|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--org.edg.security.voms.database.DBACL
A class representing and checking ACLs in a VO. Essentially, a wrapper class for the acl table.
Field Summary | |
private long |
id
The id of this ACL. |
private static org.apache.log4j.Logger |
log
Logger. |
private DBContainer |
owner
The container object that is the owner of this ACL. |
(package private) static Sequence |
seq
Sequence. |
Constructor Summary | |
private |
DBACL(long id,
DBContainer owner)
Private constructor. |
Method Summary | |
void |
addACLEntry(ACLEntryHelper entry)
Add an ACL entry to this ACL. |
private boolean |
checkACLEntryForAdmin(Operation o,
DBAdmin admin,
java.lang.String clientName,
java.lang.String issuerName)
Checks a matching ACL entry for the given operation. |
boolean |
checkACLEntryForAttribute(Operation o,
java.lang.String attribute,
java.lang.String clientName,
java.lang.String issuerName)
|
boolean |
checkACLEntryForGroup(Operation o,
java.lang.String groupname,
java.lang.String clientName,
java.lang.String issuerName)
|
boolean |
checkACLEntryForRole(Operation o,
QualifiedRole role,
java.lang.String clientName,
java.lang.String issuerName)
|
void |
checkPermission(Operation o)
Check if the current user is allowed to perform an operation. |
long |
copyACL()
Creates a new copy of this ACL. |
long |
countACLEntries()
Counts the ACL entries of this ACL. |
void |
deleteACL()
Remove this ACL from the database. |
ACLEntryHelper[] |
getACLEntries()
Returns the ACL entries of this ACL. |
ACLEntryHelper |
getACLEntry(Operation o,
DBAdmin admin)
Returns the ACL entry corresponding to the given operation-administrator pair. |
java.util.List |
getAdminUsersForOperation(Operation o)
Convenience method: returns the list of users, who also play administrative role for the given operation. |
(package private) long |
getId()
Return the id of this ACL. |
(package private) static DBACL |
getInstance(long id,
DBContainer owner)
Return the ACL with the given id. |
DBContainer |
getOwner()
Return the owner of this ACL. |
void |
removeACLEntry(ACLEntryHelper entry)
Remove a single entry from an ACL. |
void |
removeAllACLEntries()
Remove all entries from an ACL. |
void |
setACLEntries(ACLEntryHelper[] entries)
Replace the ACL with a new set of entries. |
java.lang.String |
toString()
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
private static final org.apache.log4j.Logger log
private long id
static final Sequence seq
private DBContainer owner
Constructor Detail |
private DBACL(long id, DBContainer owner) throws DatabaseError, NotInDatabase
Method Detail |
static DBACL getInstance(long id, DBContainer owner) throws DatabaseError, NotInDatabase
id
- The id of the ACL to return.owner
- The owner of this ACL (for logging purposes).
DatabaseError
NotInDatabase
public DBContainer getOwner()
long getId()
public java.lang.String toString()
toString
in class java.lang.Object
public void checkPermission(Operation o) throws GeneralDatabaseException, VOMSSecurityException
SecurityContext
. The other half of the information is in the
ACL
table.
If the client connects from localhost and the configuration option
voms.localhost.has.bypass
is true, then the ACL check will
be bypassed.
Otherwise the method iterates through the user's name and approved attributes and tries to match them with the ACL entries. If it finds at least one allow entry and it doesn't find any deny entries, then it will allow the operation by returning normally.
If the routine finds a deny entry or doesn't find any
allow entries, then it will throw a VOMSSecurityException
.
o
- the requested operation on the object
VOMSSecurityException
- when the access is denied.
DatabaseError
- if an SQL error occurs.
InconsistentDatabase
- if a database inconsistency is detected.
GeneralDatabaseException
AuthorizationManager
,
SecurityContext
private boolean checkACLEntryForAdmin(Operation o, DBAdmin admin, java.lang.String clientName, java.lang.String issuerName) throws GeneralDatabaseException, VOMSSecurityException
VOMSSecurityException
- if there is a matching deny entry.
GeneralDatabaseException
public boolean checkACLEntryForAttribute(Operation o, java.lang.String attribute, java.lang.String clientName, java.lang.String issuerName) throws GeneralDatabaseException, VOMSSecurityException
GeneralDatabaseException
VOMSSecurityException
public boolean checkACLEntryForGroup(Operation o, java.lang.String groupname, java.lang.String clientName, java.lang.String issuerName) throws GeneralDatabaseException, VOMSSecurityException
GeneralDatabaseException
VOMSSecurityException
public boolean checkACLEntryForRole(Operation o, QualifiedRole role, java.lang.String clientName, java.lang.String issuerName) throws GeneralDatabaseException, VOMSSecurityException
GeneralDatabaseException
VOMSSecurityException
public java.util.List getAdminUsersForOperation(Operation o) throws GeneralDatabaseException
o
- the requested operation on the object
DatabaseError
- if an SQL error occurs.
InconsistentDatabase
- if a database inconsistency is detected.
GeneralDatabaseException
org.edg.security.voms.operation.Action.getAdminUsers
public long countACLEntries() throws GeneralDatabaseException
GeneralDatabaseException
public ACLEntryHelper getACLEntry(Operation o, DBAdmin admin) throws GeneralDatabaseException
GeneralDatabaseException
public ACLEntryHelper[] getACLEntries() throws GeneralDatabaseException
GeneralDatabaseException
public void removeACLEntry(ACLEntryHelper entry) throws GeneralDatabaseException, ArgumentException, NotInDatabase
GeneralDatabaseException
ArgumentException
NotInDatabase
public void removeAllACLEntries() throws GeneralDatabaseException
GeneralDatabaseException
public void addACLEntry(ACLEntryHelper entry) throws ArgumentException, GeneralDatabaseException
ArgumentException
- if we already have an entry for this admin-operation pair.
GeneralDatabaseException
public void setACLEntries(ACLEntryHelper[] entries) throws ArgumentException, GeneralDatabaseException
ArgumentException
GeneralDatabaseException
public long copyACL() throws GeneralDatabaseException
java.lang.IllegalArgumentException
- if any of the arguments is null.
GeneralDatabaseException
public void deleteACL() throws GeneralDatabaseException
acld
table.
GeneralDatabaseException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |