public class SharingSecuritySystem extends java.lang.Object implements SecuritySystem
Token
,
Details
,
Permissions
,
ACLEventListener
Constructor and Description |
---|
SharingSecuritySystem(BasicSecuritySystem delegate) |
Modifier and Type | Method and Description |
---|---|
ome.model.internal.Details |
checkManagedDetails(ome.model.IObject object,
ome.model.internal.Details trustedDetails)
checks that a non-privileged user has not attempted to edit the entity's
security details . |
void |
checkRestriction(java.lang.String name,
ome.model.IObject obj)
Checks whether or not a
Policy instance of matching
name has been registered, considers itself active, and
considers the passed context object to be restricted. |
void |
disable(java.lang.String... ids)
disables components of the backend for the current Thread.
|
<T extends ome.model.IObject> |
doAction(SecureAction action,
T... objs) |
void |
enable(java.lang.String... ids)
enables components of the backend for the current Thread.
|
java.lang.Long |
getEffectiveUID()
Returns UID based on whether a share is active, etc.
|
ome.system.EventContext |
getEventContext()
Calls
SecuritySystem.getEventContext(boolean) with a false as "refresh". |
ome.system.EventContext |
getEventContext(boolean refresh)
If refresh is false, returns the current
EventContext stored
in the session. |
ome.system.Roles |
getSecurityRoles() |
boolean |
hasPrivilegedToken(ome.model.IObject obj)
|
void |
invalidateEventContext()
Clears the content of the
EventContext so that the
SecuritySystem will no longer return true for SecuritySystem.isReady() . |
boolean |
isDisabled(java.lang.String id)
checks if the listed id is disabled for the current Thread.
|
boolean |
isEmptyEventContext() |
boolean |
isGraphCritical(ome.model.internal.Details details)
Determines if the current security context has the possibility of
corrupting consistent graphs.
|
boolean |
isReady()
checks if this
SecuritySystem instance is in a valid state. |
boolean |
isSystemType(java.lang.Class<? extends ome.model.IObject> klass)
checks if instances of the given type are "System-Types".
|
void |
loadEventContext(boolean isReadOnly)
Prepares the current
EventContext instance with the current
Principal . |
void |
login(ome.system.Principal principal)
stores this
Principal instance in the current thread context for
authenticating and authorizing all actions. |
int |
logout()
clears the top
Principal instance from the current thread
context. |
ome.model.internal.Details |
newTransientDetails(ome.model.IObject object)
creates a new secure
details for transient
entities. |
void |
runAsAdmin(AdminAction action)
Calls
SecuritySystem.runAsAdmin(ExperimenterGroup, AdminAction) with a
null group. |
void |
runAsAdmin(ome.model.meta.ExperimenterGroup group,
AdminAction action)
Allows actions to be performed with the
EventContext.isCurrentUserAdmin() flag enabled but
without changing the value of
EventContext.getCurrentUserId() , so that ownerships are properly
handled. |
public SharingSecuritySystem(BasicSecuritySystem delegate)
public ome.model.internal.Details checkManagedDetails(ome.model.IObject object, ome.model.internal.Details trustedDetails) throws ome.conditions.ApiUsageException, ome.conditions.SecurityViolation
SecuritySystem
security details
. Privileged users can set
fields on Details
as a single-step chmod
and
chgrp
.
managedDetails
may create
a new Details instance and return that if needed. If the returned Details
is not equivalent (==) to the argument Details, then values have been
changed.checkManagedDetails
in interface SecuritySystem
object
- non-null IObject
instance. Details
for that
instance can be null.trustedDetails
- possibly null Details
instance. These Details
are trusted in the sense that they have already once passed
through the SecuritySystem
.ome.conditions.ApiUsageException
- if SecuritySystem
is not ready
ome.conditions.SecurityViolation
- if Details
instance contains illegal values.public void invalidateEventContext()
SecuritySystem
EventContext
so that the
SecuritySystem
will no longer return true for SecuritySystem.isReady()
.
The Principal
set during SecuritySystem.login(Principal)
is retained.invalidateEventContext
in interface SecuritySystem
public void disable(java.lang.String... ids)
SecuritySystem
SecuritySystem.isDisabled(String)
will return false. It is the
responsibility of various security system components to then throw
exceptions.disable
in interface SecuritySystem
ids
- Non-null, non-empty array of String ids to disable.public <T extends ome.model.IObject> T doAction(SecureAction action, T... objs)
doAction
in interface SecuritySystem
public void enable(java.lang.String... ids)
SecuritySystem
SecuritySystem.isDisabled(String)
will return true.enable
in interface SecuritySystem
ids
- possibly null array of String ids. A null array specifies that
all subsystems are to be enabled. Otherwise, only those
subsystems specified by the ids.public ome.system.EventContext getEventContext()
SecuritySystem
SecuritySystem.getEventContext(boolean)
with a false as "refresh".
