Package ome.security.sharing
Class SharingSecuritySystem
- java.lang.Object
-
- ome.security.sharing.SharingSecuritySystem
-
- All Implemented Interfaces:
SecuritySystem
public class SharingSecuritySystem extends java.lang.Object implements SecuritySystem
central security interface. All queries and actions that deal with a secure context should pass through an implementation of this interface.- Since:
- 3.0-M3
- See Also:
Token
,Details
,Permissions
,ACLEventListener
-
-
Constructor Summary
Constructors Constructor Description SharingSecuritySystem(BasicSecuritySystem delegate)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ome.model.internal.Details
checkManagedDetails(ome.model.IObject object, ome.model.internal.Details trustedDetails)
checks that a non-privileged user has not attempted to edit the entity'ssecurity details
.void
checkRestriction(java.lang.String name, ome.model.IObject obj)
Checks whether or not aPolicy
instance of matching name has been registered, considers itself active, and considers the passed context object to be restricted.void
disable(java.lang.String... ids)
disables components of the backend for the current Thread.<T extends ome.model.IObject>
TdoAction(SecureAction action, T... objs)
void
enable(java.lang.String... ids)
enables components of the backend for the current Thread.java.lang.Long
getEffectiveUID()
Returns UID based on whether a share is active, etc.ome.system.EventContext
getEventContext()
CallsSecuritySystem.getEventContext(boolean)
with a false as "refresh".ome.system.EventContext
getEventContext(boolean refresh)
If refresh is false, returns the currentEventContext
stored in the session.ome.system.Roles
getSecurityRoles()
boolean
hasPrivilegedToken(ome.model.IObject obj)
void
invalidateEventContext()
Clears the content of theEventContext
so that theSecuritySystem
will no longer return true forSecuritySystem.isReady()
.boolean
isDisabled(java.lang.String id)
checks if the listed id is disabled for the current Thread.boolean
isEmptyEventContext()
boolean
isGraphCritical(ome.model.internal.Details details)
Determines if the current security context has the possibility of corrupting consistent graphs.boolean
isReady()
checks if thisSecuritySystem
instance is in a valid state.boolean
isSystemType(java.lang.Class<? extends ome.model.IObject> klass)
checks if instances of the given type are "System-Types".void
loadEventContext(boolean isReadOnly)
Prepares the currentEventContext
instance with the currentPrincipal
.void
login(ome.system.Principal principal)
stores thisPrincipal
instance in the current thread context for authenticating and authorizing all actions.int
logout()
clears the topPrincipal
instance from the current thread context.ome.model.internal.Details
newTransientDetails(ome.model.IObject object)
creates a new securedetails
for transient entities.void
runAsAdmin(ome.model.meta.ExperimenterGroup group, AdminAction action)
Allows actions to be performed with theEventContext.isCurrentUserAdmin()
flag enabled but without changing the value ofEventContext.getCurrentUserId()
, so that ownerships are properly handled.void
runAsAdmin(AdminAction action)
CallsSecuritySystem.runAsAdmin(ExperimenterGroup, AdminAction)
with a null group.
-
-
-
Constructor Detail
-
SharingSecuritySystem
public SharingSecuritySystem(BasicSecuritySystem delegate)
-
-
Method Detail
-
checkManagedDetails
public ome.model.internal.Details checkManagedDetails(ome.model.IObject object, ome.model.internal.Details trustedDetails) throws ome.conditions.ApiUsageException, ome.conditions.SecurityViolation
Description copied from interface:SecuritySystem
checks that a non-privileged user has not attempted to edit the entity'ssecurity details
. Privileged users can set fields onDetails
as a single-stepchmod
andchgrp
.managedDetails
may create a new Details instance and return that if needed. If the returned Details is not equivalent (==) to the argument Details, then values have been changed.- Specified by:
checkManagedDetails
in interfaceSecuritySystem
- Parameters:
object
- non-nullIObject
instance.Details
for that instance can be null.trustedDetails
- possibly nullDetails
instance. TheseDetails
are trusted in the sense that they have already once passed through theSecuritySystem
.- Throws:
ome.conditions.ApiUsageException
- ifSecuritySystem
is notready
ome.conditions.SecurityViolation
- ifDetails
instance contains illegal values.
