org.apereo.portal.security.provider

Class AuthorizationImpl

java.lang.Object

org.apereo.portal.security.provider.AuthorizationImpl

All Implemented Interfaces:

org.apereo.portal.security.IAuthorizationService

@Service(value="authorizationService")
public class AuthorizationImpl
extends java.lang.Object
implements org.apereo.portal.security.IAuthorizationService

Field Summary

Fields

Modifier and Type	Field and Description
protected org.slf4j.Logger	logger Instance of log in order to log events.

Constructor Summary

Constructors

Constructor and Description
AuthorizationImpl()

Method Summary

Modifier and Type	Method and Description
void	addPermissions(org.apereo.portal.security.IPermission[] permissions) Adds IPermissions to the back end store.
protected void	cacheAdd(org.apereo.portal.security.IPermissionSet ps) Adds the IPermissionSet to the entity cache.
protected org.apereo.portal.security.IPermissionSet	cacheGet(org.apereo.portal.security.IAuthorizationPrincipal principal) Retrieves the IPermissionSet for the IPermissionSet from the entity cache.
protected void	cacheRemove(org.apereo.portal.security.IAuthorizationPrincipal ap) Removes the IPermissionSet for this principal from the entity cache.
boolean	canPrincipalBrowse(org.apereo.portal.security.IAuthorizationPrincipal principal, org.apereo.portal.portlet.om.IPortletDefinition portlet)
boolean	canPrincipalBrowse(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String portletDefinitionId)
boolean	canPrincipalConfigure(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String portletDefinitionId)
boolean	canPrincipalManage(org.apereo.portal.security.IAuthorizationPrincipal principal, org.apereo.portal.portlet.om.PortletLifecycleState state, java.lang.String categoryId) This checks if the framework has granted principal a right to publish.
boolean	canPrincipalManage(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String portletDefinitionId) Answers if the principal has permission to MANAGE this Channel.
boolean	canPrincipalRender(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String portletDefinitionId) Answers if the principal has permission to RENDER this Channel.
boolean	canPrincipalSubscribe(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String portletDefinitionId) Answers if the principal has permission to SUBSCRIBE to this Channel.
boolean	doesPrincipalHavePermission(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target) Answers if the owner has given the principal (or any of its parents) permission to perform the activity on the target.
boolean	doesPrincipalHavePermission(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target, org.apereo.portal.security.IPermissionPolicy policy) Answers if the owner has given the principal permission to perform the activity on the target, as evaluated by the policy.
org.apereo.portal.security.IPermission[]	getAllPermissionsForPrincipal(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target) Returns the IPermissions owner has granted this Principal for the specified activity and target.
org.apereo.portal.security.IAuthorizationPrincipal[]	getAuthorizedPrincipals(java.lang.String owner, java.lang.String activity, java.lang.String target) Returns IAuthorizationPrincipals that have IPermissions for the given owner, activity and target.
protected org.apereo.portal.security.IPermissionPolicy	getDefaultPermissionPolicy()
org.apereo.portal.groups.IGroupMember	getGroupMember(org.apereo.portal.security.IAuthorizationPrincipal principal)
org.apereo.portal.security.IPermission[]	getPermissionsForOwner(java.lang.String owner, java.lang.String activity, java.lang.String target) Returns the IPermissions owner has granted for the specified activity and target.
org.apereo.portal.security.IPermission[]	getPermissionsForPrincipal(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target) Returns the IPermissions owner has granted this Principal for the specified activity and target.
org.apereo.portal.security.IPermission[]	getPermissionsForTarget(java.lang.String owner, java.lang.String target)
org.apereo.portal.security.IAuthorizationPrincipal	getPrincipal(org.apereo.portal.security.IPermission permission) Returns IAuthorizationPrincipal associated with the IPermission.
java.lang.String	getPrincipalString(org.apereo.portal.security.IAuthorizationPrincipal principal) Returns the String used by an IPermission to represent an IAuthorizationPrincipal.
org.apereo.portal.security.IPermission[]	getUncachedPermissionsForPrincipal(org.apereo.portal.security.IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target) Returns the IPermissions owner has granted this Principal for the specified activity and target.
org.apereo.portal.security.IPermission	newPermission(java.lang.String owner, org.apereo.portal.security.IAuthorizationPrincipal principal) Factory method for an IPermission.
org.apereo.portal.security.IPermissionManager	newPermissionManager(java.lang.String owner) Factory method for IPermissionManager.
org.apereo.portal.security.IAuthorizationPrincipal	newPrincipal(org.apereo.portal.groups.IGroupMember groupMember) Converts an IGroupMember into an IAuthorizationPrincipal.
org.apereo.portal.security.IAuthorizationPrincipal	newPrincipal(java.lang.String key, java.lang.Class type) Factory method for IAuthorizationPrincipal.
org.apereo.portal.security.IUpdatingPermissionManager	newUpdatingPermissionManager(java.lang.String owner) Factory method for IUpdatingPermissionManager.
void	removePermissions(org.apereo.portal.security.IPermission[] permissions) Removes IPermissions from the back end store.
void	setCachePermissions(boolean cachePermissions)
void	setDefaultPermissionPolicy(org.apereo.portal.security.IPermissionPolicy newDefaultPermissionPolicy)
void	setDoesPrincipalHavePermissionCache(net.sf.ehcache.Ehcache doesPrincipalHavePermissionCache)
void	setEntityParentsCache(net.sf.ehcache.Ehcache entityParentsCache)
void	setNonEntityPermissionTargetProviders(java.util.Set<java.lang.String> nonEntityPermissionTargetProviders)
void	setPermissionOwner(IPermissionOwnerDao permissionOwner)
void	setPermissionStore(org.apereo.portal.security.IPermissionStore permissionStore)
void	setPortletDefinitionRegistry(org.apereo.portal.portlet.registry.IPortletDefinitionRegistry portletDefinitionRegistry)
void	setPrincipalCache(net.sf.ehcache.Ehcache principalCache)
void	updatePermissions(org.apereo.portal.security.IPermission[] permissions) Updates IPermissions in the back end store.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.slf4j.Logger logger

