Package ome.security.policy

Class DefaultPolicyService

java.lang.Object

ome.tools.spring.OnContextRefreshedEventListener

ome.security.policy.DefaultPolicyService

All Implemented Interfaces:

java.util.EventListener, PolicyService, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationListener<org.springframework.context.event.ContextRefreshedEvent>

public class DefaultPolicyService
extends OnContextRefreshedEventListener
implements PolicyService

PolicyService which is configured with all Policy instances which are discovered in the Spring context and only focuses on a small subset of IObject types as specified by filterObject(IObject).

Constructor Summary

Constructors

Constructor	Description
DefaultPolicyService()

Method Summary

Modifier and Type	Method	Description
void	checkRestriction(java.lang.String name, ome.model.IObject obj)	Give each configured Policy instance the chance to throw a SecurityViolation from its Policy.checkRestriction(IObject) method.
protected boolean	filterObject(ome.model.IObject obj)	Limit the objects to which Policy instances are applied.
void	handleContextRefreshedEvent(org.springframework.context.event.ContextRefreshedEvent event)	Loads all Policy instances from the context, and uses them to initialize this PolicyService.
boolean	isRestricted(java.lang.String name, ome.model.IObject obj)	Ask each configured Policy instance with the given name argument if it considers the restriction active for the given IObject argument.
java.util.Set<java.lang.String>	listActiveRestrictions(ome.model.IObject obj)	Return all identifier strings as would be passed as the first argument to PolicyService.isRestricted(String, IObject) or PolicyService.checkRestriction(String, IObject) which considers itself active for the given argument.
java.util.Set<java.lang.String>	listAllRestrictions()	Return all configured identifier strings as would be passed as the first argument to PolicyService.isRestricted(String, IObject) or PolicyService.checkRestriction(String, IObject).

Methods inherited from class ome.tools.spring.OnContextRefreshedEventListener

onApplicationEvent, setApplicationContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultPolicyService

public DefaultPolicyService()

Method Detail

handleContextRefreshedEvent

public void handleContextRefreshedEvent(org.springframework.context.event.ContextRefreshedEvent event)

Loads all Policy instances from the context, and uses them to initialize this PolicyService.

Specified by:

handleContextRefreshedEvent in class OnContextRefreshedEventListener

isRestricted

public boolean isRestricted(java.lang.String name,
                            ome.model.IObject obj)

Description copied from interface: PolicyService

Ask each configured Policy instance with the given name argument if it considers the restriction active for the given IObject argument. If any are active, return true.

Specified by:

isRestricted in interface PolicyService

Parameters:

name - non-null identifier of a class of Policy instances.

obj - non-null "context" for this check.

Returns:

true if any Policy returns true from Policy.isRestricted(IObject).

checkRestriction

public void checkRestriction(java.lang.String name,
                             ome.model.IObject obj)

Description copied from interface: PolicyService

Give each configured Policy instance the chance to throw a SecurityViolation from its Policy.checkRestriction(IObject) method.

Specified by:

checkRestriction in interface PolicyService

Parameters:

name - non-null identifier of a class of Policy instances.

obj - non-null "context" for this check.

listAllRestrictions

public java.util.Set<java.lang.String> listAllRestrictions()

Description copied from interface: PolicyService

Return all configured identifier strings as would be passed as the first argument to PolicyService.isRestricted(String, IObject) or PolicyService.checkRestriction(String, IObject).

Specified by:

listAllRestrictions in interface PolicyService

listActiveRestrictions

public java.util.Set<java.lang.String> listActiveRestrictions(ome.model.IObject obj)

Description copied from interface: PolicyService

Return all identifier strings as would be passed as the first argument to PolicyService.isRestricted(String, IObject) or PolicyService.checkRestriction(String, IObject) which considers itself active for the given argument.

Specified by:

listActiveRestrictions in interface PolicyService

Parameters:

obj - non-null context passed to each Policy instance.

Returns:

a possibly empty string set of identifiers which should be returned to clients via Permissions.copyExtendedRestrictions() .

filterObject

protected boolean filterObject(ome.model.IObject obj)

Limit the objects to which Policy instances are applied. This reduces the overhead of creating a HashSet for every object in a returned graph.

Parameters:

obj - e.g. the argument to listActiveRestrictions(IObject).

Returns:

true if the given object should not be restricted.