Package ome.security.basic

Class BasicSecuritySystem

  • All Implemented Interfaces:
    java.util.EventListener, SecuritySystem, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationListener<EventLogMessage>
    public class BasicSecuritySystem
extends java.lang.Object
implements SecuritySystem, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationListener<EventLogMessage>
    simplest implementation of SecuritySystem. Uses an ctor-injected EventContext and the ThreadLocal-based CurrentDetails to provide the security infrastructure.
    Since:
    3.0-M3
    See Also:
    Token, SecuritySystem, Details, Permissions

    • Constructor Detail

      • BasicSecuritySystem

        public BasicSecuritySystem​(OmeroInterceptor interceptor,
                           SystemTypes sysTypes,
                           CurrentDetails cd,
                           SessionManager sessionManager,
                           SessionProvider sessionProvider,
                           EventProvider eventProvider,
                           ome.system.Roles roles,
                           ome.system.ServiceFactory sf,
                           TokenHolder tokenHolder,
                           java.util.List<SecurityFilter> filters,
                           PolicyService policyService,
                           ACLVoter aclVoter)
        Main public constructor for this SecuritySystem implementation.
        Parameters:
        interceptor - the OMERO interceptor for Hibernate
        sysTypes - the system types
        cd - the current details
        sessionManager - the session manager
        sessionProvider - a session provider
        eventProvider - an event provider
        roles - the OMERO roles
        sf - the session factory
        tokenHolder - the token holder
        filters - the security filters
        policyService - the policy service
        aclVoter - the ACL voter, may be null

    • Method Detail

      • selfConfigure

        public static BasicSecuritySystem selfConfigure​(SessionManager sm,
                                                ome.system.ServiceFactory sf,
                                                SessionCache cache)
        Simplified factory method which generates all the security primitives internally. Primarily useful for generated testing instances.
        Parameters:
        sm - the session manager
        sf - the session factory
        cache - the session cache
        Returns:
        a configured security system

      • setApplicationContext

        public void setApplicationContext​(org.springframework.context.ApplicationContext arg0)
                           throws org.springframework.beans.BeansException
        Specified by:
        setApplicationContext in interface org.springframework.context.ApplicationContextAware
        Throws:
        org.springframework.beans.BeansException

      • login

        public void login​(ome.system.Principal principal)
        Description copied from interface: SecuritySystem
        stores this Principal instance in the current thread context for authenticating and authorizing all actions. This method does not make any queries and is only a conduit for login information from the outermost levels. Session bean implementations and other in-JVM clients can fill the Principal. Note, however, a call must first be made to SecuritySystem.loadEventContext(boolean) for some calls to be made to the SecuritySystem. In general, this means that execution must pass through the EventHandler
        Specified by:
        login in interface SecuritySystem
        Parameters:
        principal - the new current principal

      • logout

        public int logout()
        Description copied from interface: SecuritySystem
        clears the top Principal instance from the current thread context.
        Specified by:
        logout in interface SecuritySystem
        Returns:
        the number of remaining instances.

      • isSystemType

        public boolean isSystemType​(java.lang.Class<? extends ome.model.IObject> klass)
        classes which cannot be created by regular users.
        Specified by:
        isSystemType in interface SecuritySystem
        Parameters:
        klass - A class which extends from IObject
        Returns:
        true if instances of the class argument can be considered system types.
        See Also:
        ticket156

      • isOwnerOrSupervisor

        public boolean isOwnerOrSupervisor​(ome.model.IObject iObject)
        tests whether or not the current user is either the owner of this entity, or the supervisor of this entity, for example as root or as group owner.
        Parameters:
        iObject - Non-null managed entity.
        Returns:
        true if the current user is owner or supervisor of this entity

      • enableReadFilter

        public void enableReadFilter​(java.lang.Object session)
        enables the read filter such that graph queries will have non-visible entities silently removed from the return value. This filter does not apply to single value loads from the database. See ACLVoter.allowLoad(Session, Class, Details, long) for more. Note: this filter must be disabled on logout, otherwise the necessary parameters (current user, current group, etc.) for building the filters will not be available. Similarly, while enabling this filter, no calls should be made on the given session object.
        Parameters:
        session - a generic session object which can be used to enable this filter. Each SecuritySystem implementation will require a specific session type.
        See Also:
        EventHandler.invoke(org.aopalliance.intercept.MethodInvocation)

      • updateReadFilter

        public void updateReadFilter​(org.hibernate.Session session)

      • disableReadFilter

        public void disableReadFilter​(java.lang.Object session)
        disable this filer. All future queries will have no security context associated with them and all items will be visible.
        Parameters:
        session - a generic session object which can be used to disable this filter. Each SecuritySystem implementation will require a specifc session type.
        See Also:
        EventHandler.invoke(org.aopalliance.intercept.MethodInvocation)

      • disable

        public void disable​(java.lang.String... ids)
        Description copied from interface: SecuritySystem
        disables components of the backend for the current Thread. Further checks to SecuritySystem.isDisabled(String) will return false. It is the responsibility of various security system components to then throw exceptions.
        Specified by:
        disable in interface SecuritySystem
        Parameters:
        ids - Non-null, non-empty array of String ids to disable.

      • enable

        public void enable​(java.lang.String... ids)
        Description copied from interface: SecuritySystem
        enables components of the backend for the current Thread. Further checks to SecuritySystem.isDisabled(String) will return true.
        Specified by:
        enable in interface SecuritySystem
        Parameters:
        ids - possibly null array of String ids. A null array specifies that all subsystems are to be enabled. Otherwise, only those subsystems specified by the ids.

      • isDisabled

        public boolean isDisabled​(java.lang.String id)
        Description copied from interface: SecuritySystem
        checks if the listed id is disabled for the current Thread.
        Specified by:
        isDisabled in interface SecuritySystem
        Parameters:
        id - non-null String representing a backend subsystem.
        Returns:
        true if the backend subsystem has been previously disabled by calls to SecuritySystem.disable(String[])

      • newTransientDetails

        public ome.model.internal.Details newTransientDetails​(ome.model.IObject object)
                                               throws ome.conditions.ApiUsageException,
                                                      ome.conditions.SecurityViolation
        Description copied from interface: SecuritySystem
        creates a new secure details for transient entities. Non-privileged users can only edit the Permissions field. Privileged users can use the Details object as a single-step chmod and chgrp. newTransientDetails always returns a non-null Details that is not equivalent (==) to the Details argument. This method can be used from anywhere in the codebase to obtain a valid Details, but passing in an IObject instance with a null Details. However, if the Details is non-null, there is the possibility that this method will throw an exception.
        Specified by:
        newTransientDetails in interface SecuritySystem
        Throws:
        ome.conditions.ApiUsageException - if SecuritySystem is not ready
        ome.conditions.SecurityViolation - if Details instance contains illegal values.

      • checkManagedDetails

        public ome.model.internal.Details checkManagedDetails​(ome.model.IObject object,
                                                      ome.model.internal.Details trustedDetails)
                                               throws ome.conditions.ApiUsageException,
                                                      ome.conditions.SecurityViolation
        Description copied from interface: SecuritySystem
        checks that a non-privileged user has not attempted to edit the entity's security details. Privileged users can set fields on Details as a single-step chmod and chgrp. managedDetails may create a new Details instance and return that if needed. If the returned Details is not equivalent (==) to the argument Details, then values have been changed.
        Specified by:
        checkManagedDetails in interface SecuritySystem
        Parameters:
        object - non-null IObject instance. Details for that instance can be null.
        trustedDetails - possibly null Details instance. These Details are trusted in the sense that they have already once passed through the SecuritySystem.
        Throws:
        ome.conditions.ApiUsageException - if SecuritySystem is not ready
        ome.conditions.SecurityViolation - if Details instance contains illegal values.

