Package ch.tocco.nice2.security.spi

Interface SecurityDomain

All Known Implementing Classes:

AbstractEntitySecurityDomain, AbstractSecurityDomain, ActionSecurityDomain, AdminMenuSecurityDomain, EntityPathSecurityDomain, EntitySecurityDomain, GuardCachingSecurityDomain, InfoboxSecurityDomain, ManagerSecurityDomain, ReportSecurityDomain

public interface SecurityDomain

Specifies a domain (usually based on the obejct type) for security. The domain is responsible for selecting objects (when reducing the policies), creating object indicators, resolving paths etc.

Method Summary

Modifier and Type	Method	Description
List<List<?>>	aggregateSupportedObjects(List<?> securedObjects)	This method should group all secured objects, which can be evaluated together in a ListGuard, and return a list of these groups.
void	clearGuardCache(SecurityContext securityContext)	Clear all cached objects belonging to the given security context.
default boolean[]	evaluateCondition(List<?> object, SecurityContext ctx, Rule rule, Permission askedPermission)
Policy	getOrCreateFilteredPolicy(SecurityContext securityContext, List<?> objects, Callable<Policy> provider)	Return a policy for the given objects.
SelectorFactory	getSelectorFactory()	Create a selector factory.

Method Details

aggregateSupportedObjects

List<List<?>> aggregateSupportedObjects(List<?> securedObjects)

This method should group all secured objects, which can be evaluated together in a ListGuard, and return a list of these groups. This means all objects in a sub-list must require the same policy, (every object in the list would select the same rules of a policy, see getSelectorFactory()). Secured objects that are not supported by this domain at all should not be returned from this method. If none of the objects are supported, an empty list should be returned.

getSelectorFactory

SelectorFactory getSelectorFactory()

Create a selector factory. A selector factory is an object which creates selectors. There is no interface as the arguments defined in the policy will be matched to factory methods using reflection. The contract for the object returned by this method is as follows:

It specify several methods called createSelector with the return type Selector. It may take any number of arguments. Supported argument types are all Java primitives, String, enumerations and arrays of enumerations. The last argument may be an array, which indicates varargs. Wildcards will be passed as null. The methods may throw an InvalidArgumentException.

Returns:

The selector factory.

evaluateCondition

default boolean[] evaluateCondition(List<?> object,
 SecurityContext ctx,
 Rule rule,
 Permission askedPermission)
                             throws EvaluationException

Throws:

EvaluationException

getOrCreateFilteredPolicy

Policy getOrCreateFilteredPolicy(SecurityContext securityContext,
 List<?> objects,
 Callable<Policy> provider)
                          throws Exception

Return a policy for the given objects. This can be used to cache and reuse policies for different objects. If no cached policy is available, the given Callable can be used to create a new one.

Throws:

Exception

clearGuardCache

void clearGuardCache(SecurityContext securityContext)

Clear all cached objects belonging to the given security context.