Instance of log in order to log events.

Constructor Detail

AuthorizationImpl

public AuthorizationImpl()

Method Detail

setDefaultPermissionPolicy

@Autowired
public void setDefaultPermissionPolicy(org.apereo.portal.security.IPermissionPolicy newDefaultPermissionPolicy)

setPermissionStore

@Autowired
public void setPermissionStore(org.apereo.portal.security.IPermissionStore permissionStore)

setCachePermissions

@Value(value="${org.apereo.portal.security.IAuthorizationService.cachePermissions}")
public void setCachePermissions(boolean cachePermissions)

setPrincipalCache

@Autowired
public void setPrincipalCache(@Qualifier(value="org.apereo.portal.security.provider.AuthorizationImpl.AUTH_PRINCIPAL_CACHE")
                                         net.sf.ehcache.Ehcache principalCache)

setEntityParentsCache

@Autowired
public void setEntityParentsCache(@Qualifier(value="org.apereo.portal.security.provider.AuthorizationImpl.ENTITY_PARENTS_CACHE")
                                             net.sf.ehcache.Ehcache entityParentsCache)

setDoesPrincipalHavePermissionCache

@Autowired
public void setDoesPrincipalHavePermissionCache(@Qualifier(value="org.apereo.portal.security.provider.AuthorizationImpl.PRINCIPAL_HAS_PERMISSION")
                                                           net.sf.ehcache.Ehcache doesPrincipalHavePermissionCache)

setPortletDefinitionRegistry

@Autowired
public void setPortletDefinitionRegistry(org.apereo.portal.portlet.registry.IPortletDefinitionRegistry portletDefinitionRegistry)

setPermissionOwner

@Autowired
public void setPermissionOwner(IPermissionOwnerDao permissionOwner)

setNonEntityPermissionTargetProviders

public void setNonEntityPermissionTargetProviders(java.util.Set<java.lang.String> nonEntityPermissionTargetProviders)

addPermissions

public void addPermissions(org.apereo.portal.security.IPermission[] permissions)
                    throws org.apereo.portal.AuthorizationException

Adds IPermissions to the back end store.

Specified by:

addPermissions in interface org.apereo.portal.security.IAuthorizationService

Parameters:

permissions - IPermission[]

Throws:

org.apereo.portal.AuthorizationException

cacheAdd

protected void cacheAdd(org.apereo.portal.security.IPermissionSet ps)
                 throws org.apereo.portal.AuthorizationException

Adds the IPermissionSet to the entity cache.

Throws:

org.apereo.portal.AuthorizationException

cacheGet

protected org.apereo.portal.security.IPermissionSet cacheGet(org.apereo.portal.security.IAuthorizationPrincipal principal)
                                                      throws org.apereo.portal.AuthorizationException

Retrieves the IPermissionSet for the IPermissionSet from the entity cache.

Throws:

org.apereo.portal.AuthorizationException

cacheRemove

protected void cacheRemove(org.apereo.portal.security.IAuthorizationPrincipal ap)
                    throws org.apereo.portal.AuthorizationException

Removes the IPermissionSet for this principal from the entity cache.

Throws:

org.apereo.portal.AuthorizationException

canPrincipalConfigure

public boolean canPrincipalConfigure(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                     java.lang.String portletDefinitionId)
                              throws org.apereo.portal.AuthorizationException

Specified by:

canPrincipalConfigure in interface org.apereo.portal.security.IAuthorizationService

Throws:

org.apereo.portal.AuthorizationException

canPrincipalManage

public boolean canPrincipalManage(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                  java.lang.String portletDefinitionId)
                           throws org.apereo.portal.AuthorizationException

Answers if the principal has permission to MANAGE this Channel.

Specified by:

canPrincipalManage in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - IAuthorizationPrincipal The user who wants to manage the portlet

portletDefinitionId - The Id of the portlet being managed

Returns:

True if the specified user is allowed to manage the specified portlet; otherwise false

Throws:

org.apereo.portal.AuthorizationException - indicates authorization information could not be retrieved.

canPrincipalManage

public boolean canPrincipalManage(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                  org.apereo.portal.portlet.om.PortletLifecycleState state,
                                  java.lang.String categoryId)
                           throws org.apereo.portal.AuthorizationException

This checks if the framework has granted principal a right to publish. DO WE WANT SOMETHING THIS COARSE (de)?

Specified by:

canPrincipalManage in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - IAuthorizationPrincipal

Returns:

boolean

Throws:

org.apereo.portal.AuthorizationException

canPrincipalRender

public boolean canPrincipalRender(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                  java.lang.String portletDefinitionId)
                           throws org.apereo.portal.AuthorizationException

Answers if the principal has permission to RENDER this Channel. This implementation currently delegates to the SUBSCRIBE permission.

Specified by:

canPrincipalRender in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - IAuthorizationPrincipal

portletDefinitionId -

Returns:

boolean

Throws:

org.apereo.portal.AuthorizationException - indicates authorization information could not be retrieved.

canPrincipalBrowse

public boolean canPrincipalBrowse(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                  java.lang.String portletDefinitionId)

Specified by:

canPrincipalBrowse in interface org.apereo.portal.security.IAuthorizationService

canPrincipalBrowse

public boolean canPrincipalBrowse(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                  org.apereo.portal.portlet.om.IPortletDefinition portlet)

Specified by:

canPrincipalBrowse in interface org.apereo.portal.security.IAuthorizationService

canPrincipalSubscribe

public boolean canPrincipalSubscribe(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                     java.lang.String portletDefinitionId)

Answers if the principal has permission to SUBSCRIBE to this Channel.

Specified by:

canPrincipalSubscribe in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - IAuthorizationPrincipal

portletDefinitionId -

Returns:

boolean

Throws:

org.apereo.portal.AuthorizationException - indicates authorization information could not be retrieved.

doesPrincipalHavePermission

public boolean doesPrincipalHavePermission(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                           java.lang.String owner,
                                           java.lang.String activity,
                                           java.lang.String target)
                                    throws org.apereo.portal.AuthorizationException

Answers if the owner has given the principal (or any of its parents) permission to perform the activity on the target. Params owner and activity must be non-null. If target is null, then target is not checked.

Specified by:

doesPrincipalHavePermission in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - IAuthorizationPrincipal

owner - java.lang.String

activity - java.lang.String

target - java.lang.String

Returns:

boolean

Throws:

org.apereo.portal.AuthorizationException - indicates authorization information could not be retrieved.

doesPrincipalHavePermission

public boolean doesPrincipalHavePermission(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                           java.lang.String owner,
                                           java.lang.String activity,
                                           java.lang.String target,
                                           org.apereo.portal.security.IPermissionPolicy policy)
                                    throws org.apereo.portal.AuthorizationException

Answers if the owner has given the principal permission to perform the activity on the target, as evaluated by the policy. Params policy, owner and activity must be non-null.

Specified by:

doesPrincipalHavePermission in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - IAuthorizationPrincipal

owner - java.lang.String

activity - java.lang.String

target - java.lang.String

Returns:

boolean

Throws:

org.apereo.portal.AuthorizationException - indicates authorization information could not be retrieved.

getAllPermissionsForPrincipal

public org.apereo.portal.security.IPermission[] getAllPermissionsForPrincipal(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                                                              java.lang.String owner,
                                                                              java.lang.String activity,
                                                                              java.lang.String target)
                                                                       throws org.apereo.portal.AuthorizationException

Returns the IPermissions owner has granted this Principal for the specified activity and target. Null parameters will be ignored, that is, all IPermissions matching the non-null parameters are retrieved. So, getPermissions(principal,null, null, null) should retrieve all IPermissions for a Principal. Note that this includes IPermissions inherited from groups the Principal belongs to.

Specified by:

getAllPermissionsForPrincipal in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - IAuthorizationPrincipal

owner - java.lang.String

activity - java.lang.String

target - java.lang.String

Returns:

org.apereo.portal.security.IPermission[]

Throws:

org.apereo.portal.AuthorizationException - indicates authorization information could not be retrieved.

getAuthorizedPrincipals

public org.apereo.portal.security.IAuthorizationPrincipal[] getAuthorizedPrincipals(java.lang.String owner,
                                                                                    java.lang.String activity,
                                                                                    java.lang.String target)
                                                                             throws org.apereo.portal.AuthorizationException

Returns IAuthorizationPrincipals that have IPermissions for the given owner, activity and target.

Parameters:

owner -

activity -

target -

Returns:

IAuthorizationPrincipal[]

Throws:

org.apereo.portal.AuthorizationException

getDefaultPermissionPolicy

protected org.apereo.portal.security.IPermissionPolicy getDefaultPermissionPolicy()

Returns:

org.apereo.portal.security.IPermissionPolicy

getGroupMember

public org.apereo.portal.groups.IGroupMember getGroupMember(org.apereo.portal.security.IAuthorizationPrincipal principal)
                                                     throws org.apereo.portal.groups.GroupsException

Specified by:

getGroupMember in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - org.apereo.portal.security.IAuthorizationPrincipal

Returns:

org.apereo.portal.groups.IGroupMember

Throws:

org.apereo.portal.groups.GroupsException

getPermissionsForOwner

public org.apereo.portal.security.IPermission[] getPermissionsForOwner(java.lang.String owner,
                                                                       java.lang.String activity,
                                                                       java.lang.String target)
                                                                throws org.apereo.portal.AuthorizationException

Returns the IPermissions owner has granted for the specified activity and target. Null parameters will be ignored, that is, all IPermissions matching the non-null parameters are retrieved.

Specified by:

getPermissionsForOwner in interface org.apereo.portal.security.IAuthorizationService

Parameters:

owner - java.lang.String

activity - java.lang.String

target - java.lang.String

Returns:

org.apereo.portal.security.IPermission[]

Throws:

org.apereo.portal.AuthorizationException - indicates authorization information could not be retrieved.

getPermissionsForPrincipal

public org.apereo.portal.security.IPermission[] getPermissionsForPrincipal(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                                                           java.lang.String owner,
                                                                           java.lang.String activity,
                                                                           java.lang.String target)
                                                                    throws org.apereo.portal.AuthorizationException

Returns the IPermissions owner has granted this Principal for the specified activity and target. Null parameters will be ignored, that is, all IPermissions matching the non-null parameters are retrieved. So, getPermissions(principal,null, null, null) should retrieve all IPermissions for a Principal.

Specified by:

getPermissionsForPrincipal in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - IAuthorizationPrincipal

owner - java.lang.String

activity - java.lang.String

target - java.lang.String

Returns:

org.apereo.portal.security.IPermission[]

Throws:

org.apereo.portal.AuthorizationException - indicates authorization information could not be retrieved.

getPermissionsForTarget

public org.apereo.portal.security.IPermission[] getPermissionsForTarget(java.lang.String owner,
                                                                        java.lang.String target)

getPrincipal

public org.apereo.portal.security.IAuthorizationPrincipal getPrincipal(org.apereo.portal.security.IPermission permission)
                                                                throws org.apereo.portal.AuthorizationException

Returns IAuthorizationPrincipal associated with the IPermission.

Specified by:

getPrincipal in interface org.apereo.portal.security.IAuthorizationService

Parameters:

permission - IPermission

Returns:

IAuthorizationPrincipal

Throws:

org.apereo.portal.AuthorizationException

getPrincipalString

public java.lang.String getPrincipalString(org.apereo.portal.security.IAuthorizationPrincipal principal)

Returns the String used by an IPermission to represent an IAuthorizationPrincipal.

Specified by:

getPrincipalString in interface org.apereo.portal.security.IAuthorizationService

Parameters:

principal - org.apereo.portal.security.IAuthorizationPrincipal

getUncachedPermissionsForPrincipal

public org.apereo.portal.security.IPermission[] getUncachedPermissionsForPrincipal(org.apereo.portal.security.IAuthorizationPrincipal principal,
                                                                                   java.lang.String owner,
                                                                                   java.lang.String activity,
                                                                                   java.lang.String target)
                                                                            throws org.apereo.portal.AuthorizationException

Returns the IPermissions owner has granted this Principal for the specified activity and target. Null parameters will be ignored, that is, all IPermissions matching the non-null parameters are retrieved. So, getPermissions(principal,null, null, null) should retrieve all IPermissions for a Principal. Ignore any cached IPermissions.

Parameters:

principal - IAuthorizationPrincipal

owner - java.lang.String

activity - java.lang.String

target - java.lang.String

Returns:

org.apereo.portal.security.IPermission[]

Throws:

org.apereo.portal.AuthorizationException - indicates authorization information could not be retrieved.

newPermission

public org.apereo.portal.security.IPermission newPermission(java.lang.String owner,
                                                            org.apereo.portal.security.IAuthorizationPrincipal principal)

Factory method for an IPermission.

Specified by:

newPermission in interface org.apereo.portal.security.IAuthorizationService

Parameters:

owner - String

principal - IAuthorizationPrincipal

Returns:

org.apereo.portal.security.IPermission

newPermissionManager

public org.apereo.portal.security.IPermissionManager newPermissionManager(java.lang.String owner)

Factory method for IPermissionManager.

Specified by:

newPermissionManager in interface org.apereo.portal.security.IAuthorizationService

Parameters:

owner - java.lang.String

Returns:

org.apereo.portal.security.IPermissionManager

newPrincipal

public org.apereo.portal.security.IAuthorizationPrincipal newPrincipal(java.lang.String key,
                                                                       java.lang.Class type)

Factory method for IAuthorizationPrincipal. First check the principal cache, and if not present, create the principal and cache it.

Specified by:

newPrincipal in interface org.apereo.portal.security.IAuthorizationService

Parameters:

key - java.lang.String

type - java.lang.Class

Returns:

org.apereo.portal.security.IAuthorizationPrincipal

newPrincipal

public org.apereo.portal.security.IAuthorizationPrincipal newPrincipal(org.apereo.portal.groups.IGroupMember groupMember)
                                                                throws org.apereo.portal.groups.GroupsException

Converts an IGroupMember into an IAuthorizationPrincipal.

Specified by:

newPrincipal in interface org.apereo.portal.security.IAuthorizationService

Parameters:

groupMember - org.apereo.portal.groups.IGroupMember

Returns:

org.apereo.portal.security.IAuthorizationPrincipal

Throws:

org.apereo.portal.groups.GroupsException

newUpdatingPermissionManager

public org.apereo.portal.security.IUpdatingPermissionManager newUpdatingPermissionManager(java.lang.String owner)

Factory method for IUpdatingPermissionManager.

Specified by:

newUpdatingPermissionManager in interface org.apereo.portal.security.IAuthorizationService

Parameters:

owner - java.lang.String

Returns:

org.apereo.portal.security.IUpdatingPermissionManager

removePermissions

public void removePermissions(org.apereo.portal.security.IPermission[] permissions)
                       throws org.apereo.portal.AuthorizationException

Removes IPermissions from the back end store.

Specified by:

removePermissions in interface org.apereo.portal.security.IAuthorizationService

Parameters:

permissions - IPermission[]

Throws:

org.apereo.portal.AuthorizationException

updatePermissions

public void updatePermissions(org.apereo.portal.security.IPermission[] permissions)
                       throws org.apereo.portal.AuthorizationException

Updates IPermissions in the back end store.

Specified by:

updatePermissions in interface org.apereo.portal.security.IAuthorizationService

Parameters:

permissions - IPermission[]

Throws:

org.apereo.portal.AuthorizationException