This is the previous, safer logic of the method since consumers
are not expecting a long method run.getEventContext
in interface SecuritySystem
public ome.system.EventContext getEventContext(boolean refresh)
SecuritySystem
EventContext
stored
in the session. Otherwise, reloads the context to have the most
up-to-date information.getEventContext
in interface SecuritySystem
refresh
- if the event context should first be reloadedpublic java.lang.Long getEffectiveUID()
SecuritySystem
Annotation toSave = ...; if (toSave.getDetails().getOwner() == null) // No owner need to find one. { Long uid = sec.getEffectiveUID(); if (uid != null) { toSave.getDetails().setOwner(new Experimenter(uid, false)); } else { toSave.getDetails().setOwner( image.getDetails().getOwner()); // may be null. } } image.linkAnnotation(toSave); etc.
getEffectiveUID
in interface SecuritySystem
public ome.system.Roles getSecurityRoles()
getSecurityRoles
in interface SecuritySystem
public boolean hasPrivilegedToken(ome.model.IObject obj)
SecuritySystem
hasPrivilegedToken
in interface SecuritySystem
public void checkRestriction(java.lang.String name, ome.model.IObject obj)
SecuritySystem
Policy
instance of matching
name has been registered, considers itself active, and
considers the passed context object to be restricted.checkRestriction
in interface SecuritySystem
name
- A non-null unique name for a class of policies.obj
- An instance which is to be checked against matching policies.public boolean isDisabled(java.lang.String id)
SecuritySystem
isDisabled
in interface SecuritySystem
id
- non-null String representing a backend subsystem.SecuritySystem.disable(String[])
public boolean isEmptyEventContext()
public boolean isReady()
SecuritySystem
SecuritySystem
instance is in a valid state. This
includes that a user is properly logged in and that a connection is
available to all necessary resources, e.g. database handle and mapping
session.
Not all methods require that the instance is ready.isReady
in interface SecuritySystem
public boolean isSystemType(java.lang.Class<? extends ome.model.IObject> klass)
SecuritySystem
isSystemType
in interface SecuritySystem
klass
- A class which extends from IObject
public void loadEventContext(boolean isReadOnly)
SecuritySystem
EventContext
instance with the current
Principal
. An exception is thrown if there is none.loadEventContext
in interface SecuritySystem
public void login(ome.system.Principal principal)
SecuritySystem
Principal
instance in the current thread context for
authenticating and authorizing all actions. This method does not
make any queries and is only a conduit for login information from the
outermost levels. Session bean implementations and other in-JVM clients
can fill the Principal
. Note, however, a call must first be made
to SecuritySystem.loadEventContext(boolean)
for some calls to be made to the
SecuritySystem
. In general, this means that execution must pass
through the EventHandler
login
in interface SecuritySystem
principal
- the new current principalpublic int logout()
SecuritySystem
Principal
instance from the current thread
context.logout
in interface SecuritySystem
public ome.model.internal.Details newTransientDetails(ome.model.IObject object) throws ome.conditions.ApiUsageException, ome.conditions.SecurityViolation
SecuritySystem
details
for transient
entities. Non-privileged users can only edit the
Permissions
field. Privileged users can
use the Details
object as a single-step chmod
and
chgrp
.
newTransientDetails
always returns
a non-null Details that is not equivalent (==) to the Details argument.
This method can be used from anywhere in the codebase to obtain a valid
Details
, but passing in an IObject
instance with a null
Details
. However, if the Details
is non-null, there is
the possibility that this method will throw an exception.newTransientDetails
in interface SecuritySystem
ome.conditions.ApiUsageException
- if SecuritySystem
is not ready
ome.conditions.SecurityViolation
- if Details
instance contains illegal values.public void runAsAdmin(ome.model.meta.ExperimenterGroup group, AdminAction action)
SecuritySystem
EventContext.isCurrentUserAdmin()
flag enabled but
without changing the value of
EventContext.getCurrentUserId()
, so that ownerships are properly
handled. The merging of detached entity graphs should be disabled for the
extent of the execution.
Due to the addition of the group permission system, we also permit
setting the group on the call so that the administrator can work within
all groups. A value of null will not change the current group.
Note: the IUpdate
save methods should not be used, since
they also accept detached entities, which could pose security risks.
Instead load an entity from the database via IQuery
,
make changes, and save the changes with IUpdate
.runAsAdmin
in interface SecuritySystem
group
- the group to run the action asaction
- the action to runpublic void runAsAdmin(AdminAction action)
SecuritySystem
SecuritySystem.runAsAdmin(ExperimenterGroup, AdminAction)
with a
null group.runAsAdmin
in interface SecuritySystem
action
- the action to runpublic boolean isGraphCritical(ome.model.internal.Details details)
SecuritySystem
The current group is non-negative, then use the previous logic; else the current group is negative, and the object is in a non-"user" group: USE THAT GROUP; else the object is in the "user" group: UNCLEAR (for the moment we're throwing an exception)If no
Details
instance is passed or a Details
without
a ExperimenterGroup
value, then throw as well.isGraphCritical
in interface SecuritySystem
details
- the details