Overview  Package   Class  Use  Tree  Deprecated  Index 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.eclipse.emf.emfstore.internal.server.accesscontrol
Class AccessControlImpl

java.lang.Object
  extended by org.eclipse.emf.emfstore.internal.server.accesscontrol.AccessControlImpl
All Implemented Interfaces:
AccessControl, AuthorizationControl
public class AccessControlImpl
extends Object
implements AccessControl

Implementation of an AccessControl combining authentication and authorization.

Author:
mkoegel, ovonwesen, emueller

Constructor Summary
AccessControlImpl(ACDAOFacade acDAOFacade)
          Default constructor.
 
Method Summary
 void checkAccess(MethodInvocation op)
          Checks whether a given operation may be executed.
 boolean checkProjectAdminAccess(SessionId sessionId, ProjectId projectId)
          Check if the session is valid for admin access to the given project.
 boolean checkProjectAdminAccess(SessionId sessionId, ProjectId projectId, PAPrivileges privileg)
          Check if the session is valid for admin access to the given project.
 boolean checkProjectAdminAccessForOrgUnit(SessionId sessionId, ACOrgUnitId orgUnitId)
          Check if the session is valid for admin access to the given organizational unit.
 boolean checkProjectAdminAccessForOrgUnit(SessionId sessionId, ACOrgUnitId orgUnitId, Set<ProjectId> projectIds)
          Check if the session is valid for admin access to the given organizational unit.
 void checkReadAccess(SessionId sessionId, ProjectId projectId, Set<org.eclipse.emf.ecore.EObject> modelElements)
          Check if the session may read the given model elements in the project.
 void checkServerAdminAccess(SessionId sessionId)
          Check if the session is valid for server admin access.
 void checkSession(SessionId sessionId)
          Check if the given session is valid.
 void checkWriteAccess(SessionId sessionId, ProjectId projectId, Set<org.eclipse.emf.ecore.EObject> modelElements)
          Check if the session may write the given model elements in the project.
 AbstractAuthenticationControl getAuthenticationControl()
          Returns the authentication control that is currently used by the access control.
 AuthenticationInformation logIn(String username, String password, ClientVersionInfo clientVersionInfo)
          Log in with the given credentials.
 void logout(SessionId sessionId)
          Log out the session with the given ID.
 SessionId resolveSessionById(String sessionId)
          Given an session ID as a string, returns the corresponding session, if any.
 ACUser resolveUser(ACOrgUnitId id)
          This method looks up the orgUnit id the server and returns the relating user.
 ACUser resolveUser(SessionId sessionId)
          This method looks up the session id on the server and returns the relating user.
 void setAuthenticationControl(AbstractAuthenticationControl authenticationControl)
          Sets the authentication control to be used by the access control.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AccessControlImpl

public AccessControlImpl(ACDAOFacade acDAOFacade)
                  throws FatalESException
Default constructor.

Parameters:
acDAOFacade - a DAO facade encapsulating different AC related DAOs
Throws:
FatalESException - an exception
Method Detail

logIn

public AuthenticationInformation logIn(String username,
                                       String password,
                                       ClientVersionInfo clientVersionInfo)
                                throws AccessControlException
Log in with the given credentials.

Specified by:
logIn in interface AccessControl
Parameters:
username - the username as entered by the client
password - the password as entered by the client
clientVersionInfo - the version of the client
Returns:
an AuthenticationInformation holding information about the logged-in session
Throws:
AccessControlException - in case an error occurs during the login
See Also:
AuthenticationControl.logIn(org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser, java.lang.String, java.lang.String, org.eclipse.emf.emfstore.internal.server.model.ClientVersionInfo)

logout

public void logout(SessionId sessionId)
            throws AccessControlException
Log out the session with the given ID.

Specified by:
logout in interface AccessControl
Parameters:
sessionId - the ID of the session to be logged out
Throws:
AccessControlException - in case logout fails
See Also:
AccessControl.logout(org.eclipse.emf.emfstore.internal.server.model.SessionId)

checkSession

public void checkSession(SessionId sessionId)
                  throws AccessControlException
Check if the given session is valid.

Specified by:
checkSession in interface AuthorizationControl
Parameters:
sessionId - the session id
Throws:
AccessControlException - if the session is invalid
See Also:
AuthorizationControl.checkSession(org.eclipse.emf.emfstore.internal.server.model.SessionId)

checkWriteAccess

public void checkWriteAccess(SessionId sessionId,
                             ProjectId projectId,
                             Set<org.eclipse.emf.ecore.EObject> modelElements)
                      throws AccessControlException
Check if the session may write the given model elements in the project.

Specified by:
checkWriteAccess in interface AuthorizationControl
Parameters:
sessionId - session id
projectId - project id
modelElements - a set of model elements
Throws:
AccessControlException - if the session may not write any of the model elements
See Also:
AuthorizationControl.checkWriteAccess(org.eclipse.emf.emfstore.internal.server.model.SessionId, org.eclipse.emf.emfstore.internal.server.model.ProjectId, java.util.Set)

checkReadAccess

public void checkReadAccess(SessionId sessionId,
                            ProjectId projectId,
                            Set<org.eclipse.emf.ecore.EObject> modelElements)
                     throws AccessControlException
Check if the session may read the given model elements in the project.

Specified by:
checkReadAccess in interface AuthorizationControl
Parameters:
sessionId - session id
projectId - project id
modelElements - a set of model elements
Throws:
AccessControlException - if the session may not read any of the model elements
See Also:
AuthorizationControl.checkReadAccess(org.eclipse.emf.emfstore.internal.server.model.SessionId, org.eclipse.emf.emfstore.internal.server.model.ProjectId, java.util.Set)

checkProjectAdminAccess

public boolean checkProjectAdminAccess(SessionId sessionId,
                                       ProjectId projectId,
                                       PAPrivileges privileg)
                                throws AccessControlException
Check if the session is valid for admin access to the given project.

