Interface SecurityManager
- All Known Implementing Classes:
DefaultSecurityManager
public interface SecurityManager
The SecurityManager applies security rules to
PersistentDomainObjects
or classes and grants or denies permissions.- Author:
- harald
-
Method Summary
Modifier and TypeMethodDescriptionevaluate(DomainContext context, Permission permission, int objectClassId, long objectId) Checks a permission for a PDO or a PDO class.evaluate(DomainContext context, Permission permission, Class<?> clazz) Checks a permission for a non-PDO class.voidInvalidate the manager.
The next request will re-initialize it.booleanDetermines whether this manager accepts by default.booleanDetermines whether this manager is enabled.voidremoveObsoleteRules(Session session) Removes obsolete rules.voidsetAcceptByDefault(boolean acceptByDefault) Sets the default behaviour for "no rules found" for theSecurityResultto "accepted".voidsetEnabled(boolean enabled) Enables or disables this security manager.
-
Method Details
-
evaluate
SecurityResult evaluate(DomainContext context, Permission permission, int objectClassId, long objectId) Checks a permission for a PDO or a PDO class.- Parameters:
context- the domain contextpermission- the requested permissionobjectClassId- the object class idobjectId- the identifiable id, 0 for all PDOs of that class- Returns:
- the SecurityResult
-
evaluate
Checks a permission for a non-PDO class.- Parameters:
context- the domain contextpermission- the requested permissionclazz- the class- Returns:
- the SecurityResult
-
invalidate
void invalidate()Invalidate the manager.
The next request will re-initialize it. -
removeObsoleteRules
Removes obsolete rules.Since the model has no relation to the security implementation, security rules may become obsolete if PDOs are deleted. This method will remove such obsolete rules.
- Parameters:
session- the session
-
isEnabled
boolean isEnabled()Determines whether this manager is enabled.- Returns:
- true if enabled.
-
setEnabled
void setEnabled(boolean enabled) Enables or disables this security manager.- Parameters:
enabled- true to enable the security manager- See Also:
-
isAcceptByDefault
boolean isAcceptByDefault()Determines whether this manager accepts by default.- Returns:
- true to accept if no matching rule is found
-
setAcceptByDefault
void setAcceptByDefault(boolean acceptByDefault) Sets the default behaviour for "no rules found" for theSecurityResultto "accepted". This is the default.Notice: setting both acceptByDefault and denyByDefault to false will return "neither accepted nor denied" security results if no rules fire.
- Parameters:
acceptByDefault- true ifSecurityResult.isAccepted()returns true if no rules found.
-