-
invalidateEventContext
public void invalidateEventContext()
Description copied from interface:SecuritySystem
Clears the content of theEventContext
so that theSecuritySystem
will no longer return true forSecuritySystem.isReady()
. ThePrincipal
set duringSecuritySystem.login(Principal)
is retained.- Specified by:
invalidateEventContext
in interfaceSecuritySystem
-
disable
public void disable(java.lang.String... ids)
Description copied from interface:SecuritySystem
disables components of the backend for the current Thread. Further checks toSecuritySystem.isDisabled(String)
will return false. It is the responsibility of various security system components to then throw exceptions.- Specified by:
disable
in interfaceSecuritySystem
- Parameters:
ids
- Non-null, non-empty array of String ids to disable.
-
doAction
public <T extends ome.model.IObject> T doAction(SecureAction action, T... objs)
- Specified by:
doAction
in interfaceSecuritySystem
-
enable
public void enable(java.lang.String... ids)
Description copied from interface:SecuritySystem
enables components of the backend for the current Thread. Further checks toSecuritySystem.isDisabled(String)
will return true.- Specified by:
enable
in interfaceSecuritySystem
- Parameters:
ids
- possibly null array of String ids. A null array specifies that all subsystems are to be enabled. Otherwise, only those subsystems specified by the ids.
-
getEventContext
public ome.system.EventContext getEventContext()
Description copied from interface:SecuritySystem
CallsSecuritySystem.getEventContext(boolean)
with a false as "refresh". This is the previous, safer logic of the method since consumers are not expecting a long method run.- Specified by:
getEventContext
in interfaceSecuritySystem
- Returns:
- the event context
-
getEventContext
public ome.system.EventContext getEventContext(boolean refresh)
Description copied from interface:SecuritySystem
If refresh is false, returns the currentEventContext
stored in the session. Otherwise, reloads the context to have the most up-to-date information.- Specified by:
getEventContext
in interfaceSecuritySystem
- Parameters:
refresh
- if the event context should first be reloaded- Returns:
- the event context
- See Also:
- Trac ticket #4011
-
getEffectiveUID
public java.lang.Long getEffectiveUID()
Description copied from interface:SecuritySystem
Returns UID based on whether a share is active, etc. This is the UID value that should be used for writing data. The return value may be null if the user is currently querying across multiple contents. In this case another method for choosing the UID must be chosen, for example by taking the UID of another element under consideration. For example,Annotation toSave = ...; if (toSave.getDetails().getOwner() == null) // No owner need to find one. { Long uid = sec.getEffectiveUID(); if (uid != null) { toSave.getDetails().setOwner(new Experimenter(uid, false)); } else { toSave.getDetails().setOwner( image.getDetails().getOwner()); // may be null. } } image.linkAnnotation(toSave); etc.
- Specified by:
getEffectiveUID
in interfaceSecuritySystem
- Returns:
- the effective user ID
-
getSecurityRoles
public ome.system.Roles getSecurityRoles()
- Specified by:
getSecurityRoles
in interfaceSecuritySystem
-
hasPrivilegedToken
public boolean hasPrivilegedToken(ome.model.IObject obj)
Description copied from interface:SecuritySystem
- Specified by:
hasPrivilegedToken
in interfaceSecuritySystem
-
checkRestriction
public void checkRestriction(java.lang.String name, ome.model.IObject obj)
Description copied from interface:SecuritySystem
Checks whether or not aPolicy
instance of matching name has been registered, considers itself active, and considers the passed context object to be restricted.- Specified by:
checkRestriction
in interfaceSecuritySystem
- Parameters:
name
- A non-null unique name for a class of policies.obj
- An instance which is to be checked against matching policies.
-
isDisabled
public boolean isDisabled(java.lang.String id)
Description copied from interface:SecuritySystem
checks if the listed id is disabled for the current Thread.- Specified by:
isDisabled
in interfaceSecuritySystem
- Parameters:
id
- non-null String representing a backend subsystem.- Returns:
- true if the backend subsystem has been previously disabled by
calls to
SecuritySystem.disable(String[])
-
isEmptyEventContext
public boolean isEmptyEventContext()
-
isReady
public boolean isReady()
Description copied from interface:SecuritySystem
checks if thisSecuritySystem
instance is in a valid state. This includes that a user is properly logged in and that a connection is available to all necessary resources, e.g. database handle and mapping session. Not all methods require that the instance is ready.- Specified by:
isReady
in interfaceSecuritySystem
- Returns:
- true if all methods on this interface are ready to be called.
-
isSystemType
public boolean isSystemType(java.lang.Class<? extends ome.model.IObject> klass)
Description copied from interface:SecuritySystem
checks if instances of the given type are "System-Types". Security logic for all system types is significantly different. In general, system types cannot be created, updated, or deleted by regular users, and are visible to all users.- Specified by:
isSystemType
in interfaceSecuritySystem
- Parameters:
klass
- A class which extends fromIObject
- Returns:
- true if instances of the class argument can be considered system types.
-
loadEventContext
public void loadEventContext(boolean isReadOnly)
Description copied from interface:SecuritySystem
Prepares the currentEventContext
instance with the currentPrincipal
. An exception is thrown if there is none.- Specified by:
loadEventContext
in interfaceSecuritySystem
-
login
public void login(ome.system.Principal principal)
Description copied from interface:SecuritySystem
stores thisPrincipal
instance in the current thread context for authenticating and authorizing all actions. This method does not make any queries and is only a conduit for login information from the outermost levels. Session bean implementations and other in-JVM clients can fill thePrincipal
. Note, however, a call must first be made toSecuritySystem.loadEventContext(boolean)
for some calls to be made to theSecuritySystem
. In general, this means that execution must pass through theEventHandler
- Specified by:
login
in interfaceSecuritySystem
- Parameters:
principal
- the new current principal
-
logout
public int logout()
Description copied from interface:SecuritySystem
clears the topPrincipal
instance from the current thread context.- Specified by:
logout
in interfaceSecuritySystem
- Returns:
- the number of remaining instances.
-
newTransientDetails
public ome.model.internal.Details newTransientDetails(ome.model.IObject object) throws ome.conditions.ApiUsageException, ome.conditions.SecurityViolation
Description copied from interface:SecuritySystem
creates a new securedetails
for transient entities. Non-privileged users can only edit thePermissions
field. Privileged users can use theDetails
object as a single-stepchmod
andchgrp
.newTransientDetails
always returns a non-null Details that is not equivalent (==) to the Details argument. This method can be used from anywhere in the codebase to obtain a validDetails
, but passing in anIObject
instance with a nullDetails
. However, if theDetails
is non-null, there is the possibility that this method will throw an exception.- Specified by:
newTransientDetails
in interfaceSecuritySystem
- Throws:
ome.conditions.ApiUsageException
- ifSecuritySystem
is notready
ome.conditions.SecurityViolation
- ifDetails
instance contains illegal values.
-
runAsAdmin
public void runAsAdmin(ome.model.meta.ExperimenterGroup group, AdminAction action)
Description copied from interface:SecuritySystem
Allows actions to be performed with theEventContext.isCurrentUserAdmin()
flag enabled but without changing the value ofEventContext.getCurrentUserId()
, so that ownerships are properly handled. The merging of detached entity graphs should be disabled for the extent of the execution. Due to the addition of the group permission system, we also permit setting the group on the call so that the administrator can work within all groups. A value of null will not change the current group. Note: theIUpdate
save methods should not be used, since they also accept detached entities, which could pose security risks. Instead load an entity from the database viaIQuery
, make changes, and save the changes withIUpdate
.- Specified by:
runAsAdmin
in interfaceSecuritySystem
- Parameters:
group
- the group to run the action asaction
- the action to run
-
runAsAdmin
public void runAsAdmin(AdminAction action)
Description copied from interface:SecuritySystem
CallsSecuritySystem.runAsAdmin(ExperimenterGroup, AdminAction)
with a null group.- Specified by:
runAsAdmin
in interfaceSecuritySystem
- Parameters:
action
- the action to run
-
isGraphCritical
public boolean isGraphCritical(ome.model.internal.Details details)
Description copied from interface:SecuritySystem
Determines if the current security context has the possibility of corrupting consistent graphs. Consistent graphs are enforced by the security context to make sure that all READ actions work smoothly. If an administrator or PI is logged into a private group, or otherwise may create an object linked to an object with lower READ rights, then corruption could occur. Starting with 4.4.2, a trusted details object should be passed in order to handle the situation where the current group id is -1. Possibles cases that can occur:The current group is non-negative, then use the previous logic; else the current group is negative, and the object is in a non-"user" group: USE THAT GROUP; else the object is in the "user" group: UNCLEAR (for the moment we're throwing an exception)
If noDetails
instance is passed or aDetails
without aExperimenterGroup
value, then throw as well.- Specified by:
isGraphCritical
in interfaceSecuritySystem
- Parameters:
details
- the details- Returns:
- if the graph is critical
- See Also:
- 1769,
-
-