Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.ofbiz.security
Class Security

java.lang.Object
  extended by org.ofbiz.security.Security
Direct Known Subclasses:
OFBizSecurity
public abstract class Security
extends java.lang.Object

Security handler: This class is an abstract implementation for all commononly used security aspects.

Field Summary
static UtilCache<GenericValue,java.lang.Boolean> securityGroupPermissionCache
          UtilCache to cache whether or not a certain SecurityGroupPermission row exists or not.
static UtilCache<java.lang.String,java.util.List<GenericValue>> userLoginSecurityGroupByUserLoginId
          UtilCache to cache a Collection of UserLoginSecurityGroup entities for each UserLogin, by userLoginId.
 
Constructor Summary
Security()
           
 
Method Summary
abstract  java.util.Iterator<GenericValue> findUserLoginSecurityGroupByUserLoginId(java.lang.String userLoginId)
          Uses userLoginSecurityGroupByUserLoginId cache to speed up the finding of the userLogin's security group list.
 GenericDelegator getDelegator()
           
abstract  boolean hasEntityPermission(java.lang.String entity, java.lang.String action, HttpSession session)
          Like hasPermission above, except it has functionality specific to Entity permissions.
abstract  boolean hasPermission(java.lang.String permission, HttpSession session)
          Checks to see if the currently logged in userLogin has the passed permission.
abstract  boolean hasRolePermission(java.lang.String application, java.lang.String action, java.lang.String primaryKey, java.util.List<java.lang.String> roles, GenericValue userLogin)
          Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
abstract  boolean hasRolePermission(java.lang.String application, java.lang.String action, java.lang.String primaryKey, java.util.List<java.lang.String> roles, HttpSession session)
          Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
abstract  boolean hasRolePermission(java.lang.String application, java.lang.String action, java.lang.String primaryKey, java.lang.String role, HttpSession session)
          Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
abstract  boolean securityGroupPermissionExists(java.lang.String groupId, java.lang.String permission)
          Finds whether or not a SecurityGroupPermission row exists given a groupId and permission.
 void setDelegator(GenericDelegator delegator)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

userLoginSecurityGroupByUserLoginId

public static UtilCache<java.lang.String,java.util.List<GenericValue>> userLoginSecurityGroupByUserLoginId
UtilCache to cache a Collection of UserLoginSecurityGroup entities for each UserLogin, by userLoginId.

securityGroupPermissionCache

public static UtilCache<GenericValue,java.lang.Boolean> securityGroupPermissionCache
UtilCache to cache whether or not a certain SecurityGroupPermission row exists or not. For each SecurityGroupPermissionPK there is a Boolean in the cache specifying whether or not it exists. In this way the cache speeds things up whether or not the user has a permission.

Constructor Detail

Security

public Security()
Method Detail

getDelegator

public GenericDelegator getDelegator()

setDelegator

public void setDelegator(GenericDelegator delegator)

findUserLoginSecurityGroupByUserLoginId

public abstract java.util.Iterator<GenericValue> findUserLoginSecurityGroupByUserLoginId(java.lang.String userLoginId)
Uses userLoginSecurityGroupByUserLoginId cache to speed up the finding of the userLogin's security group list.

Parameters:
userLoginId - The userLoginId to find security groups by
Returns:
An iterator made from the Collection either cached or retrieved from the database through the UserLoginSecurityGroup Delegator.

securityGroupPermissionExists

public abstract boolean securityGroupPermissionExists(java.lang.String groupId,
                                                      java.lang.String permission)
Finds whether or not a SecurityGroupPermission row exists given a groupId and permission. Uses the securityGroupPermissionCache to speed this up. The groupId,permission pair is cached instead of the userLoginId,permission pair to keep the cache small and to make it more changeable.

Parameters:
groupId - The ID of the group
permission - The name of the permission
Returns:
boolean specifying whether or not a SecurityGroupPermission row exists

hasPermission

public abstract boolean hasPermission(java.lang.String permission,
                                      HttpSession session)
Checks to see if the currently logged in userLogin has the passed permission.

Parameters:
permission - Name of the permission to check.
session - The current HTTP session, contains the logged in userLogin as an attribute.
Returns:
Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

hasEntityPermission

public abstract boolean hasEntityPermission(java.lang.String entity,
                                            java.lang.String action,
                                            HttpSession session)
Like hasPermission above, except it has functionality specific to Entity permissions. Checks the entity for the specified action, as well as for "_ADMIN" to allow for simplified general administration permission.

Parameters:
entity - The name of the Entity corresponding to the desired permission.
action - The action on the Entity corresponding to the desired permission.
session - The current HTTP session, contains the logged in userLogin as an attribute.
Returns:
Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

hasRolePermission

public abstract boolean hasRolePermission(java.lang.String application,
                                          java.lang.String action,
                                          java.lang.String primaryKey,
                                          java.lang.String role,
                                          HttpSession session)
Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.

Parameters:
application - The name of the application corresponding to the desired permission.
action - The action on the application corresponding to the desired permission.
primaryKey - The primary key for the role check.
role - The roleTypeId which the user must validate with.
session - The current HTTP session, contains the logged in userLogin as an attribute.
Returns:
Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

hasRolePermission

public abstract boolean hasRolePermission(java.lang.String application,
                                          java.lang.String action,
                                          java.lang.String primaryKey,
                                          java.util.List<java.lang.String> roles,
                                          GenericValue userLogin)
Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.

Parameters:
application - The name of the application corresponding to the desired permission.
action - The action on the application corresponding to the desired permission.
primaryKey - The primary key for the role check.
roles - List of roleTypeId of which the user must validate with (ORed).
userLogin - The userLogin object for user to check against.
Returns:
Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

hasRolePermission

public abstract boolean hasRolePermission(java.lang.String application,
                                          java.lang.String action,
                                          java.lang.String primaryKey,
                                          java.util.List<java.lang.String> roles,
                                          HttpSession session)
Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.

Parameters:
application - The name of the application corresponding to the desired permission.
action - The action on the application corresponding to the desired permission.
primaryKey - The primary key for the role check.
roles - List of roleTypeId of which the user must validate with (ORed).
session - The current HTTP session, contains the logged in userLogin as an attribute.
Returns:
Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD