Package org.teiid.dqp.internal.process

Class DefaultAuthorizationValidator

java.lang.Object

org.teiid.dqp.internal.process.DefaultAuthorizationValidator

All Implemented Interfaces:

AuthorizationValidator

public class DefaultAuthorizationValidator
extends Object
implements AuthorizationValidator

The default Teiid authorization validator

Nested Class Summary

Nested classes/interfaces inherited from interface org.teiid.dqp.internal.process.AuthorizationValidator

AuthorizationValidator.CommandType

Field Summary

Fields

Modifier and Type	Field	Description
static String	IGNORE_UNAUTHORIZED_ASTERISK

Constructor Summary

Constructors

Constructor	Description
DefaultAuthorizationValidator()

Method Summary

Modifier and Type	Method	Description
boolean	hasRole(String roleName, CommandContext commandContext)	Uses the context or other information to determine if the current user has the given role name.
boolean	isAccessible(AbstractMetadataRecord record, CommandContext commandContext)	Determines if the metadata record is accessible in system queries
void	setMetadataRequiresPermission(boolean metadataRequiresPermission)
void	setPolicyDecider(PolicyDecider policyDecider)
boolean	validate(String[] originalSql, Command command, QueryMetadataInterface metadata, CommandContext commandContext, AuthorizationValidator.CommandType commandType)	Validates the given command.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

IGNORE_UNAUTHORIZED_ASTERISK

public static final String IGNORE_UNAUTHORIZED_ASTERISK

See Also:

Constant Field Values

Constructor Detail

DefaultAuthorizationValidator

public DefaultAuthorizationValidator()

Method Detail

setMetadataRequiresPermission

public void setMetadataRequiresPermission(boolean metadataRequiresPermission)

validate

public boolean validate(String[] originalSql,
                        Command command,
                        QueryMetadataInterface metadata,
                        CommandContext commandContext,
                        AuthorizationValidator.CommandType commandType)
                 throws QueryValidatorException,
                        TeiidComponentException

Description copied from interface: AuthorizationValidator

Validates the given command. If the command is not a AuthorizationValidator.CommandType.USER command, the command object should not be modified. Any modification must be fully resolved using the associated QueryMetadataInterface. Returning true for a AuthorizationValidator.CommandType.PREPARED or AuthorizationValidator.CommandType.CACHED commands means that the matching prepared plan or cache entry will not be used.

Specified by:

validate in interface AuthorizationValidator

Parameters:

originalSql - array of commands will typically contain only a single string, but may have multiple for batched updates.

command - the parsed and resolved command.

Returns:

true if the USER command was modified, or if the non-USER command should be modified.

Throws:

QueryValidatorException

TeiidComponentException

hasRole

public boolean hasRole(String roleName,
                       CommandContext commandContext)

Description copied from interface: AuthorizationValidator

Uses the context or other information to determine if the current user has the given role name.

Specified by:

hasRole in interface AuthorizationValidator

Returns:

true if the current user has the given role

setPolicyDecider

public void setPolicyDecider(PolicyDecider policyDecider)

isAccessible

public boolean isAccessible(AbstractMetadataRecord record,
                            CommandContext commandContext)

Description copied from interface: AuthorizationValidator

Determines if the metadata record is accessible in system queries

Specified by:

isAccessible in interface AuthorizationValidator

Returns: