|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.glite.security.voms.database.cache.TimedCacheable
org.glite.security.voms.database.DBACL
A class representing and checking ACLs in a VO. Essentially, a wrapper class for the acl table.
Method Summary | |
void |
addACLEntry(ACLEntry entry)
Add an ACL entry to this ACL. |
boolean |
checkACLEntryForAttribute(Operation o,
java.lang.String attribute,
java.lang.String clientName,
java.lang.String issuerName)
|
boolean |
checkACLEntryForGroup(Operation o,
java.lang.String groupname,
java.lang.String clientName,
java.lang.String issuerName)
|
boolean |
checkACLEntryForRole(Operation o,
java.lang.String role,
java.lang.String clientName,
java.lang.String issuerName)
|
void |
checkPermission(Operation o)
Check if the current user is allowed to perform a specific operation. |
java.lang.Object |
clone()
Return a copy of this DBACL instance. |
long |
copyACL()
Creates a new copy of this ACL, returning its id. |
long |
countACLEntries()
Counts the ACL entries of this ACL. |
static long |
create()
Creates a new empty ACL. |
void |
deleteACL()
Remove this ACL from the database. |
boolean |
equals(java.lang.Object o)
Returns true if Object is a DBACL with the same id. |
ACLEntry[] |
getACLEntries()
Returns the ACL entries of this ACL. |
ACLEntry |
getACLEntry(Operation o,
DBAdmin admin,
boolean appendGlobal)
Returns the ACL entry corresponding to the given operation-administrator pair. |
static DBACL |
getGlobalACL()
Return the global access control list. |
java.lang.Object[] |
getKeys()
Return the keys that are used to refer to this instance in RowCache. |
DBContainer |
getOwner()
Return the owner of this ACL. |
static DBACL |
getReadOnlyGlobalACL()
Return the global access control list for access control. |
boolean |
hasDeny()
Return true if this or the Global ACL has a deny rule. |
boolean |
isGlobalACL()
Returns true if this is the Global ACL. |
boolean |
isReadOnly()
Return true if this is an inmutable instance. |
void |
refresh()
Refresh this row, i.e. retrieve it again from the database. |
void |
removeACLEntry(ACLEntry entry)
Remove a single entry from an ACL. |
void |
removeAllACLEntries()
Remove all entries from an ACL. |
void |
setACLEntries(ACLEntry[] entries)
Replace the ACL with a new set of entries. |
java.lang.String |
toString()
|
Methods inherited from class org.glite.security.voms.database.cache.TimedCacheable |
needsRefresh |
Methods inherited from class java.lang.Object |
finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Methods inherited from interface org.glite.security.voms.database.cache.Cacheable |
needsRefresh |
Method Detail |
public void refresh() throws GeneralDatabaseException
Cacheable
refresh
in interface Cacheable
refresh
in class TimedCacheable
GeneralDatabaseException
public java.lang.Object clone()
clone
in interface Cacheable
clone
in class TimedCacheable
public boolean equals(java.lang.Object o)
public java.lang.Object[] getKeys()
Cacheable
getKeys
in interface Cacheable
getKeys
in class TimedCacheable
public static DBACL getGlobalACL() throws GeneralDatabaseException
GeneralDatabaseException
public static DBACL getReadOnlyGlobalACL() throws GeneralDatabaseException
GeneralDatabaseException
public DBContainer getOwner()
public boolean isGlobalACL()
public boolean isReadOnly()
public boolean hasDeny()
public java.lang.String toString()
public void checkPermission(Operation o) throws GeneralDatabaseException, VOMSSecurityException
SecurityContext
. The
other half of the information is in the ACL
table.
This method is only used for fine-grained authorization. It expects
that the client's authentication has already been set up by Update.begin
or Query.get
.
If the client connects from localhost and the configuration option
voms.localhost.has.bypass
is true, then the ACL check will
be bypassed.
Otherwise the method iterates through the user's name and approved attributes and tries to match them with the ACL entries. If it finds at least one allow entry and it doesn't find any deny entries, then it will allow the operation by returning normally.
If the routine finds a deny entry or doesn't find any
allow entries, then it will throw a VOMSSecurityException
.
The method returns normally when the access is granted.
o
- the requested operation on the object
VOMSSecurityException
- when the access is denied.
DatabaseError
- if an SQL error occurs.
InconsistentDatabase
- if a database inconsistency is detected.
GeneralDatabaseException
Query.get()
,
Update.begin()
,
"org.glite.security.authorization.AuthorizationManager",
"org.glite.security.info.SecurityContext"public boolean checkACLEntryForAttribute(Operation o, java.lang.String attribute, java.lang.String clientName, java.lang.String issuerName) throws GeneralDatabaseException, VOMSSecurityException
GeneralDatabaseException
VOMSSecurityException
public boolean checkACLEntryForGroup(Operation o, java.lang.String groupname, java.lang.String clientName, java.lang.String issuerName) throws GeneralDatabaseException, VOMSSecurityException
GeneralDatabaseException
VOMSSecurityException
public boolean checkACLEntryForRole(Operation o, java.lang.String role, java.lang.String clientName, java.lang.String issuerName) throws GeneralDatabaseException, VOMSSecurityException
GeneralDatabaseException
VOMSSecurityException
public static long create() throws GeneralDatabaseException
GeneralDatabaseException
public long copyACL() throws GeneralDatabaseException
java.lang.IllegalArgumentException
- if any of the arguments is null.
GeneralDatabaseException
public long countACLEntries() throws GeneralDatabaseException
GeneralDatabaseException
public ACLEntry getACLEntry(Operation o, DBAdmin admin, boolean appendGlobal) throws GeneralDatabaseException, ArgumentException
o
- the operation to look up.admin
- the principal to look up.appendGlobal
- if true, also look into the global ACL.
GeneralDatabaseException
ArgumentException
public ACLEntry[] getACLEntries() throws GeneralDatabaseException
GeneralDatabaseException
public void removeACLEntry(ACLEntry entry) throws GeneralDatabaseException, ArgumentException, NotInDatabase
GeneralDatabaseException
ArgumentException
NotInDatabase
public void removeAllACLEntries() throws GeneralDatabaseException
GeneralDatabaseException
public void addACLEntry(ACLEntry entry) throws ArgumentException, GeneralDatabaseException
ArgumentException
- if we already have an entry for this admin-operation pair.
GeneralDatabaseException
public void setACLEntries(ACLEntry[] entries) throws ArgumentException, GeneralDatabaseException
ArgumentException
GeneralDatabaseException
public void deleteACL() throws GeneralDatabaseException
acld
table.
GeneralDatabaseException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |