org.sakaiproject.component.legacy.security
Class SakaiSecurity

java.lang.Object
  extended byorg.sakaiproject.component.legacy.security.SakaiSecurity
All Implemented Interfaces:
SecurityService

public class SakaiSecurity
extends Object
implements SecurityService

SakaiSecurity is a Sakai security service.

Version:
$Revision: 6519 $
Author:
University of Michigan, Sakai Software Development Team

Field Summary
protected static String ADVISOR_STACK
          ThreadLocalManager key for our SecurityAdvisor Stack.
protected  int m_cacheMinutes
          The # minutes to cache the security answers. 0 disables the cache.
protected  MultiRefCache m_callCache
          A cache of calls to the service and the results.
protected  Logger m_logger
          Dependency: logging service
protected  ThreadLocalManager m_threadLocalManager
          Dependency: the current manager.
 
Fields inherited from interface org.sakaiproject.service.legacy.security.SecurityService
SERVICE_NAME
 
Constructor Summary
SakaiSecurity()
           
 
Method Summary
 void addKey(String userOrGroup, String lockOrRole, String resourceOrGroup, boolean allow)
          Add a new key.
protected  SecurityAdvisor.SecurityAdvice adviseIsAllowed(String userId, String function, String reference)
          Check the advisor stack - if anyone declares ALLOWED or NOT_ALLOWED, stop and return that, else, while they PASS, keep checking.
protected  boolean checkAuthzGroups(String userId, String function, String entityRef)
          Check the appropriate AuthzGroups for the answer - this may be cached
 void clearAdvisors()
          Remove any SecurityAdvisors from this thread.
 void destroy()
          Final cleanup.
protected  void dropAdvisorStack()
          Remove the thread-local security advisor stack
protected  Stack getAdvisorStack(boolean force)
          Get the thread-local security advisor stack, possibly creating it
 boolean hasAdvisors()
          Check if there are any security advisors stacked for this thread.
 void init()
          Final initialization, once all dependencies are set.
 boolean isSuperUser()
          Is this a super special super (admin) user?
protected  boolean isSuperUser(User user)
          Is this a super special super (admin or postmaster) user?
 SecurityAdvisor popAdvisor()
          Remove one SecurityAdvisor from the stack for this thread, if any exist.
 void pushAdvisor(SecurityAdvisor advisor)
          Establish a new SecurityAdvisor for this thread, at the top of the stack (it gets first dibs on the answer).
 void removeKey(String userOrGroup, String lockOrRole, String resourceOrGroup, boolean allow)
          Remove any keys that exactly match this key specification.
 void setCacheMinutes(String time)
          Set the # minutes to cache a security answer.
 void setLogger(Logger service)
          Dependency: logging service.
 void setThreadLocalManager(ThreadLocalManager manager)
          Dependency - set the current manager.
 boolean unlock(String lock, String resource)
          Can the current session user unlock the lock for use with this resource?
 boolean unlock(User u, String function, String entityRef)
          Can the specificed user unlock the lock for use with this resource?
 List unlockUsers(String lock, String reference)
          Access the List the Users who can unlock the lock for use with this resource.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

m_callCache

protected MultiRefCache m_callCache
A cache of calls to the service and the results.


ADVISOR_STACK

protected static final String ADVISOR_STACK
ThreadLocalManager key for our SecurityAdvisor Stack.

See Also:
Constant Field Values

m_logger

protected Logger m_logger
Dependency: logging service


m_threadLocalManager

protected ThreadLocalManager m_threadLocalManager
Dependency: the current manager.


m_cacheMinutes

protected int m_cacheMinutes
The # minutes to cache the security answers. 0 disables the cache.

Constructor Detail

SakaiSecurity

public SakaiSecurity()
Method Detail

setLogger

public void setLogger(Logger service)
Dependency: logging service.

Parameters:
service - The logging service.

setThreadLocalManager

public void setThreadLocalManager(ThreadLocalManager manager)
Dependency - set the current manager.


setCacheMinutes

public void setCacheMinutes(String time)
Set the # minutes to cache a security answer.

Parameters:
time - The # minutes to cache a security answer (as an integer string).

init

public void init()
Final initialization, once all dependencies are set.


destroy

public void destroy()
Final cleanup.


isSuperUser

public boolean isSuperUser()
Is this a super special super (admin) user?

