SecurityAccessController xref

View Javadoc

1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.security;
18  
19  import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
20  
21  /***
22   * <p>
23   * This component abstracts access to security checks.
24   * Jetspeed supports two kinds of secured access:
25   * <ul>
26   * <li>Permissions</li>
27   * <li>Constraints</li>
28   * </ul>
29   * Permissions are checked via Java Security. Jetspeed implements its own security policy.
30   * Constrainted are checked via the Page Manager's constraints.
31   * Either way, the implicit Jetspeed Security Subject is applied to the security access check.
32   * </p>
33   * 
34   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
35   * @version $Id: $
36   */
37  public interface SecurityAccessController
38  {   
39      /***
40       * Use the Java Security Policy (Permissions) to make secure access checks
41       */
42      final int PERMISSIONS = 1;
43      /***
44       * Use the Jetspeed Security Constraints to make secure access checks
45       */
46      final int CONSTRAINTS = 2;
47      
48      /***
49       * <p>
50       * Checks access for the implicit active subject's access to the resource protected by the portlet permission
51       * This is an abstraction introduced in 2.1 for Permission Manager implementations NOT
52       * founded upon the a Java security policy. If the Permission Manager is configured to 
53       * run with Security Constraints, then a security constraint check is made. Otherwise, 
54       * a standard Java Security permission check is made.</p>
55       * 
56       * @param portlet The portlet to be checked
57       * @param mask A mask <code>JetspeedActions</code> such as view, edit
58       * @return true if access is granted, false if access denied based on policy or constraints
59       */
60      boolean checkPortletAccess(PortletDefinitionComposite portlet, int mask);
61      
62      /***
63       * Returns the configured security mode for this accessor
64       * This component can be configured to make Java Security Policy permission checks
65       * or Jetspeed Security Constraint checks
66       * @return either PERMISSIONS or CONSTRAINTS
67       */
68      int getSecurityMode();
69  }