      • isGraphCritical

        public boolean isGraphCritical​(ome.model.internal.Details details)
        Description copied from interface: SecuritySystem
        Determines if the current security context has the possibility of corrupting consistent graphs. Consistent graphs are enforced by the security context to make sure that all READ actions work smoothly. If an administrator or PI is logged into a private group, or otherwise may create an object linked to an object with lower READ rights, then corruption could occur. Starting with 4.4.2, a trusted details object should be passed in order to handle the situation where the current group id is -1. Possibles cases that can occur: 
          The current group is non-negative, then use the previous logic;
  else the current group is negative,
     and the object is in a non-"user" group: USE THAT GROUP;
     else the object is in the "user" group: UNCLEAR
     (for the moment we're throwing an exception)
        If no Details instance is passed or a Details without a ExperimenterGroup value, then throw as well.
        Specified by:
        isGraphCritical in interface SecuritySystem
        Parameters:
        details - the details
        Returns:
        if the graph is critical
        See Also:
        1769,

        • loadEventContext

          public void loadEventContext​(boolean isReadOnly)
          Description copied from interface: SecuritySystem
          Prepares the current EventContext instance with the current Principal. An exception is thrown if there is none.
          Specified by:
          loadEventContext in interface SecuritySystem

        • loadEventContext

          public void loadEventContext​(boolean isReadOnly,
                             boolean isClose)

        • addLog

          public void addLog​(java.lang.String action,
                   java.lang.Class klass,
                   java.lang.Long id)

        • getLogs

          public java.util.List<ome.model.meta.EventLog> getLogs()

        • clearLogs

          public void clearLogs()

        • doAction

          public <T extends ome.model.IObject> T doAction​(SecureAction action,
                                                T... objs)
          It would be better to catch the SecureAction.updateObject(IObject...) method in a try/finally block, but since flush can be so poorly controlled that's not possible. instead, we use the one time token which is removed this Object is checked for privileges.
          Specified by:
          doAction in interface SecuritySystem
          Parameters:
          objs - A managed (non-detached) entity. Not null.
          action - A code-block that will be given the entity argument with a hasPrivilegedToken(IObject) privileged token}.

        • runAsAdmin

          public void runAsAdmin​(ome.model.meta.ExperimenterGroup group,
                       AdminAction action)
          merge event is disabled for runAsAdmin(AdminAction) because passing detached (client-side) entities to this method is particularly dangerous.
          Specified by:
          runAsAdmin in interface SecuritySystem
          Parameters:
          group - the group to run the action as
          action - the action to run

        • checkRestriction

          public void checkRestriction​(java.lang.String name,
                             ome.model.IObject obj)
          Description copied from interface: SecuritySystem
          Checks whether or not a Policy instance of matching name has been registered, considers itself active, and considers the passed context object to be restricted.
          Specified by:
          checkRestriction in interface SecuritySystem
          Parameters:
          name - A non-null unique name for a class of policies.
          obj - An instance which is to be checked against matching policies.

        • getEventContext

          public ome.system.EventContext getEventContext​(boolean refresh)
          Description copied from interface: SecuritySystem
          If refresh is false, returns the current EventContext stored in the session. Otherwise, reloads the context to have the most up-to-date information.
          Specified by:
          getEventContext in interface SecuritySystem
          Parameters:
          refresh - if the event context should first be reloaded
          Returns:
          the event context
          See Also:
          Trac ticket #4011

        • getEffectiveUID

          public java.lang.Long getEffectiveUID()
          Returns the Id of the currently logged in user. Returns owner of the share while in share
          Specified by:
          getEffectiveUID in interface SecuritySystem
          Returns:
          See above.

        • checkReady

          protected void checkReady​(java.lang.String method)
          calls isReady() and if not throws an ApiUsageException. The SecuritySystem must be in a valid state to perform several functions.

        • onApplicationEvent

          public void onApplicationEvent​(EventLogMessage elm)
          Specified by:
          onApplicationEvent in interface org.springframework.context.ApplicationListener<EventLogMessage>