (optional) domain create permissions to be checkedIllegalArgumentException
- if the accessorResource does not existboolean hasDomainCreatePermissions(DomainCreatePermission domainCreatePermission, DomainCreatePermission... domainCreatePermissions)
domainCreatePermission
- the domain create permission to be checkeddomainCreatePermissions
- the other (optional) domain create permissions to be checkedvoid assertPostCreateDomainPermissions(Resource accessorResource, DomainPermission domainPermission, DomainPermission... domainPermissions)
accessorResource
- the resource requesting the accessdomainPermission
- the permission to be checkeddomainPermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not existNotAuthorizedException
- if the accessor resource would not receive the
specified permissions after creating a domainvoid assertPostCreateDomainPermissions(DomainPermission domainPermission, DomainPermission... domainPermissions)
domainPermission
- the permission to be checkeddomainPermissions
- the other (optional) permissions to be checkedNotAuthorizedException
- if the session resource would not receive the
specified permissions after creating a domainboolean hasPostCreateDomainPermissions(Resource accessorResource, DomainPermission domainPermission, DomainPermission... domainPermissions)
accessorResource
- the resource requesting the accessdomainPermission
- the permission to be checkeddomainPermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not existboolean hasPostCreateDomainPermissions(DomainPermission domainPermission, DomainPermission... domainPermissions)
domainPermission
- the permission to be checkeddomainPermissions
- the other (optional) permissions to be checkedvoid assertGlobalResourcePermissions(Resource accessorResource, String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource on which access is being checkedresourceClassName
- a string resource class nameresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource classNotAuthorizedException
- if the accessor resource does not have the
specified global permissions, or
if the accessor resource does not existvoid assertGlobalResourcePermissions(String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class nameresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource classNotAuthorizedException
- if the session resource does not have the
specified global permissionsvoid assertGlobalResourcePermissions(Resource accessorResource, String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource on which access is being checkedresourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource class, or
if no domain of domainName existsNotAuthorizedException
- if the accessor resource does not have the
specified global permissions, or
if the accessor resource does not existvoid assertGlobalResourcePermissions(String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource class, or
if no domain of domainName existsNotAuthorizedException
- if the session resource does not have the
specified global permissionsboolean hasGlobalResourcePermissions(Resource accessorResource, String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource on which access is being checkedresourceClassName
- a string resource class nameresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource classboolean hasGlobalResourcePermissions(String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class nameresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource classboolean hasGlobalResourcePermissions(Resource accessorResource, String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource on which access is being checkedresourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource class, or
if no domain of domainName existsboolean hasGlobalResourcePermissions(String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource class, or
if no domain of domainName existsvoid assertResourcePermissions(Resource accessorResource, Resource accessedResource, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource requesting the accessaccessedResource
- the resource on which access is being requestedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource or the accessedResource does not exist, or
if any resourcePermission is invalid for the resource class of accessedResourceNotAuthorizedException
- if the accessor resource does not have the
specified permissionsvoid assertResourcePermissions(Resource accessedResource, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessedResource
- the resource on which access is being requestedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessedResource does not exists, or
if any resourcePermission is invalid for the resource class of accessedResourceNotAuthorizedException
- if the session resource does not have the
specified permissionsboolean hasResourcePermissions(Resource accessorResource, Resource accessedResource, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource requesting the accessaccessedResource
- the resource on which access is being requestedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource or the accessedResource does not exist, or
if any resourcePermission is invalid for the resource class of accessedResourceboolean hasResourcePermissions(Resource accessedResource, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessedResource
- the resource on which access is being requestedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessedResource does not exists, or
if any resourcePermission is invalid for the resource class of accessedResourcevoid assertResourceCreatePermissions(Resource accessorResource, String resourceClassName, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissions)
accessorResource
- the resource requesting the accessresourceClassName
- a string resource class nameresourceCreatePermission
- the create permissions to be checkedresourceCreatePermissions
- the other (optional) create permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourceCreatePermission is invalid for the resource classNotAuthorizedException
