wt.access
Class AccessControlManagerFwd

java.lang.Object
  wt.access.AccessControlManagerFwd

All Implemented Interfaces:

AccessControlManager, RemoteAccess, Serializable

public class AccessControlManagerFwd

extends Object

implements RemoteAccess, AccessControlManager, Serializable

The AccessControlManager interface contains the signature of the methods supported by managers of the access control package. These methods fall into three classes: (1) access control enforcement methods (checkAccess, for example); (2) specialized query methods; and (3) maintenance of access control rules and lists.

Supported API: false

Extendable: false

See Also:

Serialized Form

Field Summary

private static String	CLASSNAME
private static String	FC_RESOURCE
(package private) static boolean	SERVER

Fields inherited from interface wt.method.RemoteAccess

versionID

Constructor Summary

AccessControlManagerFwd()

Method Summary

AdHocControlled	addPermission(AdHocControlled obj, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key) Adds an ad hoc access control rule granting a principal the specified permission to an object.
AdHocControlled	addPermission(AdHocControlled obj, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key, long owner_id) Adds an ad hoc access control rule granting a principal the specified permission to an object.
AdHocControlled	addPermissions(AdHocControlled obj, WTPrincipalReference principal_ref, Vector permissions, AdHocAccessKey owner_key) Adds an ad hoc access control rule granting a principal the specified permissions to an object.
AdHocControlled	addPermissions(AdHocControlled obj, WTPrincipalReference principal_ref, Vector permissions, AdHocAccessKey owner_key, long owner_id) Adds an ad hoc access control rule granting a principal the specified permissions to an object.
void	checkAccess(AdminDomainRef domain_ref, String type_id, AccessPermission permission) Checks if the current principal has the given access permission over a given type in a given domain (irrespective of state).
boolean	checkAccess(Object object, AccessPermission permission) Determines whether the current principal has a given permission on a given object.
boolean	checkAccess(Object object, String permission) Deprecated.
void	checkAccess(WTCollection objects, AccessPermission permission) Determines whether the current principal has a given permission on a collection of objects.
AdHocControlled	copyPermissions(AdHocControlled source, AdHocControlled target, AdHocAccessKey owner_key) Copies permissions from a source object to a target object.
AdHocControlled	copyPermissions(AdHocControlled source, AdHocControlled target, AdHocAccessKey owner_key, long owner_id) Copies permissions from a source object to a target object.
void	createAccessControlRule(AdminDomainRef domain_ref, String type_id, String state_key, WTPrincipalReference principal_ref, boolean grant, Vector permissions) Creates an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.
void	createAccessControlRule(AdminDomainRef domain_ref, String type_id, String state_key, WTPrincipalReference principal_ref, Vector grant_permissions, Vector deny_permissions) Creates an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.
void	deleteAccessControlRule(AdminDomainRef domain_ref, String type_id, String state_key, WTPrincipalReference principal_ref) Deletes an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.
void	deleteAccessControlRules(AdminDomainRef domain_ref) Deletes all access control rules within a domain.
void	emitAccessEvent(String event_type, Object target, AccessPermission permission, WTMessage message) Emits an access control event of a given type.
ObjectVectorIfc	filterObjects(ObjectVectorIfc objects, AccessPermission permission) Given a set of objects, this method constructs and returns a new set containing only objects where the current principal is granted the permission to these objects.
QueryResult	filterObjects(QueryResult objects, AccessPermission permission) Given a set of objects (stored as a QueryResult), this method constructs and returns a new set containing only objects where the current principal is granted the permission to these objects.
QueryResult	filterObjects(QueryResult objects, String permission) Deprecated.
EnumeratorVector[]	getAccessControlRule(AdminDomainRef domain_ref, String type_id, String state_key, WTPrincipalReference principal_ref) Gets an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.
AccessPolicyRule	getAccessPolicyRule(AccessSelector selector) Returns the access policy rule for the specified selector.
Enumeration	getAccessPolicyRules(AdminDomainRef domain_ref) Returns all the access policy rules for the specified domain in the form of an enumeration.
Enumeration	getEntries(AccessControlList obj) Returns an Enumeration of access control entries for an wt.access.AccessControlLink object.
private static Manager	getManager()
EnumeratorVector	getPermissions(AdHocControlled obj, WTPrincipalReference principal_ref, AdHocAccessKey owner_key) Returns the permissions (EnumeratorVector of AccessPermission) granted to a principal for an object, by an ad hoc access control rule with a specified owner.
