Package ome.security.policy

Interface PolicyService

All Known Implementing Classes:

DefaultPolicyService

public interface PolicyService

Internal service containing a number of configured Policy instances. Each Policy is stored under a unique name, for which there may be several other Policy instances. Consumers can either check whether such a policy restriction is active via isRestricted(String, IObject) or let an exception be thrown by the Policy itself via checkRestriction(String, IObject). Further, the list of currently active restrictions can be provided in bulk to clients via listActiveRestrictions(IObject) so that restricted operations need not be called only to have an exception thrown.

Method Summary

Modifier and Type	Method	Description
void	checkRestriction(java.lang.String name, ome.model.IObject obj)	Give each configured Policy instance the chance to throw a SecurityViolation from its Policy.checkRestriction(IObject) method.
boolean	isRestricted(java.lang.String name, ome.model.IObject obj)	Ask each configured Policy instance with the given name argument if it considers the restriction active for the given IObject argument.
java.util.Set<java.lang.String>	listActiveRestrictions(ome.model.IObject obj)	Return all identifier strings as would be passed as the first argument to isRestricted(String, IObject) or checkRestriction(String, IObject) which considers itself active for the given argument.
java.util.Set<java.lang.String>	listAllRestrictions()	Return all configured identifier strings as would be passed as the first argument to isRestricted(String, IObject) or checkRestriction(String, IObject).

Method Detail

isRestricted

boolean isRestricted(java.lang.String name,
                     ome.model.IObject obj)

Ask each configured Policy instance with the given name argument if it considers the restriction active for the given IObject argument. If any are active, return true.

Parameters:

name - non-null identifier of a class of Policy instances.

obj - non-null "context" for this check.

Returns:

true if any Policy returns true from Policy.isRestricted(IObject).

checkRestriction

void checkRestriction(java.lang.String name,
                      ome.model.IObject obj)
               throws ome.conditions.SecurityViolation

Give each configured Policy instance the chance to throw a SecurityViolation from its Policy.checkRestriction(IObject) method.

Parameters:

name - non-null identifier of a class of Policy instances.

obj - non-null "context" for this check.

Throws:

ome.conditions.SecurityViolation

listAllRestrictions

java.util.Set<java.lang.String> listAllRestrictions()

Return all configured identifier strings as would be passed as the first argument to isRestricted(String, IObject) or checkRestriction(String, IObject).

listActiveRestrictions

java.util.Set<java.lang.String> listActiveRestrictions(ome.model.IObject obj)

Return all identifier strings as would be passed as the first argument to isRestricted(String, IObject) or checkRestriction(String, IObject) which considers itself active for the given argument.

Parameters:

obj - non-null context passed to each Policy instance.

Returns:

a possibly empty string set of identifiers which should be returned to clients via Permissions.copyExtendedRestrictions() .