|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--org.objectweb.jac.core.AspectComponent | +--org.objectweb.jac.aspects.user.UserAC
This aspect handles users within an application.
Any class of the application can be declared as a user representation. The aspect configurator should then declare which are the fields of this class that corresponds to the user's id (that is used to login) and to the password (not required). Users can then be bounded to profiles that define what are the elements of the application that have the right to access or not.
A profile has a list of rules associated to it. When the aspect needs to know if a user with a given profile is allowed to acess resource, it inspects the rules of the profile in the order in their declaration order, and as soon as a rule matches the resource, this rule determines if the user is granted access to the resource. A resource is a field or a method of a class. If the profile inherits another profile, the rules of the inherited profile are examined first.
setUserClass(ClassItem,String,String,String)
,
declareProfile(String)
,
declareProfile(String,String)
,
Rule
,
Profile
,
Serialized FormNested Class Summary | |
class |
UserAC.FilterWrapper
|
static class |
UserAC.OwnerFilterWrapper
|
Field Summary | |
static String |
CONTEXTUAL_PROFILE
|
static String |
FILTER
|
MethodItem |
habilitation
|
static String |
HABILITATION
|
static org.apache.log4j.Logger |
logger
|
static org.apache.log4j.Logger |
loggerAuth
|
static org.apache.log4j.Logger |
loggerFilter
|
static org.apache.log4j.Logger |
loggerProfile
|
static String |
USER
|
Fields inherited from class org.objectweb.jac.core.AspectComponent |
application, blockKeywords, cr, currentConfigMethod, currentImports, firstCall, NOT_SHARED, SHARED, startWeavingCCount, startWeavingCount, startWeavingMethod, startWeavingType, systemListener, wrappers |
Fields inherited from interface org.objectweb.jac.core.BaseProgramListener |
FOUND_OBJECT |
Constructor Summary | |
UserAC()
The default controller registers its controlAttribute method as an access controller for
the RTTI. |
Method Summary | |
void |
addAddable(String profile,
String resourceExpr)
Adds an addable resources set to a profile (collection dedicated). |
static void |
addContextualProfiledUser(Object substance,
Object user,
Profile profile)
Adds a contextually profiled user. |
void |
addCreatable(String profile,
String resourceExpr)
Adds a creatable resources set to a profile (collection dedicated). |
void |
addFilter(CollectionItem collection,
MethodItem filter)
For the specified collection, apply a filter on its getter, so that some items can be hidden depending on the user. |
void |
addOwnerFilter(String profile,
ClassItem cl,
String collectionName)
For the specified collection, users will only see the objects that they own. |
void |
addReadable(String profile,
String resourceExpr)
Adds a readable resources set to a profile. |
void |
addRemovable(String profile,
String resourceExpr)
Adds an removable resources set to a profile (collection dedicated). |
void |
addUnaddable(String profile,
String resourceExpr)
|
void |
addUnreadable(String profile,
String resourceExpr)
|
void |
addUnremovable(String profile,
String resourceExpr)
|
void |
addUnwritable(String profile,
String resourceExpr)
|
void |
addWritable(String profile,
String resourceExpr)
Adds a writable resources set to a profile. |
void |
autoInitClasses(ClassItem cl,
String triggerClassExpr,
String triggerMethodExpr)
|
void |
autoInitClasses(String classExpr)
This method should affect all the classes that define a reference towards a user of the application and that should be seamlessly initialized to the currently logged user (instead of been filled in interactively). |
void |
clearProfile(String name)
Use this config method to clear a profile so that it can be reinitialized from the config file. |
Object |
controlAttribute(Object substance,
MetaItem item,
String attrName,
Object value)
This method controls the access to a given meta item of the RTTI. |
void |
declareProfile(String name)
Declares a new profile (that has no parent). |
void |
declareProfile(String name,
String parent)
Declares a new profile that inherits from the caracteristics of its parent. |
void |
defineAdministrator(String login,
String password)
Create an administrator user. |
void |
defineHabilitation(ClassItem cli,
MethodItem habilitation)
Defines a contextual habilitation test for instances of given class (This is a generic method to be used when the habilitation does not fit any simple scheme). |
void |
defineHabilitation(MethodItem habilitation)
Defines a contextual habilitation test (this is a generic method to be used when the habilitation does not fit any simple scheme). |
Object |
getCurrentUser()
Returns the user that is currently logged in. |
String |
getCurrentUserLogin()
Gets the login for the currently logged user. |
String |
getCurrentUserPassword()
Gets the password for the currently logged user. |
String[] |
getDefaultConfigs()
Returns defaults configuration files that must be loaded before the user's configuration |
FieldItem |
getLoginField()
|
Object |
getOwner(Object object)
Returns the owner of an object. |
Profile |
getProfile(String name)
|
Profile |
getProfileFromUser(Object user)
|
static UserManager |
getProfiles()
|
protected List |
getProfiles(String authuser,
Object substance)
Gets the profiles of a user for checking access rights for an object. |
ClassItem |
getUserClass()
|
Object |
getUserFromLogin(String login)
Gets a user from its login as defined in setUserClass . |
String |
getUserLogin(Object user)
Gets the login value for a given user. |
UserManager |
getUserManager()
|
String |
getUserPassword(Object user)
Gets the password value for a given user. |
void |
invalidateCache()
Invalidate controlAttribute's cache. |
void |
setContextualProfile(ClassItem cl,
String field,
String profile)
Set a contextual profile to a reference or a collection that contains user(s). |
void |
setProfileToUser(Object user,
Profile profile)
|
void |
setUserClass(ClassItem userClass,
String loginField,
String passwordField,
String profileField)
Sets the class of the application that must be used as a storage for the users. |
static boolean |
userController(String username,
Object wrappee,
MethodItem method)
This controlling method can be used by the authentification aspect to control that the authenticated user is valid. |
static void |
viewProfiles(DisplayContext context,
String panelID)
Display the profiles. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final org.apache.log4j.Logger logger
public static final org.apache.log4j.Logger loggerAuth
public static final org.apache.log4j.Logger loggerProfile
public static final org.apache.log4j.Logger loggerFilter
public static final String USER
public static final String CONTEXTUAL_PROFILE
public static final String HABILITATION
public static final String FILTER
public MethodItem habilitation
Constructor Detail |
public UserAC()
controlAttribute
method as an access controller for
the RTTI.
Method Detail |
public void setContextualProfile(ClassItem cl, String field, String profile)
UserConf
If one user is added to the given field at runtime, the user will then have the given profile for the current object.
setContextualProfile
in interface UserConf
cl
- the class that owns the fieldfield
- the profiled fieldprofile
- the profile to be set contextuallypublic static void addContextualProfiledUser(Object substance, Object user, Profile profile)
substance
- object whose field(s) to setuser
- user objectprofile
- set fields tagged with this profilepublic Profile getProfileFromUser(Object user)
public void setProfileToUser(Object user, Profile profile)
protected List getProfiles(String authuser, Object substance)
If the user is the owner of the checked object, the "owner" profile is returned in addition to the user's profile.
authuser
- the user's namesubstance
- the checked objectpublic void invalidateCache()
controlAttribute(Object,MetaItem,String,Object)
public Object controlAttribute(Object substance, MetaItem item, String attrName, Object value)
The profile of the current user is fetched and the permissions are checked against this profile. If the user owns the object being controlled, the "owner" profile is checked first.
controlAttribute
in interface AttributeController
substance
- item
- the meta item that is currently accessedattrName
- the attribute that is asked on item
value
- the already fetched value (can be overriden or
returned as is)
MetaItem.getAttribute(String)
,
invalidateCache()
public Object getCurrentUser()
public Object getUserFromLogin(String login)
setUserClass
.
login
- the user's id
setUserClass(ClassItem,String,String,String)
,
getUserLogin(Object)
,
getUserPassword(Object)
public String getUserLogin(Object user)
user
- the user object
null if the user is
null
or if setUserClass
is not
correctly defined)- See Also:
setUserClass(ClassItem,String,String,String)
,
getUserFromLogin(String)
public String getUserPassword(Object user)
user
- the user object
null if the user is
null
or if setUserClass
is not
correctly defined)- See Also:
setUserClass(ClassItem,String,String,String)
,
getUserFromLogin(String)
public String getCurrentUserLogin()
getCurrentUser()
public String getCurrentUserPassword()
getCurrentUser()
public static boolean userController(String username, Object wrappee, MethodItem method)
username
- the username that is given by the authenticatorwrappee
- the object that is currently accessedmethod
- the method that is currently calledAuthenticationAC
,
AuthenticationAC.setController(String,String,MethodItem)
public ClassItem getUserClass()
public FieldItem getLoginField()
public void setUserClass(ClassItem userClass, String loginField, String passwordField, String profileField)
UserConf
The users are eventually used to know what user is currently logged into the system so you should define fields that can be used to identify the user.
setUserClass
in interface UserConf
userClass
- the class that represents the application's
usersloginField
- the field that stores the login (iow the
user's id)passwordField
- the field that stores the password (not
mandatory it no password authentication is performed)profileField
- the field that contains the profile (if
any, can be null)UserPasswordAuthenticator
public void defineAdministrator(String login, String password)
UserConf
A user class must have been defined with
setUserClass()
. The administrator user will be
created only if no user with the given login already exist. If
created, the administrator user will be given the
"administrator" profile.
defineAdministrator
in interface UserConf
login
- the login name of the administratorpassword
- the password of the administratorUserConf.setUserClass(ClassItem,String,String,String)
public void autoInitClasses(String classExpr)
UserConf
autoInitClasses
in interface UserConf
classExpr
- a class pointcut expression that denote all the
classes that should be affected by this behaviorpublic void autoInitClasses(ClassItem cl, String triggerClassExpr, String triggerMethodExpr)
public UserManager getUserManager()
public void declareProfile(String name)
UserConf
A profile is a kind of user type that has some well-defined
persmissions to access or to modify elements of the configured
application (e.g. the default user.acc
defines an
administrator
profile that grants access and
modification of all the elements).
declareProfile
in interface UserConf
name
- the profile's nameUserConf.declareProfile(String,String)
public void declareProfile(String name, String parent)
UserConf
All the parent access permissions can be restrained (and only restrained) by the child profile (a permission that is not granted by the parent cannot be granted by the child).
declareProfile
in interface UserConf
name
- the profile's nameparent
- the parent profile's nameUserConf.declareProfile(String)
public Profile getProfile(String name)
public void clearProfile(String name)
clearProfile
in interface UserConf
name
- name of the profile to clearpublic void addReadable(String profile, String resourceExpr)
UserConf
addReadable
in interface UserConf
profile
- the profile's nameresourceExpr
- a regular expression that denotes a set of
resources (based on package.class.member
)public void addUnreadable(String profile, String resourceExpr)
public void addWritable(String profile, String resourceExpr)
UserConf
addWritable
in interface UserConf
profile
- the profile's nameresourceExpr
- a regular expression that denotes a set of
resources (based on package.class.member
)public void addUnwritable(String profile, String resourceExpr)
public void addRemovable(String profile, String resourceExpr)
UserConf
addRemovable
in interface UserConf
profile
- the profile's nameresourceExpr
- a regular expression that denotes a set of
resources (based on package.class.member
)public void addUnremovable(String profile, String resourceExpr)
public void addAddable(String profile, String resourceExpr)
UserConf
addAddable
in interface UserConf
profile
- the profile's nameresourceExpr
- a regular expression that denotes a set of
resources (based on package.class.member
)public void addCreatable(String profile, String resourceExpr)
UserConf
addCreatable
in interface UserConf
profile
- the profile's nameresourceExpr
- a regular expression that denotes a set of
resources (based on package.class
)public void addUnaddable(String profile, String resourceExpr)
public void defineHabilitation(MethodItem habilitation)
UserConf
defineHabilitation
in interface UserConf
habilitation
- the contextual condition (a static method
that takes the substance, the currently tested item, the
action's type and that returns true if the habilitation is
granted)UserConf.defineHabilitation(ClassItem,MethodItem)
public void defineHabilitation(ClassItem cli, MethodItem habilitation)
UserConf
defineHabilitation
in interface UserConf
cli
- the class the test applies tohabilitation
- the contextual condition (a static method that
takes the substance, the currently tested item, the action's
type (one of GuiAC.VISIBLE, GuiAC.EDITABLE, GuiAC.ADDABLE
or GuiAC.REMOVABLE) and that returns true if the habilitation is
granted)UserConf.defineHabilitation(MethodItem)
public void addOwnerFilter(String profile, ClassItem cl, String collectionName)
UserConf
addOwnerFilter
in interface UserConf
profile
- apply the filter only if the user has this profilecl
- the class holding the collectioncollectionName
- name of the collection attributepublic void addFilter(CollectionItem collection, MethodItem filter)
UserConf
addFilter
in interface UserConf
collection
- the collection to filterfilter
- a static method which takes a Collection (the one
to filter), an Object (the holder of the collection), a
CollectionItem, and a User and returns the filtered collection.public Object getOwner(Object object)
Returns the owner of an object.
The owner of an object is defined as the value of a field
whose type is the type defined by setUserClass
object
- the object
public String[] getDefaultConfigs()
AspectComponent
getDefaultConfigs
in class AspectComponent
public static void viewProfiles(DisplayContext context, String panelID)
This method can be used as a menu callback by applications.
public static UserManager getProfiles()
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |