Package ch.tocco.nice2.security.api
Interface SecurityManager
- All Known Implementing Classes:
SecurityManagerImpl
public interface SecurityManager
Factory for
SecurityContexts. The most important task of this interace is
creating SecurityContexts after the user logged in (using the login(Principal) method). Other functions provided by this class are reading
permission expressions as used in ACL files, and entering/exiting privileged mode.
Privileged mode is important to temporarily disable the security system, which is often
needed for certain internal operations. A good example for such an internal operation
is checking permissions in entities based on entity values. If security checks weren't
disabled during condition checks, the condition check itself would cause the security
system to check, whether the current user has access to that field, ultimately
resulting in a recursive permission check until a StackOverflowError is thrown.
Temporarily disabling security during condition check by entering privileged mode
prevents this.-
Method Summary
Modifier and TypeMethodDescriptionvoidDeprecated.voidDeprecated.Useprivileged()insteadbooleandefault SecurityContextdefault SecurityContextvoidlogout(SecurityContext securityContext) Called to clean up resources when aSecurityContextis destroyeddefault PolicyprocessPolicy(Object target, Policy policy, Phase phase, Predicate<Rule> filter, boolean disableProcessors) readPermission(String domainName, String expression) voidsecured()withAdditionalRules(Consumer<PolicyBuilder> consumer) Note: This method sets a newSecurityContextinto theExecutionContext.withRules(Consumer<PolicyBuilder> consumer) Note: This method sets a newSecurityContextinto theExecutionContext.
-
Method Details
-
login
- Throws:
SecurityException
-
login
- Throws:
SecurityException
-
login
SecurityContext login(Principal principal, UUID sessionId, boolean disablePolicyProcessors) throws SecurityException - Throws:
SecurityException
-
logout
Called to clean up resources when aSecurityContextis destroyed -
readPermission
- Throws:
InvalidPermissionException
-
privileged
Invoker privileged()- Returns:
- Invoker that runs in privileged mode
-
secured
Invoker secured()- Returns:
- Invoker that runs in secured mode (i.e. privileged mode is not active)
-
anonymous
Invoker anonymous()- Returns:
- Invoker that runs with an anonymous principal
- See Also:
-
withLogin
- Returns:
- Invoker that runs with the passed principal
-
withLogin
- Returns:
- Invoker that runs with the principal of the passed username and password
-
withLogin
- Parameters:
ignoreCaptchaVerification- if true, ReCaptcha validation is skipped during login- Returns:
- Invoker that runs with the principal of the passed username and password
-
withRules
Note: This method sets a newSecurityContextinto theExecutionContext. To get the enhanced policy, it needs to be fetched again from theExecutionContext.- Returns:
- an invoker that runs with the given rules
-
withAdditionalRules
Note: This method sets a newSecurityContextinto theExecutionContext. To get the enhanced policy, it needs to be fetched again from theExecutionContext.- Returns:
- an invoker that runs with an enhanced policy which contains the additional given rules
-
enterPrivileged
Deprecated.Useprivileged()instead- Throws:
SecurityException
-
exitPrivileged
Deprecated.Useprivileged()instead- Throws:
SecurityException
-
isPrivileged
boolean isPrivileged() -
reloadPolicy
void reloadPolicy() -
getPolicy
Policy getPolicy() -
getAnonymousContext
SecurityContext getAnonymousContext() -
processPolicy
-
processPolicy
-
privileged()instead