EnumeratorVector	getPermissions(AdHocControlled obj, WTPrincipalReference principal_ref, AdHocAccessKey owner_key, long owner_id) Returns the permissions (EnumeratorVector of AccessPermission) granted to a principal for an object, by an ad hoc access control rule with a specified owner.
PolicyAcl	getPolicyAcl(AccessSelector selector) Returns the policy acl for the given selector.
Hashtable	getSurrogateAttributes(Class a_targetClass) Indicates which attributes are necessary for making the access control decision on an object of the given class.
boolean	hasAccess(Object object, AccessPermission permission) Determines whether the current principal has the given access permission over the object passed as argument.
boolean	hasAccess(Object object, String permission) Deprecated.
boolean	hasAccess(WTCollection objects, AccessPermission permission) Determines whether the current principal has the given access permission over the collection of objects passed as argument.
boolean	hasAccess(WTPrincipal user, Object object, AccessPermission permission) Determines whether the given principal has the given access permission over the object passed as argument.
boolean	hasAccess(WTPrincipal user, Object object, String permission) Deprecated.
boolean	hasAccess(WTPrincipal user, String type_id, AdminDomainRef domain_ref, State state, AccessPermission permission) Determines whether the given principal has the given access permission over a given type in a given domain and state.
boolean	hasAccess(WTPrincipal user, String type_id, AdminDomainRef domain_ref, State state, String permission) Deprecated.
boolean	hasAccess(WTPrincipal principal, WTCollection objects, AccessPermission permission) Determines whether the given principal has the given access permission over the collection of objects passed as argument.
AdHocControlled	removePermission(AdHocControlled obj, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key) Removes the specified permission from the set of permissions granted to a principal for an object.
AdHocControlled	removePermission(AdHocControlled obj, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key, long owner_id) Removes the specified permission from the set of permissions granted to a principal for an object.
AdHocControlled	removePermissions(AdHocControlled obj, AdHocAccessKey owner_key) Removes all ad hoc access control rules with the specified owner.
AdHocControlled	removePermissions(AdHocControlled obj, AdHocAccessKey owner_key, long owner_id) Removes all ad hoc access control rules with the specified owner.
AdHocControlled	removePermissions(AdHocControlled obj, WTPrincipalReference principal_ref, Vector permissions, AdHocAccessKey owner_key) Removes the specified permissions from the set of permissions granted to a principal for an object.
AdHocControlled	removePermissions(AdHocControlled obj, WTPrincipalReference principal_ref, Vector permissions, AdHocAccessKey owner_key, long owner_id) Removes the specified permissions from the set of permissions granted to a principal for an object.
AdHocControlled	setPermission(AdHocControlled obj, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key) Adds an ad hoc access control rule granting a principal the specified permission to an object.
AdHocControlled	setPermission(AdHocControlled obj, WTPrincipalReference principal_ref, AccessPermission permission, AdHocAccessKey owner_key, long owner_id) Adds an ad hoc access control rule granting a principal the specified permission to an object.
AdHocControlled	setPermissions(AdHocControlled obj, WTPrincipalReference principal_ref, Vector permissions, AdHocAccessKey owner_key) Deprecated.
AdHocControlled	setPermissions(AdHocControlled obj, WTPrincipalReference principal_ref, Vector permissions, AdHocAccessKey owner_key, long owner_id) Adds an ad hoc access control rule granting a principal the specified permissions to an object.
String	showPermissions(AdHocControlled obj) Returns a string representation of the ad hoc access control rules for the specified object.
void	updateAccessControlRule(AdminDomainRef domain_ref, String type_id, String state_key, WTPrincipalReference principal_ref, boolean grant, Vector permissions) Updates an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.
void	updateAccessControlRule(AdminDomainRef domain_ref, String type_id, String state_key, WTPrincipalReference principal_ref, Vector grant_permissions, Vector deny_permissions) Updates an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SERVER

static final boolean SERVER

FC_RESOURCE

private static final String FC_RESOURCE

See Also:

Constant Field Values

CLASSNAME

private static final String CLASSNAME

Constructor Detail

AccessControlManagerFwd

public AccessControlManagerFwd()

Method Detail

getManager

private static Manager getManager()
                           throws WTException

Returns:

Manager

Throws:

WTException

checkAccess

public boolean checkAccess(Object object,
                           AccessPermission permission)
                    throws WTException

Determines whether the current principal has a given permission on a given object. Emits the AccessControlEvent.NOT_AUTHORIZED event for auditing purposes and throws a NotAuthorizedException if this is not the case.

Supported API: false

Specified by:

checkAccess in interface AccessControlManager

Parameters:

object -

permission -

Returns:

boolean

Throws:

WTException

checkAccess

public void checkAccess(WTCollection objects,
                        AccessPermission permission)
                 throws WTException

Determines whether the current principal has a given permission on a collection of objects. Emits the AccessControlEvent.NOT_AUTHORIZED event for auditing purposes and throws a NotAuthorizedException if this is not the case.

Supported API: false

Specified by:

checkAccess in interface AccessControlManager

Parameters:

objects -

permission -

Throws:

WTException

checkAccess

public boolean checkAccess(Object object,
                           String permission)
                    throws WTException

Deprecated.

Determines whether the current principal has a given permission on a given object. Emits the AccessControlEvent.NOT_AUTHORIZED event for auditing purposes and throws a NotAuthorizedException if this is not the case.

Supported API: false

Specified by:

checkAccess in interface AccessControlManager

Parameters:

object -

permission -

Returns:

boolean

Throws:

WTException

See Also:

checkAccess(Object object, AccessPermission permission)

checkAccess

public void checkAccess(AdminDomainRef domain_ref,
                        String type_id,
                        AccessPermission permission)
                 throws WTException

Checks if the current principal has the given access permission over a given type in a given domain (irrespective of state). Emits the AccessControlEvent.NOT_AUTHORIZED event for auditing purposes and throws a NotAuthorizedException if this is not the case.

The access is evaluated only taking into account access policies. For a specific object this is only part of the answer as the object may be ad hoc controlled and have an ad hoc ACL that provides additional access rights.

Supported API: false

Specified by:

checkAccess in interface AccessControlManager

Parameters:

domain_ref -

type_id -

permission -

Throws:

WTException

hasAccess

public boolean hasAccess(Object object,
                         AccessPermission permission)
                  throws WTException

Determines whether the current principal has the given access permission over the object passed as argument. Returns true if this is the case, false otherwise.

Supported API: false

Specified by:

hasAccess in interface AccessControlManager

Parameters:

object -

permission -

Returns:

boolean

Throws:

WTException

hasAccess

public boolean hasAccess(WTCollection objects,
                         AccessPermission permission)
                  throws WTException

Determines whether the current principal has the given access permission over the collection of objects passed as argument. Returns true if this is the case, false otherwise.

Supported API: false

Specified by:

hasAccess in interface AccessControlManager

Parameters:

objects -

permission -

Returns:

boolean

Throws:

WTException

hasAccess

public boolean hasAccess(Object object,
                         String permission)
                  throws WTException

Deprecated.

Determines whether the current principal has the given access permission over the object passed as argument. Returns true if this is the case, false otherwise.

Supported API: false

Specified by:

hasAccess in interface AccessControlManager

Parameters:

object -

permission -

Returns:

boolean

Throws:

WTException

See Also:

hasAccess(Object object, AccessPermission permission)

hasAccess

public boolean hasAccess(WTPrincipal user,
                         Object object,
                         AccessPermission permission)
                  throws WTException

Determines whether the given principal has the given access permission over the object passed as argument. Returns true if this is the case, false otherwise.

Supported API: false

Specified by:

hasAccess in interface AccessControlManager

Parameters:

user -

object -

permission -

Returns:

boolean

Throws:

WTException

hasAccess

public boolean hasAccess(WTPrincipal principal,
                         WTCollection objects,
                         AccessPermission permission)
                  throws WTException

Determines whether the given principal has the given access permission over the collection of objects passed as argument. Returns true if this is the case, false otherwise.

Supported API: false

Specified by:

hasAccess in interface AccessControlManager

Parameters:

principal -

objects -

permission -

Returns:

boolean

Throws:

WTException

hasAccess

public boolean hasAccess(WTPrincipal user,
                         Object object,
                         String permission)
                  throws WTException

Deprecated.

