1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.security;
18
19 import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
20
21 /***
22 * <p>
23 * This component abstracts access to security checks.
24 * Jetspeed supports two kinds of secured access:
25 * <ul>
26 * <li>Permissions</li>
27 * <li>Constraints</li>
28 * </ul>
29 * Permissions are checked via Java Security. Jetspeed implements its own security policy.
30 * Constrainted are checked via the Page Manager's constraints.
31 * Either way, the implicit Jetspeed Security Subject is applied to the security access check.
32 * </p>
33 *
34 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
35 * @version $Id: $
36 */
37 public interface SecurityAccessController
38 {
39 /***
40 * Use the Java Security Policy (Permissions) to make secure access checks
41 */
42 final int PERMISSIONS = 1;
43 /***
44 * Use the Jetspeed Security Constraints to make secure access checks
45 */
46 final int CONSTRAINTS = 2;
47
48 /***
49 * <p>
50 * Checks access for the implicit active subject's access to the resource protected by the portlet permission
51 * This is an abstraction introduced in 2.1 for Permission Manager implementations NOT
52 * founded upon the a Java security policy. If the Permission Manager is configured to
53 * run with Security Constraints, then a security constraint check is made. Otherwise,
54 * a standard Java Security permission check is made.</p>
55 *
56 * @param portlet The portlet to be checked
57 * @param mask A mask <code>JetspeedActions</code> such as view, edit
58 * @return true if access is granted, false if access denied based on policy or constraints
59 */
60 boolean checkPortletAccess(PortletDefinitionComposite portlet, int mask);
61
62 /***
63 * Returns the configured security mode for this accessor
64 * This component can be configured to make Java Security Policy permission checks
65 * or Jetspeed Security Constraint checks
66 * @return either PERMISSIONS or CONSTRAINTS
67 */
68 int getSecurityMode();
69 }