Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.metamatrix.platform.security.authorization.service
Class AuthorizationServiceImpl

java.lang.Object
  extended by com.metamatrix.platform.security.authorization.service.AuthorizationServiceImpl
All Implemented Interfaces:
ApplicationService, AuthorizationService, SecurityFunctionEvaluator
public class AuthorizationServiceImpl
extends java.lang.Object
implements AuthorizationService

The Authorization Service is responsible for handling requests to determine whether a Principal is entitled to perform a given action on a given resource or set of resources.

Administration of the Authorization policies; creating/destroying Policies, adding/deleting Principals and Permissions is available to Principals that have the proper administrative role.

Field Summary
protected  MembershipServiceInterface membershipService
           
protected  LRUCache<VDBKey,java.util.Collection<AuthorizationPolicy>> policyCache
           
protected  VDBService vdbService
           
 
Fields inherited from interface com.metamatrix.dqp.service.AuthorizationService
ACTION_CREATE, ACTION_DELETE, ACTION_READ, ACTION_UPDATE, ADMIN_ROLES_FILE, CONTEXT_DELETE, CONTEXT_INSERT, CONTEXT_PROCEDURE, CONTEXT_QUERY, CONTEXT_UPDATE, DEFAULT_WSDL_USERNAME, ENTITELEMENTS_ENABLED
 
Fields inherited from interface com.metamatrix.query.eval.SecurityFunctionEvaluator
ADMIN_ROLE, DATA_ROLE
 
Constructor Summary
AuthorizationServiceImpl()
           
 
Method Summary
 boolean checkingEntitlements()
          Determine whether entitlements checking is enabled on the server.
 java.util.Collection getInaccessibleResources(java.lang.String connectionID, int action, java.util.Collection resources, int context)
          Determine which of a set of resources a connection does not have permission to perform the specified action.
 java.util.Collection<AuthorizationPolicy> getPoliciesInRealm(AuthorizationRealm realm)
          Returns a Collection of AuthorizationPolicys that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm.
 java.util.Collection<java.lang.String> getRoleNamesForPrincipal(MetaMatrixPrincipalName principal)
          Returns a Collection of String names of MetaMatrix roles to which the given principal is assigned.
 boolean hasRole(java.lang.String connectionID, java.lang.String roleType, java.lang.String roleName)
           
 void initialize(java.util.Properties env)
          Initialize the service with the specified properties.
 boolean isCallerInRole(SessionToken session, java.lang.String roleName)
           
protected  boolean isEntitled(java.lang.String principal)
           
 void setAdminPolicies(java.util.Collection<AuthorizationPolicy> adminPolicies)
           
 void setMembershipService(MembershipServiceInterface membershipService)
           
 void setUseEntitlements(boolean useEntitlements)
           
 void setVdbService(VDBService vdbService)
           
 void start(ApplicationEnvironment environment)
          Start the service with the specified environment.
 void stop()
          Stop the service.
 void updatePoliciesInRealm(AuthorizationRealm realm, java.util.Collection<AuthorizationPolicy> policies)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

membershipService

protected MembershipServiceInterface membershipService

vdbService

protected VDBService vdbService

policyCache

protected LRUCache<VDBKey,java.util.Collection<AuthorizationPolicy>> policyCache
Constructor Detail

AuthorizationServiceImpl

public AuthorizationServiceImpl()
Method Detail

initialize

public void initialize(java.util.Properties env)
                throws ApplicationInitializationException
Description copied from interface: ApplicationService
Initialize the service with the specified properties.

Specified by:
initialize in interface ApplicationService
Parameters:
env - Initialialization properties
Throws:
ApplicationInitializationException - If an error occurs during initialization

start

public void start(ApplicationEnvironment environment)
           throws ApplicationLifecycleException
Description copied from interface: ApplicationService
Start the service with the specified environment. The environment can be used to find other services or resources.

Specified by:
start in interface ApplicationService
Parameters:
environment - Environment
Throws:
ApplicationLifecycleException - If an error occurs while starting

stop

public void stop()
          throws ApplicationLifecycleException
Description copied from interface: ApplicationService
Stop the service.

Specified by:
stop in interface ApplicationService
Throws:
ApplicationLifecycleException - If an error occurs while starting

getInaccessibleResources

public java.util.Collection getInaccessibleResources(java.lang.String connectionID,
                                                     int action,
                                                     java.util.Collection resources,
                                                     int context)
                                              throws MetaMatrixComponentException
Description copied from interface: AuthorizationService
Determine which of a set of resources a connection does not have permission to perform the specified action.

Specified by:
getInaccessibleResources in interface AuthorizationService
Parameters:
connectionID - Connection ID identifying the connection (and thus the user credentials)
action - Action connection wishes to perform
resources - Resources the connection wishes to perform the action on, Collection of String
context - Auditing context
Returns:
Collection Subset of resources
Throws:
MetaMatrixComponentException - If an error occurs in the service while checking resources

hasRole

public boolean hasRole(java.lang.String connectionID,
                       java.lang.String roleType,
                       java.lang.String roleName)
                throws MetaMatrixComponentException
Specified by:
hasRole in interface SecurityFunctionEvaluator
Throws:
MetaMatrixComponentException

getRoleNamesForPrincipal

public java.util.Collection<java.lang.String> getRoleNamesForPrincipal(MetaMatrixPrincipalName principal)
                                                                throws AuthorizationMgmtException
Description copied from interface: AuthorizationService
Returns a Collection of String names of MetaMatrix roles to which the given principal is assigned.

Specified by:
getRoleNamesForPrincipal in interface AuthorizationService
Parameters:
principal - MetaMatrixPrincipalName for which roles are sought
Returns:
The Collection of role names the principal is assigned.
Throws:
AuthorizationMgmtException

getPoliciesInRealm

public java.util.Collection<AuthorizationPolicy> getPoliciesInRealm(AuthorizationRealm realm)
                                                             throws AuthorizationMgmtException
Description copied from interface: AuthorizationService
Returns a Collection of AuthorizationPolicys that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Specified by:
getPoliciesInRealm in interface AuthorizationService
Parameters:
realm - The realm in which to search for AuthorizationPermissions.
Returns:
The collection of AuthorizationPolicys that have permissions in the given realm - possibly empty but never null.
Throws:
AuthorizationMgmtException - if an error occurs in the Authorization store.

updatePoliciesInRealm

public void updatePoliciesInRealm(AuthorizationRealm realm,
                                  java.util.Collection<AuthorizationPolicy> policies)
                           throws AuthorizationMgmtException
Specified by:
updatePoliciesInRealm in interface AuthorizationService
Throws:
AuthorizationMgmtException

isEntitled

protected boolean isEntitled(java.lang.String principal)

checkingEntitlements

public boolean checkingEntitlements()
Determine whether entitlements checking is enabled on the server.

Specified by:
checkingEntitlements in interface AuthorizationService
Returns:
true iff server-side entitlements checking is enabled.

setMembershipService

public void setMembershipService(MembershipServiceInterface membershipService)

setAdminPolicies

public void setAdminPolicies(java.util.Collection<AuthorizationPolicy> adminPolicies)

setUseEntitlements

public void setUseEntitlements(boolean useEntitlements)

setVdbService

public void setVdbService(VDBService vdbService)

isCallerInRole

public boolean isCallerInRole(SessionToken session,
                              java.lang.String roleName)
                       throws AuthorizationMgmtException
Specified by:
isCallerInRole in interface AuthorizationService
Throws:
AuthorizationMgmtException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2009. All Rights Reserved.