Determines whether the given principal has the given access permission over the object passed as argument. Returns true if this is the case, false otherwise.

Supported API: false

Specified by:

hasAccess in interface AccessControlManager

Parameters:

user -

object -

permission -

Returns:

boolean

Throws:

WTException

See Also:

hasAccess(WTPrincipal user, Object object, AccessPermission permission)

hasAccess

public boolean hasAccess(WTPrincipal user,
                         String type_id,
                         AdminDomainRef domain_ref,
                         State state,
                         AccessPermission permission)
                  throws WTException

Determines whether the given principal has the given access permission over a given type in a given domain and state. Returns true if this is the case, false otherwise. The access is evaluated only taking into account access policies. For a specific object this is only part of the answer as the object may be ad hoc controlled and have an ad hoc ACL that provides additional access rights.

Supported API: false

Specified by:

hasAccess in interface AccessControlManager

Parameters:

user -

type_id -

domain_ref -

state -

permission -

Returns:

boolean

Throws:

WTException

hasAccess

public boolean hasAccess(WTPrincipal user,
                         String type_id,
                         AdminDomainRef domain_ref,
                         State state,
                         String permission)
                  throws WTException

Deprecated.

Determines whether the given principal has the given access permission over a given type in a given domain and state. Returns true if this is the case, false otherwise. The access is evaluated only taking into account access policies. For a specific object this is only part of the answer as the object may be ad hoc controlled and have an ad hoc ACL that provides additional access rights.

Supported API: false

Specified by:

hasAccess in interface AccessControlManager

Parameters:

user -

type_id -

domain_ref -

state -

permission -

Returns:

boolean

Throws:

WTException

See Also:

hasAccess(WTPrincipal user, String type_id, AdminDomainRef domain_ref, State state, AccessPermission permission)

filterObjects

public ObjectVectorIfc filterObjects(ObjectVectorIfc objects,
                                     AccessPermission permission)
                              throws WTException

Given a set of objects, this method constructs and returns a new set containing only objects where the current principal is granted the permission to these objects.

This method can be used to filter out objects for which the user has no read access after a query is performed.

Supported API: false

Specified by:

filterObjects in interface AccessControlManager

Parameters:

objects -

permission -

Returns:

ObjectVectorIfc

Throws:

WTException

filterObjects

public QueryResult filterObjects(QueryResult objects,
                                 AccessPermission permission)
                          throws WTException

Given a set of objects (stored as a QueryResult), this method constructs and returns a new set containing only objects where the current principal is granted the permission to these objects.

This method can be used to filter out objects for which the user has no read access after a database query is performed.

Supported API: false

Specified by:

filterObjects in interface AccessControlManager

Parameters:

objects -

permission -

Returns:

QueryResult

Throws:

WTException

filterObjects

public QueryResult filterObjects(QueryResult objects,
                                 String permission)
                          throws WTException

Deprecated.

Given a set of objects (stored as a QueryResult), this method constructs and returns a new set containing only objects where the current principal is granted the permission to these objects.

This method can be used to filter out objects for which the user has no read access after a database query is performed.

Supported API: false

Specified by:

filterObjects in interface AccessControlManager

Parameters:

objects -

permission -

Returns:

QueryResult

Throws:

WTException

See Also:

filterObjects(QueryResult objects, AccessPermission permission)

createAccessControlRule

public void createAccessControlRule(AdminDomainRef domain_ref,
                                    String type_id,
                                    String state_key,
                                    WTPrincipalReference principal_ref,
                                    Vector grant_permissions,
                                    Vector deny_permissions)
                             throws WTException

Creates an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.

Supported API: false

Specified by:

createAccessControlRule in interface AccessControlManager

Parameters:

domain_ref - reference to the domain the rule is for

type_id - logical or persisted type identifier

state_key - life cycle state key (State.toString() value, or null for all states)

principal_ref - reference to a principal

grant_permissions - Vector of permissions (AccessPermission) to grant

deny_permissions - Vector of permissions (AccessPermission) to deny

Throws:

WTException

See Also:

AccessPermission

createAccessControlRule

public void createAccessControlRule(AdminDomainRef domain_ref,
                                    String type_id,
                                    String state_key,
                                    WTPrincipalReference principal_ref,
                                    boolean grant,
                                    Vector permissions)
                             throws WTException

Creates an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.

Supported API: false

Specified by:

createAccessControlRule in interface AccessControlManager

Parameters:

domain_ref - reference to the domain the rule is for

type_id - logical or persisted type identifier

state_key - life cycle state key (State.toString() value, or null for all states)

principal_ref - reference to a principal

grant - true = grant, false = deny

permissions - Vector of permissions (AccessPermission)

Throws:

WTException

See Also:

AccessPermission

deleteAccessControlRule

public void deleteAccessControlRule(AdminDomainRef domain_ref,
                                    String type_id,
                                    String state_key,
                                    WTPrincipalReference principal_ref)
                             throws WTException

Deletes an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain. Deletes any permissions granted and any permissions denied to the principal.

Supported API: false

Specified by:

deleteAccessControlRule in interface AccessControlManager

Parameters:

domain_ref - reference to the domain the rule is for

type_id - logical or persisted type identifier

state_key - life cycle state key (State.toString() value, or null for all states)

principal_ref - reference to a principal

Throws:

WTException

deleteAccessControlRules

public void deleteAccessControlRules(AdminDomainRef domain_ref)
                              throws WTException

Deletes all access control rules within a domain.

This method is intended for testing purposes only, to support automated tests that need to reinitialize the testing environment.

Supported API: false

Specified by:

deleteAccessControlRules in interface AccessControlManager

Parameters:

domain_ref - reference to the domain the rule is for

Throws:

WTException

getAccessControlRule

public EnumeratorVector[] getAccessControlRule(AdminDomainRef domain_ref,
                                               String type_id,
                                               String state_key,
                                               WTPrincipalReference principal_ref)
                                        throws WTException

Gets an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain. Returns an EnumeratorVector array where the first element contains any permissions granted and the second element contains any permissions denied to the principal.

Supported API: false

Specified by:

getAccessControlRule in interface AccessControlManager

Parameters:

domain_ref - reference to the domain the rule is for

type_id - logical or persisted type identifier

state_key - life cycle state key (State.toString() value, or null for all states)

principal_ref - reference to a principal

Returns:

EnumeratorVector[]

Throws:

WTException

updateAccessControlRule

public void updateAccessControlRule(AdminDomainRef domain_ref,
                                    String type_id,
                                    String state_key,
                                    WTPrincipalReference principal_ref,
                                    Vector grant_permissions,
                                    Vector deny_permissions)
                             throws WTException

Updates an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.

Supported API: false

Specified by:

updateAccessControlRule in interface AccessControlManager

Parameters:

domain_ref - reference to the domain the rule is for

type_id - logical or persisted type identifier

state_key - life cycle state key (State.toString() value, or null for all states)

principal_ref - reference to a principal

grant_permissions - Vector of permissions (AccessPermission) to grant

deny_permissions - Vector of permissions (AccessPermission) to deny

Throws:

WTException

See Also:

AccessPermission

updateAccessControlRule

public void updateAccessControlRule(AdminDomainRef domain_ref,
                                    String type_id,
                                    String state_key,
                                    WTPrincipalReference principal_ref,
                                    boolean grant,
                                    Vector permissions)
                             throws WTException

Updates an access control rule defining the rights of a principal to access objects of a specified type and state, within a domain.

Supported API: false

Specified by:

updateAccessControlRule in interface AccessControlManager

Parameters:

domain_ref - reference to the domain the rule is for

type_id - logical or persisted type identifier

state_key - life cycle state key (State.toString() value, or null for all states)

principal_ref - reference to a principal

grant - true = grant, false = deny

permissions - Vector of permissions (AccessPermission)

Throws:

WTException

See Also:

AccessPermission

getPolicyAcl

public PolicyAcl getPolicyAcl(AccessSelector selector)
                       throws WTException

Returns the policy acl for the given selector.

Supported API: false

Specified by:

getPolicyAcl in interface AccessControlManager

Parameters:

selector -

Returns:

PolicyAcl

Throws:

WTException

getAccessPolicyRule

public AccessPolicyRule getAccessPolicyRule(AccessSelector selector)
                                     throws WTException

Returns the access policy rule for the specified selector. Returns null if the rule doesn't exist.

Supported API: false

Specified by:

getAccessPolicyRule in interface AccessControlManager

Parameters:

selector -

Returns:

AccessPolicyRule

Throws:

WTException

getAccessPolicyRules

public Enumeration getAccessPolicyRules(AdminDomainRef domain_ref)
                                 throws WTException

Returns all the access policy rules for the specified domain in the form of an enumeration.

Supported API: false

Specified by:

getAccessPolicyRules in interface AccessControlManager

Parameters:

domain_ref -

Returns:

Enumeration

Throws:

WTException

getSurrogateAttributes

public Hashtable getSurrogateAttributes(Class a_targetClass)
                                 throws WTException

Indicates which attributes are necessary for making the access control decision on an object of the given class. For example, when making a policy access control decision for a LifeCycleManaged object, the object's state attribute must be checked. The returned attributes are in the form of a Hashtable where the keys are the surrogate column descriptor names and the values are the associated target class column descriptor names.

Supported API: false

Specified by:

getSurrogateAttributes in interface AccessControlManager

Parameters:

a_targetClass -

Returns:

Hashtable

Throws:

WTException

addPermission

public AdHocControlled addPermission(AdHocControlled obj,
                                     WTPrincipalReference principal_ref,
                                     AccessPermission permission,
                                     AdHocAccessKey owner_key)
                              throws WTException

Adds an ad hoc access control rule granting a principal the specified permission to an object. If a rule with the specified owner already exists for the principal, the permission is added to the set of permissions already granted. If the principal already has the specified permission, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

addPermission in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permission - permission to be granted

owner_key - key identifying the rule's owner

Returns:

AdHocControlled

Throws:

WTException

addPermission

public AdHocControlled addPermission(AdHocControlled obj,
                                     WTPrincipalReference principal_ref,
                                     AccessPermission permission,
                                     AdHocAccessKey owner_key,
                                     long owner_id)
                              throws WTException

Adds an ad hoc access control rule granting a principal the specified permission to an object. If a rule with the specified owner already exists for the principal, the permission is added to the set of permissions already granted. If the principal already has the specified permission, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

addPermission in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permission - permission to be granted

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Returns:

AdHocControlled

Throws:

WTException

addPermissions

public AdHocControlled addPermissions(AdHocControlled obj,
                                      WTPrincipalReference principal_ref,
                                      Vector permissions,
                                      AdHocAccessKey owner_key)
                               throws WTException

Adds an ad hoc access control rule granting a principal the specified permissions to an object. If a rule with the specified owner already exists for the principal, the permissions are added to the set of permissions already granted. If the principal already has the specified permissions, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

addPermissions in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permissions - permissions to be granted (Vector of AccessPermission)

owner_key - key identifying the rule's owner

Returns:

AdHocControlled

Throws:

WTException

addPermissions

public AdHocControlled addPermissions(AdHocControlled obj,
                                      WTPrincipalReference principal_ref,
                                      Vector permissions,
                                      AdHocAccessKey owner_key,
                                      long owner_id)
                               throws WTException

Adds an ad hoc access control rule granting a principal the specified permissions to an object. If a rule with the specified owner already exists for the principal, the permissions are added to the set of permissions already granted. If the principal already has the specified permissions, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

addPermissions in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permissions - permissions to be granted (Vector of AccessPermission)

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Returns:

AdHocControlled

Throws:

WTException

copyPermissions

public AdHocControlled copyPermissions(AdHocControlled source,
                                       AdHocControlled target,
                                       AdHocAccessKey owner_key)
                                throws WTException

Copies permissions from a source object to a target object. Only those enabled ad hoc access control rules with the specified owner are copied. If rules with the owner already exist for the target object, the copied permissions replace any previously granted. If the source object has no ad hoc rules, this method returns without making any changes.

Note: The source object must be persistent. If the target object is persistent, this method must be called from within a transaction that includes an update to the target object.

Supported API: false

Specified by:

copyPermissions in interface AccessControlManager

Parameters:

source - source object

target - target object

owner_key - key identifying the rule's owner

Returns:

AdHocControlled

Throws:

WTException

copyPermissions

public AdHocControlled copyPermissions(AdHocControlled source,
                                       AdHocControlled target,
                                       AdHocAccessKey owner_key,
                                       long owner_id)
                                throws WTException

Copies permissions from a source object to a target object. Only those enabled ad hoc access control rules with the specified owner are copied. If rules with the owner already exist for the target object, the copied permissions replace any previously granted. If the source object has no ad hoc rules, this method returns without making any changes.