Specified by:
isSuperUser in interface SecurityService
Returns:
true, if the user is a cut above the rest, false if a mere mortal.

isSuperUser

protected boolean isSuperUser(User user)
Is this a super special super (admin or postmaster) user?

Returns:
true, if the user is a cut above the rest, false if a mere mortal.

unlock

public boolean unlock(String lock,
                      String resource)
Can the current session user unlock the lock for use with this resource?

Specified by:
unlock in interface SecurityService
Parameters:
lock - The lock id string.
resource - The resource reference string.
Returns:
true, if the user can unlock the lock, false otherwise.

unlock

public boolean unlock(User u,
                      String function,
                      String entityRef)
Can the specificed user unlock the lock for use with this resource?

Specified by:
unlock in interface SecurityService
Parameters:
u - The user.
function - The lock id string.
entityRef - The resource reference string.
Returns:
true, if the user can unlock the lock, false otherwise.

checkAuthzGroups

protected boolean checkAuthzGroups(String userId,
                                   String function,
                                   String entityRef)
Check the appropriate AuthzGroups for the answer - this may be cached

Parameters:
userId - The user id.
function - The security function.
entityRef - The entity reference string.
Returns:
true if allowed, false if not.

unlockUsers

public List unlockUsers(String lock,
                        String reference)
Access the List the Users who can unlock the lock for use with this resource.

Specified by:
unlockUsers in interface SecurityService
Parameters:
lock - The lock id string.
reference - The resource reference string.
Returns:
A List (User) of the users can unlock the lock (may be empty).

addKey

public void addKey(String userOrGroup,
                   String lockOrRole,
                   String resourceOrGroup,
                   boolean allow)
Add a new key.

Specified by:
addKey in interface SecurityService
Parameters:
userOrGroup - The id of the user or user group which is given the key.
lockOrRole - The id of the lock or role (lock group) which the key opens.
resourceOrGroup - the id of the resource or resource group which restricts the key (the key will work only for these resources. null if no resource is involved).
allow - true if the key allows access, false if it denys access.

removeKey

public void removeKey(String userOrGroup,
                      String lockOrRole,
                      String resourceOrGroup,
                      boolean allow)
Remove any keys that exactly match this key specification.

Specified by:
removeKey in interface SecurityService
Parameters:
userOrGroup - The id of the user or user group which is given the key.
lockOrRole - The id of the lock or role (lock group) which the key opens.
resourceOrGroup - the id of the resource or resource group which restricts the key (the key will work only for these resources. null if no resource is involved).
allow - true if the key allows access, false if it denys access.

getAdvisorStack

protected Stack getAdvisorStack(boolean force)
Get the thread-local security advisor stack, possibly creating it

Parameters:
force - if true, create if missing

dropAdvisorStack

protected void dropAdvisorStack()
Remove the thread-local security advisor stack


adviseIsAllowed

protected SecurityAdvisor.SecurityAdvice adviseIsAllowed(String userId,
                                                         String function,
                                                         String reference)
Check the advisor stack - if anyone declares ALLOWED or NOT_ALLOWED, stop and return that, else, while they PASS, keep checking.

Parameters:
userId - The user id.
function - The security function.
reference - The Entity reference.
Returns:
ALLOWED or NOT_ALLOWED if an advisor makes a decision, or PASS if there are no advisors or they cannot make a decision.

pushAdvisor

public void pushAdvisor(SecurityAdvisor advisor)
Description copied from interface: SecurityService
Establish a new SecurityAdvisor for this thread, at the top of the stack (it gets first dibs on the answer).

Specified by:
pushAdvisor in interface SecurityService
Parameters:
advisor - The advisor to establish

popAdvisor

public SecurityAdvisor popAdvisor()
Description copied from interface: SecurityService
Remove one SecurityAdvisor from the stack for this thread, if any exist.

Specified by:
popAdvisor in interface SecurityService
Returns:
advisor The advisor popped of, or null if the stack is empty.

hasAdvisors

public boolean hasAdvisors()
Description copied from interface: SecurityService
Check if there are any security advisors stacked for this thread.

Specified by:
hasAdvisors in interface SecurityService
Returns:
true if some advisors are defined, false if not.

clearAdvisors

public void clearAdvisors()
Description copied from interface: SecurityService
Remove any SecurityAdvisors from this thread.

Specified by:
clearAdvisors in interface SecurityService