com.metamatrix.server.dqp.service
Class PlatformAuthorizationService

java.lang.Object
  com.metamatrix.server.dqp.service.PlatformAuthorizationService

All Implemented Interfaces:

ApplicationService, AuthorizationService, SecurityFunctionEvaluator

public class PlatformAuthorizationService
extends java.lang.Object
implements AuthorizationService

Field Summary

Fields inherited from interface com.metamatrix.dqp.service.AuthorizationService

ACTION_CREATE, ACTION_DELETE, ACTION_READ, ACTION_UPDATE, ADMIN_ROLES_FILE, CONTEXT_DELETE, CONTEXT_INSERT, CONTEXT_PROCEDURE, CONTEXT_QUERY, CONTEXT_UPDATE, DEFAULT_WSDL_USERNAME, ENTITELEMENTS_ENABLED

Fields inherited from interface com.metamatrix.query.eval.SecurityFunctionEvaluator

ADMIN_ROLE, DATA_ROLE

Constructor Summary

PlatformAuthorizationService(AuthorizationServiceInterface authInterface)

Method Summary

boolean	checkingEntitlements() Determine whether entitlements checking is enabled on the server.
java.util.Collection	getInaccessibleResources(java.lang.String connectionID, int action, java.util.Collection resources, int context) Determine which of a set of resources a connection does not have permission to perform the specified action.
java.util.Collection<AuthorizationPolicy>	getPoliciesInRealm(AuthorizationRealm realm) Returns a Collection of AuthorizationPolicys that have AuthorizationPermissions in the given AuthorizationRealm. NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm.
java.util.Collection<java.lang.String>	getRoleNamesForPrincipal(MetaMatrixPrincipalName principal) Returns a Collection of String names of MetaMatrix roles to which the given principal is assigned.
boolean	hasRole(java.lang.String connectionID, java.lang.String roleType, java.lang.String roleName)
void	initialize(java.util.Properties props) Initialize the service with the specified properties.
boolean	isCallerInRole(SessionToken session, java.lang.String roleName)
void	start(ApplicationEnvironment environment) Start the service with the specified environment.
void	stop() Stop the service.
void	updatePoliciesInRealm(AuthorizationRealm realm, java.util.Collection<AuthorizationPolicy> policies)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PlatformAuthorizationService

public PlatformAuthorizationService(AuthorizationServiceInterface authInterface)

Method Detail

initialize

public void initialize(java.util.Properties props)
                throws ApplicationInitializationException

Description copied from interface: ApplicationService

Initialize the service with the specified properties.

Specified by:

initialize in interface ApplicationService

Parameters:

props - Initialialization properties

Throws:

ApplicationInitializationException - If an error occurs during initialization

start

public void start(ApplicationEnvironment environment)
           throws ApplicationLifecycleException

Description copied from interface: ApplicationService

Start the service with the specified environment. The environment can be used to find other services or resources.

Specified by:

start in interface ApplicationService

Parameters:

environment - Environment

Throws:

ApplicationLifecycleException - If an error occurs while starting

stop

public void stop()
          throws ApplicationLifecycleException

Description copied from interface: ApplicationService

Stop the service.

Specified by:

stop in interface ApplicationService

Throws:

ApplicationLifecycleException - If an error occurs while starting

getInaccessibleResources

public java.util.Collection getInaccessibleResources(java.lang.String connectionID,
                                                     int action,
                                                     java.util.Collection resources,
                                                     int context)
                                              throws MetaMatrixComponentException

Description copied from interface: AuthorizationService

Determine which of a set of resources a connection does not have permission to perform the specified action.

Specified by:

getInaccessibleResources in interface AuthorizationService

Parameters:

connectionID - Connection ID identifying the connection (and thus the user credentials)

action - Action connection wishes to perform

resources - Resources the connection wishes to perform the action on, Collection of String

context - Auditing context

Returns:

Collection Subset of resources

Throws:

MetaMatrixComponentException - If an error occurs in the service while checking resources

hasRole

public boolean hasRole(java.lang.String connectionID,
                       java.lang.String roleType,
                       java.lang.String roleName)
                throws MetaMatrixComponentException

Specified by:

hasRole in interface SecurityFunctionEvaluator

Throws:

MetaMatrixComponentException

checkingEntitlements

public boolean checkingEntitlements()

Determine whether entitlements checking is enabled on the server.

Specified by:

checkingEntitlements in interface AuthorizationService

Returns:

true iff server-side entitlements checking is enabled.

isCallerInRole

public boolean isCallerInRole(SessionToken session,
                              java.lang.String roleName)
                       throws AuthorizationMgmtException

Specified by:

isCallerInRole in interface AuthorizationService

Throws:

AuthorizationMgmtException

getPoliciesInRealm

public java.util.Collection<AuthorizationPolicy> getPoliciesInRealm(AuthorizationRealm realm)
                                                             throws AuthorizationException,
                                                                    AuthorizationMgmtException

Description copied from interface: AuthorizationService

Returns a Collection of AuthorizationPolicys that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Specified by:

getPoliciesInRealm in interface AuthorizationService

Parameters:

realm - The realm in which to search for AuthorizationPermissions.

Returns:

The collection of AuthorizationPolicys that have permissions in the given realm - possibly empty but never null.

Throws:

AuthorizationException - if administrator does not have the authority to perform the action.

AuthorizationMgmtException - if an error occurs in the Authorization store.

getRoleNamesForPrincipal

public java.util.Collection<java.lang.String> getRoleNamesForPrincipal(MetaMatrixPrincipalName principal)
                                                                throws InvalidSessionException,
                                                                       AuthorizationException,
                                                                       AuthorizationMgmtException

Description copied from interface: AuthorizationService

Returns a Collection of String names of MetaMatrix roles to which the given principal is assigned.

Specified by:

getRoleNamesForPrincipal in interface AuthorizationService

Parameters:

principal - MetaMatrixPrincipalName for which roles are sought

Returns:

The Collection of role names the principal is assigned.

Throws:

InvalidSessionException - if the administrative session is invalid

AuthorizationException - if administrator does not have the authority to see the requested information

AuthorizationMgmtException

updatePoliciesInRealm

public void updatePoliciesInRealm(AuthorizationRealm realm,
                                  java.util.Collection<AuthorizationPolicy> policies)
                           throws AuthorizationMgmtException

Specified by:

updatePoliciesInRealm in interface AuthorizationService

Throws:

AuthorizationMgmtException