Note: The source object must be persistent. If the target object is persistent, this method must be called from within a transaction that includes an update to the target object.

Supported API: false

Specified by:

copyPermissions in interface AccessControlManager

Parameters:

source - source object

target - target object

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Returns:

AdHocControlled

Throws:

WTException

getPermissions

public EnumeratorVector getPermissions(AdHocControlled obj,
                                       WTPrincipalReference principal_ref,
                                       AdHocAccessKey owner_key)
                                throws WTException

Returns the permissions (EnumeratorVector of AccessPermission) granted to a principal for an object, by an ad hoc access control rule with a specified owner.

Supported API: false

Specified by:

getPermissions in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal whose permissions are to be returned

owner_key - key identifying the rule's owner

Returns:

EnumeratorVector

Throws:

WTException

getPermissions

public EnumeratorVector getPermissions(AdHocControlled obj,
                                       WTPrincipalReference principal_ref,
                                       AdHocAccessKey owner_key,
                                       long owner_id)
                                throws WTException

Returns the permissions (EnumeratorVector of AccessPermission) granted to a principal for an object, by an ad hoc access control rule with a specified owner.

Supported API: false

Specified by:

getPermissions in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal whose permissions are to be returned

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Returns:

EnumeratorVector

Throws:

WTException

removePermission

public AdHocControlled removePermission(AdHocControlled obj,
                                        WTPrincipalReference principal_ref,
                                        AccessPermission permission,
                                        AdHocAccessKey owner_key)
                                 throws WTException

Removes the specified permission from the set of permissions granted to a principal for an object. If AccessPermission.ALL is specified, all permissions are removed. If no permissions remain, the ad hoc access control rule for the principal is removed. The permission is only removed from a rule with the specified owner. If there is no matching rule, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

removePermission in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permission - permission to be removed

owner_key - key identifying the rule's owner

Returns:

AdHocControlled

Throws:

WTException

removePermission

public AdHocControlled removePermission(AdHocControlled obj,
                                        WTPrincipalReference principal_ref,
                                        AccessPermission permission,
                                        AdHocAccessKey owner_key,
                                        long owner_id)
                                 throws WTException

Removes the specified permission from the set of permissions granted to a principal for an object. If AccessPermission.ALL is specified, all permissions are removed. If no permissions remain, the ad hoc access control rule for the principal is removed. The permission is only removed from a rule with the specified owner. If there is no matching rule, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

removePermission in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permission - permission to be removed

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Returns:

AdHocControlled

Throws:

WTException

removePermissions

public AdHocControlled removePermissions(AdHocControlled obj,
                                         WTPrincipalReference principal_ref,
                                         Vector permissions,
                                         AdHocAccessKey owner_key)
                                  throws WTException

Removes the specified permissions from the set of permissions granted to a principal for an object. If AccessPermission.ALL is specified, all permissions are removed. If no permissions remain, the ad hoc access control rule for the principal is removed. The permissions are only removed from a rule with the specified owner. If there is no matching rule, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

removePermissions in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permissions - permissions to be removed (Vector of AccessPermission)

owner_key - key identifying the rule's owner

Returns:

AdHocControlled

Throws:

WTException

removePermissions

public AdHocControlled removePermissions(AdHocControlled obj,
                                         WTPrincipalReference principal_ref,
                                         Vector permissions,
                                         AdHocAccessKey owner_key,
                                         long owner_id)
                                  throws WTException

Removes the specified permissions from the set of permissions granted to a principal for an object. If AccessPermission.ALL is specified, all permissions are removed. If no permissions remain, the ad hoc access control rule for the principal is removed. The permissions are only removed from a rule with the specified owner. If there is no matching rule, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

removePermissions in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permissions - permissions to be removed (Vector of AccessPermission)

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Returns:

AdHocControlled

Throws:

WTException

removePermissions

public AdHocControlled removePermissions(AdHocControlled obj,
                                         AdHocAccessKey owner_key)
                                  throws WTException

Removes all ad hoc access control rules with the specified owner. If there is no matching rule, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

removePermissions in interface AccessControlManager

Parameters:

obj - object the rules are for

owner_key - key identifying the rules' owner

Returns:

AdHocControlled

Throws:

WTException

removePermissions

public AdHocControlled removePermissions(AdHocControlled obj,
                                         AdHocAccessKey owner_key,
                                         long owner_id)
                                  throws WTException

Removes all ad hoc access control rules with the specified owner. If there is no matching rule, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

removePermissions in interface AccessControlManager

Parameters:

obj - object the rules are for

owner_key - key identifying the rules' owner

owner_id - identifier used by the rules' owner to qualify the key

Returns:

AdHocControlled

Throws:

WTException

setPermission

public AdHocControlled setPermission(AdHocControlled obj,
                                     WTPrincipalReference principal_ref,
                                     AccessPermission permission,
                                     AdHocAccessKey owner_key)
                              throws WTException

Adds an ad hoc access control rule granting a principal the specified permission to an object. If a rule with the specified owner already exists for the principal, the permission replaces the set of permissions previously granted. If the principal already has the specified permission and only that permission, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

setPermission in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permission - permission to be granted

owner_key - key identifying the rule's owner

Returns:

AdHocControlled

Throws:

WTException

setPermission

public AdHocControlled setPermission(AdHocControlled obj,
                                     WTPrincipalReference principal_ref,
                                     AccessPermission permission,
                                     AdHocAccessKey owner_key,
                                     long owner_id)
                              throws WTException

Adds an ad hoc access control rule granting a principal the specified permission to an object. If a rule with the specified owner already exists for the principal, the permission replaces the set of permissions previously granted. If the principal already has the specified permission and only that permission, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

setPermission in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permission - permission to be granted

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Returns:

AdHocControlled

Throws:

WTException

setPermissions

public AdHocControlled setPermissions(AdHocControlled obj,
                                      WTPrincipalReference principal_ref,
                                      Vector permissions,
                                      AdHocAccessKey owner_key)
                               throws WTException

Deprecated.

Adds an ad hoc access control rule granting a principal the specified permissions to an object. If a rule with the specified owner already exists for the principal, the permissions replace the set of permissions previously granted. If the principal already has the specified permissions and only those permissions, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

setPermissions in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permissions - permissions to be granted (Vector of AccessPermission)

owner_key - key identifying the rule's owner

Returns:

AdHocControlled

Throws:

WTException

See Also:

#setPermissions(List objects, List specifications, List principal_maps, AdHocAccessKey owner_key)

setPermissions

public AdHocControlled setPermissions(AdHocControlled obj,
                                      WTPrincipalReference principal_ref,
                                      Vector permissions,
                                      AdHocAccessKey owner_key,
                                      long owner_id)
                               throws WTException

Adds an ad hoc access control rule granting a principal the specified permissions to an object. If a rule with the specified owner already exists for the principal, the permissions are added to the set of permissions already granted. If the principal already has the specified permissions, this method returns without making any changes.

Note: If the object is persistent, this method must be called from within a transaction that includes an update to the object.

Supported API: false

Specified by:

setPermissions in interface AccessControlManager

Parameters:

obj - object the rule is for

principal_ref - principal the permission applies to

permissions - permissions to be granted (Vector of AccessPermission)

owner_key - key identifying the rule's owner

owner_id - identifier used by the rule's owner to qualify the key

Returns:

AdHocControlled

Throws:

WTException

showPermissions

public String showPermissions(AdHocControlled obj)
                       throws WTException

Returns a string representation of the ad hoc access control rules for the specified object.

Supported API: false

Specified by:

showPermissions in interface AccessControlManager

Parameters:

obj - object to return rules for

Returns:

String

Throws:

WTException

getEntries

public Enumeration getEntries(AccessControlList obj)
                       throws WTException

Returns an Enumeration of access control entries for an wt.access.AccessControlLink object. All enabled entries are returned.

Supported API: false

Specified by:

getEntries in interface AccessControlManager

Parameters:

obj - object with a list of WTAclEntry objects

Returns:

Enumeration

Throws:

WTException

emitAccessEvent

public void emitAccessEvent(String event_type,
                            Object target,
                            AccessPermission permission,
                            WTMessage message)
                     throws WTException

Emits an access control event of a given type. Also passed as argument are the target object, the permisison and the message issued in case of not authorized events.

Supported API: false

Specified by:

emitAccessEvent in interface AccessControlManager

Parameters:

event_type -

target -

permission -

message -

Throws:

WTException