Specified by:
checkProjectAdminAccess in interface AuthorizationControl
Parameters:
sessionId - the session id
projectId - the project id. May be null
privileg - the PAPrivileges to be checked
Returns:
true, if permission is granted via the server admin role, false otherwise
Throws:
AccessControlException - if the session is invalid for admin access
See Also:
AuthorizationControl.checkProjectAdminAccess(org.eclipse.emf.emfstore.internal.server.model.SessionId, org.eclipse.emf.emfstore.internal.server.model.ProjectId)

checkProjectAdminAccessForOrgUnit

public boolean checkProjectAdminAccessForOrgUnit(SessionId sessionId,
                                                 ACOrgUnitId orgUnitId)
                                          throws AccessControlException
Check if the session is valid for admin access to the given organizational unit.

Specified by:
checkProjectAdminAccessForOrgUnit in interface AuthorizationControl
Parameters:
sessionId - the session id
orgUnitId - the ID of an organizational unit
Returns:
true, if permission is granted via the server admin role, false otherwise
Throws:
AccessControlException - if the session is invalid for admin access
See Also:
AuthorizationControl.checkProjectAdminAccessForOrgUnit(org.eclipse.emf.emfstore.internal.server.model.SessionId, org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnitId)

checkProjectAdminAccessForOrgUnit

public boolean checkProjectAdminAccessForOrgUnit(SessionId sessionId,
                                                 ACOrgUnitId orgUnitId,
                                                 Set<ProjectId> projectIds)
                                          throws AccessControlException
Check if the session is valid for admin access to the given organizational unit.

Specified by:
checkProjectAdminAccessForOrgUnit in interface AuthorizationControl
Parameters:
sessionId - the session id
orgUnitId - the ID of an organizational unit
projectIds - the set of ProjectIds for which to check access for
Returns:
true, if permission is granted via the server admin role, false otherwise
Throws:
AccessControlException - if the session is invalid for admin access
See Also:
AuthorizationControl.checkProjectAdminAccessForOrgUnit(org.eclipse.emf.emfstore.internal.server.model.SessionId, org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnitId, java.util.Set)

checkProjectAdminAccess

public boolean checkProjectAdminAccess(SessionId sessionId,
                                       ProjectId projectId)
                                throws AccessControlException
Check if the session is valid for admin access to the given project.

Specified by:
checkProjectAdminAccess in interface AuthorizationControl
Parameters:
sessionId - the session id
projectId - the project id. May be null
Returns:
true, if permission is granted via the server admin role, false otherwise
Throws:
AccessControlException - if the session is invalid for admin access
See Also:
AuthorizationControl.checkProjectAdminAccess(org.eclipse.emf.emfstore.internal.server.model.SessionId, org.eclipse.emf.emfstore.internal.server.model.ProjectId)

checkServerAdminAccess

public void checkServerAdminAccess(SessionId sessionId)
                            throws AccessControlException
Check if the session is valid for server admin access.

Specified by:
checkServerAdminAccess in interface AuthorizationControl
Parameters:
sessionId - the session id
Throws:
AccessControlException - if the session is invalid for server admin access
See Also:
AuthorizationControl.checkServerAdminAccess(org.eclipse.emf.emfstore.internal.server.model.SessionId)

resolveUser

public ACUser resolveUser(SessionId sessionId)
                   throws AccessControlException
This method looks up the session id on the server and returns the relating user. Please notice that the returned user also contains roles which are not contained in the original user. These extra roles come from the user's groups.

Specified by:
resolveUser in interface AuthorizationControl
Parameters:
sessionId - session id
Returns:
ACUser user with roles from resolved user and it's groups
Throws:
AccessControlException - exception

resolveUser

public ACUser resolveUser(ACOrgUnitId id)
                   throws AccessControlException
This method looks up the orgUnit id the server and returns the relating user. Please notice that the returned user also contains roles which are not contained in the original user. These extra roles come from the user's groups.

Specified by:
resolveUser in interface AuthorizationControl
Parameters:
id - OrgUnit id
Returns:
ACUser user with roles from resolved user and it's groups
Throws:
AccessControlException - exception

checkAccess

public void checkAccess(MethodInvocation op)
                 throws AccessControlException
Checks whether a given operation may be executed.

Specified by:
checkAccess in interface AuthorizationControl
Parameters:
op - the operation the user intends to execute
Throws:
AccessControlException - in case access is denied
See Also:
AuthorizationControl.checkAccess(org.eclipse.emf.emfstore.internal.server.core.MethodInvocation)

getAuthenticationControl

public AbstractAuthenticationControl getAuthenticationControl()
Returns the authentication control that is currently used by the access control.

Returns:
the currently active authentication control

setAuthenticationControl

public void setAuthenticationControl(AbstractAuthenticationControl authenticationControl)
Sets the authentication control to be used by the access control.

Specified by:
setAuthenticationControl in interface AccessControl
Parameters:
authenticationControl - the authentication control to be used

resolveSessionById

public SessionId resolveSessionById(String sessionId)
Given an session ID as a string, returns the corresponding session, if any.

Specified by:
resolveSessionById in interface AuthorizationControl
Parameters:
sessionId - the session ID to be resolved
Returns:
the resolved session ID, if any, otherwise null
See Also:
AuthorizationControl.resolveSessionById(java.lang.String)
Overview  Package   Class  Use  Tree  Deprecated  Index 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2015. All Rights Reserved.