- if the accessor resource does not have the
specified resource create permissions for the specified class
in the current session domain, or
if the accessor resource does not existvoid assertResourceCreatePermissions(String resourceClassName, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissions)
resourceClassName
- a string resource class nameresourceCreatePermission
- the create permissions to be checkedresourceCreatePermissions
- the other (optional) create permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourceCreatePermission is invalid for the resource classNotAuthorizedException
- if the session resource does not have the
specified resource create permissions for the specified class
in the current session domainvoid assertResourceCreatePermissions(Resource accessorResource, String resourceClassName, String domainName, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissions)
accessorResource
- the resource requesting the accessresourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourceCreatePermission
- the create permissions to be checkedresourceCreatePermissions
- the other (optional) create permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourceCreatePermission is invalid for the resource class, or
if no domain of domainName existsNotAuthorizedException
- if the accessor resource does not have the
specified resource create permissions for the specified class
in the specified domain, or
if the accessor resource does not existvoid assertResourceCreatePermissions(String resourceClassName, String domainName, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissions)
resourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourceCreatePermission
- the create permissions to be checkedresourceCreatePermissions
- the other (optional) create permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourceCreatePermission is invalid for the resource class, or
if no domain of domainName existsNotAuthorizedException
- if the session resource does not have the
specified resource create permissions for the specified class
in the specified domainboolean hasResourceCreatePermissions(Resource accessorResource, String resourceClassName, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissions)
accessorResource
- the resource requesting the accessresourceClassName
- a string resource class nameresourceCreatePermission
- the create permissions to be checkedresourceCreatePermissions
- the other (optional) create permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourceCreatePermission is invalid for the resource classboolean hasResourceCreatePermissions(String resourceClassName, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissions)
resourceClassName
- a string resource class nameresourceCreatePermission
- the create permissions to be checkedresourceCreatePermissions
- the other (optional) create permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourceCreatePermission is invalid for the resource classboolean hasResourceCreatePermissions(Resource accessorResource, String resourceClassName, String domainName, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissions)
accessorResource
- the resource requesting the accessresourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourceCreatePermission
- the create permissions to be checkedresourceCreatePermissions
- the other (optional) create permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourceCreatePermission is invalid for the resource class, or
if no domain of domainName existsboolean hasResourceCreatePermissions(String resourceClassName, String domainName, ResourceCreatePermission resourceCreatePermission, ResourceCreatePermission... resourceCreatePermissions)
resourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourceCreatePermission
- the create permissions to be checkedresourceCreatePermissions
- the other (optional) create permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourceCreatePermission is invalid for the resource class, or
if no domain of domainName existsvoid assertPostCreateResourcePermissions(Resource accessorResource, String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource requesting the accessresourceClassName
- a string resource class nameresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource classNotAuthorizedException
- if the accessor resource would not receive the
specified permissions after creating a resource of the specified class
in the current session domain, or
if the accessor resource does not existvoid assertPostCreateResourcePermissions(String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class nameresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource classNotAuthorizedException
- if the session resource would not receive the
specified permissions after creating a resource of the specified class
in the current session domainvoid assertPostCreateResourcePermissions(Resource accessorResource, String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource requesting the accessresourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if no domain of domainName exists, or
if any resourcePermission is invalid for the resource classNotAuthorizedException
- if the accessor resource would not receive the
specified permissions after creating a resource of the specified
class in the specified domain, or
if the accessor resource does not existvoid assertPostCreateResourcePermissions(String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if no domain of domainName exists, or
if any resourcePermission is invalid for the resource classNotAuthorizedException
- if the session resource would not receive the
specified permissions after creating a resource of the specified
class in the specified domainboolean hasPostCreateResourcePermissions(Resource accessorResource, String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource requesting the accessresourceClassName
- a string resource class nameresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource classboolean hasPostCreateResourcePermissions(String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class nameresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the resource classboolean hasPostCreateResourcePermissions(Resource accessorResource, String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource requesting the accessresourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if the accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if no domain of domainName exists, or
if any resourcePermission is invalid for the resource classboolean hasPostCreateResourcePermissions(String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class namedomainName
- the domain in which the permissions should be checkedresourcePermission
- the permission to be checkedresourcePermissions
- the other (optional) permissions to be checkedIllegalArgumentException
- if no resource class of resourceClassName exists, or
if no domain of domainName exists, or
if any resourcePermission is invalid for the resource classString getDomainNameByResource(Resource resource)
resource
- the resource for which to retrieve the domain nameIllegalArgumentException
- if resource does not existsSet<String> getDomainDescendants(String domainName)
domainName
- a domain name for which to retrieve the descendantsResourceClassInfo getResourceClassInfo(String resourceClassName)
resourceClassName
- a string resource class name about which to retrieve informationIllegalArgumentException
- if no resource class of resourceClassName existsResourceClassInfo getResourceClassInfoByResource(Resource resource)
resource
- a resource about whose resource class to retrieve informationIllegalArgumentException
- if no resource class of resourceClassName existsSet<Resource> getResourcesByResourcePermissions(String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class nameresourcePermission
- the permission to checkresourcePermissions
- the permissions to checkIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the specified resource classSet<Resource> getResourcesByResourcePermissions(Resource accessorResource, String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource relative to which the set of accessible resources is computedresourceClassName
- a string resource class nameresourcePermission
- the permission to checkresourcePermissions
- the permissions to checkIllegalArgumentException
- if accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the specified resource classNotAuthorizedException
- if the session resource is not the accessor resource and
the session resource does not have either IMPERSONATE, INHERIT
or RESET-CREDENTIALS permissions on the accessor resourceSet<Resource> getResourcesByResourcePermissionsAndDomain(String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
resourceClassName
- a string resource class namedomainName
- a domain nameresourcePermission
- the permission to checkresourcePermissions
- the permissions to checkIllegalArgumentException
- if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the specified resource class, or
if no domain of domainName existsSet<Resource> getResourcesByResourcePermissionsAndDomain(Resource accessorResource, String resourceClassName, String domainName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
accessorResource
- the resource relative to which the set of accessible resources is computedresourceClassName
- a string resource class namedomainName
- a domain nameresourcePermission
- the permission to checkresourcePermissions
- the permissions to checkIllegalArgumentException
- if accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if no domain of domainName exists, or
if any resourcePermission is invalid for the specified resource classNotAuthorizedException
- if the session resource is not the accessor resource and
the session resource does not have either IMPERSONATE, INHERIT
or RESET-CREDENTIALS permissions on the accessor resourceSet<Resource> getAccessorResourcesByResourcePermissions(Resource accessedResource, String resourceClassName, ResourcePermission resourcePermission, ResourcePermission... resourcePermissions)
getResourcesByResourcePermissions(java.lang.String, com.acciente.oacc.ResourcePermission, com.acciente.oacc.ResourcePermission...)
method, but
unlike getResourcesByResourcePermissions
it only takes into account direct permissions.
In other words, this method ignores accessors that can reach the specified accessed resource
via inherited permissions, global permissions and SUPER-USER privileges.accessedResource
- the resource relative to which accessor resources are soughtresourceClassName
- a string resource class nameresourcePermission
- the permission to checkresourcePermissions
- the other (optional) permissions to checkIllegalArgumentException
- if accessorResource does not exist, or
if no resource class of resourceClassName exists, or
if any resourcePermission is invalid for the specified resource classResource getAuthenticatedResource()
NotAuthenticatedException
- if no resource is authenticatedResource getSessionResource()
impersonated
.NotAuthenticatedException
- if no resource is authenticatedvoid createResourceClass(String resourceClassName, boolean authenticatable, boolean unauthenticatedCreateAllowed)
resourceClassName
- a string resource class nameauthenticatable
- indicates if resources of this resource class are authenticatable.
Typically only resource classes that represent users will be marked as authenticatable.unauthenticatedCreateAllowed
- if true, a resource of this resource class may be created from an
unauthenticated session, otherwise the session must be authenticated
to create resources of this class.IllegalArgumentException
- if a resource class of resourceClassName already existsNotAuthorizedException
- if the authenticated resource is not the system resourcevoid createResourcePermission(String resourceClassName, String permissionName)
resourceClassName
- a string resource class namepermissionName
- the string representing the name of this permission.
Samples of typical permission names:
CREATE, READ, WRITE, UPDATE, VIEW, POST, EDIT, etc.IllegalArgumentException
- if no resource class of resourceClassName exists, or
if a resource permission of permissionName already exists, or
if the permissionName is prefixed with an asterisk ('*')NotAuthorizedException
- if the authenticated resource is not the system resourcevoid createDomain(String domainName)
domainName
- a string domain nameIllegalArgumentException
- if a domain of domainName already existsNotAuthorizedException
- if the session resource is not authorized to create domainsvoid createDomain(String domainName, String parentDomainName)
domainName
- a string domain nameparentDomainName
- the domain name of the parent domainIllegalArgumentException
- if no domain of parentDomain exists, or
if a domain of domainName already existsNotAuthorizedException
- if the session resource is not authorized to create
child domains under the specified parent domainResource createResource(String resourceClassName)
AuthenticationProvider
implementation is required to support
creation of an authenticatable resource without providing explicit credentialsresourceClassName
- a string resource class nameIllegalArgumentException
- if no resource class of resourceClassName existsNotAuthorizedException
- if the session resource is not authorized to create a new resource
of the specified resource class in the session resource's domainOaccException
- if creating the new resource would introduce a cycle between the
session resource and new resource via permission inheritanceResource createResource(String resourceClassName, String domainName)
AuthenticationProvider
implementation is required to support
creation of an authenticatable resource without providing explicit credentialsresourceClassName
- a string resource class namedomainName
- a string domain nameIllegalArgumentException
- if no resource class of resourceClassName exists, or
if no domain of domainName existsNotAuthorizedException
- if the session resource is not authorized to create a new resource
of the specified resource class in the specified domainOaccException
- if creating the new resource would introduce a cycle between the
session resource and new resource via permission inheritanceResource createResource(String resourceClassName, Credentials credentials)
resourceClassName
- a string resource class namecredentials
- the credentials to authenticate the new resourceIllegalArgumentException
- if no resource class of resourceClassName exists, or
if resource class is not authenticatableNotAuthorizedException
- if the session resource is not authorized to create a new resource
of the specified resource class in the session resource's domainOaccException
- if creating the new resource would introduce a cycle between the
session resource and new resource via permission inheritanceResource createResource(String resourceClassName, String domainName, Credentials credentials)
resourceClassName
- a string resource class namedomainName
- a string domain namecredentials
- the credentials to authenticate the new resourceIllegalArgumentException
- if no resource class of resourceClassName exists, or
if resource class is not authenticatable, or
if no domain of domainName existsNotAuthorizedException
- if the session resource is not authorized to create a new resource
of the specified resource class in the specified domainOaccException
- if creating the new resource would introduce a cycle between the
session resource and new resource via permission inheritancevoid setDomainCreatePermissions(Resource accessorResource, Set<DomainCreatePermission> domainCreatePermissions)
accessorResource
- the resource to which the privilege should be granteddomainCreatePermissions
- the permissions to be granted to the specified domainIllegalArgumentException
- if domainCreatePermissions does not contain the *CREATE permission, or
if accessorResource reference does not existNotAuthorizedException
- if the session resource is not authorized to set
domain create permissions on the specified accessor resourceSet<DomainCreatePermission> getDomainCreatePermissions(Resource accessorResource)
accessorResource
- the accessor resource relative which permissions should be returnedIllegalArgumentException
- if accessorResource reference does not existSet<DomainCreatePermission> getEffectiveDomainCreatePermissions(Resource accessorResource)
accessorResource
- the accessor resource relative which permissions should be returnedIllegalArgumentException
- if accessorResource reference does not existvoid setDomainPermissions(Resource accessorResource, String domainName, Set<DomainPermission> domainPermissions)
accessorResource
- the resource to which the privilege should be granteddomainName
- a string domain namedomainPermissions
- the permissions to be granted on the specified domainIllegalArgumentException
- if accessorResource reference does not exist, or
if no domain of domainName existsNotAuthorizedException
- if the session resource is not authorized to set
domain permissions on the specified domainSet<DomainPermission> getDomainPermissions(Resource accessorResource, String domainName)
accessorResource
- the accessor resource relative which permissions should be returneddomainName
- a string domain nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no domain of domainName existsMap<String,Set<DomainPermission>> getDomainPermissionsMap(Resource accessorResource)
accessorResource
- the accessor resource relative which permissions should be returnedIllegalArgumentException
- if accessorResource reference does not existSet<DomainPermission> getEffectiveDomainPermissions(Resource accessorResource, String domainName)
accessorResource
- the accessor resource relative which permissions should be returneddomainName
- a string domain nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no domain of domainName existsMap<String,Set<DomainPermission>> getEffectiveDomainPermissionsMap(Resource accessorResource)
accessorResource
- the accessor resource relative which permissions should be returnedIllegalArgumentException
- if accessorResource reference does not existvoid setResourceCreatePermissions(Resource accessorResource, String resourceClassName, String domainName, Set<ResourceCreatePermission> resourceCreatePermissions)
accessorResource
- the resource to which the privilege should be grantedresourceClassName
- a string resource class namedomainName
- a string representing a valid domain nameresourceCreatePermissions
- a set of resource create permissions to be grantedIllegalArgumentException
- if accessorResource reference is invalid, or
if no domain of domainName exists, or
if no resource class of resourceClassName exists, or
if resourceCreatePermissions does not contain *CREATE permission, or
if resourceCreatePermissions contains post-create permissions invalid for
the specified resource class (incl. RESET-CREDENTIALS or IMPERSONATE for
unauthenticatable resource classes), or
if resourceCreatePermissions contains multiple instances of the same
post-create permission that only differ in the 'withGrant' attributeNotAuthorizedException
- if the session resource is not authorized to set
resource create permissions on the specified accessor resourceSet<ResourceCreatePermission> getResourceCreatePermissions(Resource accessorResource, String resourceClassName, String domainName)
accessorResource
- the accessor resource relative which permissions should be returnedresourceClassName
- a string resource class namedomainName
- a string representing a valid domain nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no resource class of resourceClassName exists, or
if no domain of domainName existsSet<ResourceCreatePermission> getEffectiveResourceCreatePermissions(Resource accessorResource, String resourceClassName, String domainName)
accessorResource
- the accessor resource relative which permissions should be returnedresourceClassName
- a string resource class namedomainName
- a string representing a valid domain nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no resource class of resourceClassName exists, or
if no domain of domainName existsvoid setResourceCreatePermissions(Resource accessorResource, String resourceClassName, Set<ResourceCreatePermission> resourceCreatePermissions)
accessorResource
- the resource to which the privilege should be grantedresourceClassName
- a string resource class nameresourceCreatePermissions
- a set of resource create permissions to be grantedIllegalArgumentException
- if accessorResource reference is invalid, or
if no resource class of resourceClassName exists, or
if resourceCreatePermissions does not contain *CREATE permission, or
if resourceCreatePermissions contains post-create permissions invalid for
the specified resource class (incl. RESET-CREDENTIALS or IMPERSONATE for
unauthenticatable resource classes), or
if resourceCreatePermissions contains multiple instances of the same
post-create permission that only differ in the 'withGrant' attributeNotAuthorizedException
- if the session resource is not authorized to set
resource create permissions on the specified accessor resourceSet<ResourceCreatePermission> getResourceCreatePermissions(Resource accessorResource, String resourceClassName)
accessorResource
- the accessor resource relative which permissions should be returnedresourceClassName
- a string resource class nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no resource class of resourceClassName existsSet<ResourceCreatePermission> getEffectiveResourceCreatePermissions(Resource accessorResource, String resourceClassName)
accessorResource
- the accessor resource relative which permissions should be returnedresourceClassName
- a string resource class nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no resource class of resourceClassName existsMap<String,Map<String,Set<ResourceCreatePermission>>> getResourceCreatePermissionsMap(Resource accessorResource)
accessorResource
- the accessor resource relative which permissions should be returnedIllegalArgumentException
- if accessorResource reference does not existMap<String,Map<String,Set<ResourceCreatePermission>>> getEffectiveResourceCreatePermissionsMap(Resource accessorResource)
accessorResource
- the accessor resource relative which permissions should be returnedIllegalArgumentException
- if accessorResource reference does not existvoid setResourcePermissions(Resource accessorResource, Resource accessedResource, Set<ResourcePermission> resourcePermissions)
accessorResource
- the resource to which the privilege should be grantedaccessedResource
- the resource on which the privilege is grantedresourcePermissions
- a set of resource permissions to be grantedIllegalArgumentException
- if accessorResource or accessedResource reference does not exist, or
if resourcePermissions contains permissions invalid for resource class
of the accessedResource(incl. RESET-CREDENTIALS or IMPERSONATE for
unauthenticatable resource classes), or
if resourcePermissions contains multiple instances of the same
permission that only differ in the 'withGrant' attributeNotAuthorizedException
- if the accessorResource is not authorized to grant the
specified permissions or revoke the current permissions on the
specified accessed resourceOaccException
- if granting the specified permissions would introduce a cycle
between accessor and accessed resource via permission inheritanceSet<ResourcePermission> getResourcePermissions(Resource accessorResource, Resource accessedResource)
accessorResource
- the resource relative to which the permissions should be returnedaccessedResource
- the resource on which the privileges were grantedIllegalArgumentException
- if accessorResource or accessedResource does not existSet<ResourcePermission> getEffectiveResourcePermissions(Resource accessorResource, Resource accessedResource)
accessorResource
- the resource relative to which the permissions should be returnedaccessedResource
- the resource on which the privileges were grantedIllegalArgumentException
- if accessorResource or accessedResource does not existvoid setGlobalResourcePermissions(Resource accessorResource, String resourceClassName, String domainName, Set<ResourcePermission> resourcePermissions)
accessorResource
- the resource to which the privilege should be grantedresourceClassName
- a string resource class namedomainName
- a string domain nameresourcePermissions
- the set of resource permissions to be granted globally to
the specified resource class and domainIllegalArgumentException
- if accessorResource reference is invalid, or
if no resource class of resourceClassName exists, or
if no domain of domainName exists, or
if resourcePermissions contains INHERIT permission, or
if resourcePermissions contains permissions invalid for the specified
resource class (incl. RESET-CREDENTIALS or IMPERSONATE for
unauthenticatable resource classes), or
if resourcePermissions contains multiple instances of the same
permission that only differ in the 'withGrant' attributeNotAuthorizedException
- if the session resource is not authorized to set
global resource permissions for the specified accessor resourceSet<ResourcePermission> getGlobalResourcePermissions(Resource accessorResource, String resourceClassName, String domainName)
accessorResource
- the resource relative to which the permissions should be returnedresourceClassName
- a string resource class namedomainName
- a string domain nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no resource class of resourceClassName exists, or
if no domain of domainName existsSet<ResourcePermission> getEffectiveGlobalResourcePermissions(Resource accessorResource, String resourceClassName, String domainName)
accessorResource
- the resource relative to which the permissions should be returnedresourceClassName
- a string resource class namedomainName
- a string domain nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no resource class of resourceClassName exists, or
if no domain of domainName existsvoid setGlobalResourcePermissions(Resource accessorResource, String resourceClassName, Set<ResourcePermission> resourcePermissions)
accessorResource
- the resource to which the privilege should be grantedresourceClassName
- a string resource class nameresourcePermissions
- the set of resource permissions to be granted globally to the
specified resource class and session resource's domainIllegalArgumentException
- if accessorResource reference does not exist, or
if no resource class of resourceClassName exists, or
if resourcePermissions contains INHERIT permission, or
if resourcePermissions contains permissions invalid for the specified
resource class (incl. RESET-CREDENTIALS or IMPERSONATE for
unauthenticatable resource classes), or
if resourcePermissions contains multiple instances of the same
permission that only differ in the 'withGrant' attributeNotAuthorizedException
- if the session resource is not authorized to set
resource create permissions on the specified accessor resourceSet<ResourcePermission> getGlobalResourcePermissions(Resource accessorResource, String resourceClassName)
accessorResource
- the resource relative to which the permissions should be returnedresourceClassName
- a string resource class nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no resource class of resourceClassName existsSet<ResourcePermission> getEffectiveGlobalResourcePermissions(Resource accessorResource, String resourceClassName)
accessorResource
- the resource relative to which the permissions should be returnedresourceClassName
- a string resource class nameIllegalArgumentException
- if accessorResource reference does not exist, or
if no resource class of resourceClassName existsMap<String,Map<String,Set<ResourcePermission>>> getGlobalResourcePermissionsMap(Resource accessorResource)
accessorResource
- the resource relative to which the permissions should be returnedIllegalArgumentException
- if accessorResource reference does not existMap<String,Map<String,Set<ResourcePermission>>> getEffectiveGlobalResourcePermissionsMap(Resource accessorResource)
accessorResource
- the resource relative to which the permissions should be returnedIllegalArgumentException
- if accessorResource reference does not existList<String> getResourceClassNames()
List<String> getResourcePermissionNames(String resourceClassName)
resourceClassName
- the resource class name for which the permissions should be retrieved
OACC is a Java Application Security Framework developed by Acciente, LLC..
Copyright 2015, Acciente, LLC.All rights reserved.