org.objectweb.jac.aspects.user
Class UserAC

java.lang.Object
  extended byorg.objectweb.jac.core.AspectComponent
      extended byorg.objectweb.jac.aspects.user.UserAC
All Implemented Interfaces:
AttributeController, BaseProgramListener, Serializable, UserConf

public class UserAC
extends AspectComponent
implements UserConf, AttributeController

This aspect handles users within an application.

Any class of the application can be declared as a user representation. The aspect configurator should then declare which are the fields of this class that corresponds to the user's id (that is used to login) and to the password (not required). Users can then be bounded to profiles that define what are the elements of the application that have the right to access or not.

A profile has a list of rules associated to it. When the aspect needs to know if a user with a given profile is allowed to acess resource, it inspects the rules of the profile in the order in their declaration order, and as soon as a rule matches the resource, this rule determines if the user is granted access to the resource. A resource is a field or a method of a class. If the profile inherits another profile, the rules of the inherited profile are examined first.

See Also:
setUserClass(ClassItem,String,String,String), declareProfile(String), declareProfile(String,String), Rule, Profile, Serialized Form

Nested Class Summary
 class UserAC.FilterWrapper
           
 class UserAC.OwnerFilterWrapper
           
 
Field Summary
static String CONTEXTUAL_PROFILE
           
static String FILTER
           
 MethodItem habilitation
           
static String HABILITATION
           
static org.apache.log4j.Logger logger
           
static org.apache.log4j.Logger loggerAuth
           
static org.apache.log4j.Logger loggerFilter
           
static org.apache.log4j.Logger loggerProfile
           
static String USER
           
 
Fields inherited from class org.objectweb.jac.core.AspectComponent
application, blockKeywords, cr, currentConfigMethod, currentImports, firstCall, NOT_SHARED, SHARED, startWeavingCCount, startWeavingCount, startWeavingMethod, startWeavingType, systemListener, wrappers
 
Fields inherited from interface org.objectweb.jac.core.BaseProgramListener
FOUND_OBJECT
 
Constructor Summary
UserAC()
          The default controller registers its controlAttribute method as an access controller for the RTTI.
 
Method Summary
 void addAddable(String profile, String resourceExpr)
          Adds an addable resources set to a profile (collection dedicated).
static void addContextualProfiledUser(Object substance, Object user, Profile profile)
          Adds a contextually profiled user.
 void addCreatable(String profile, String resourceExpr)
          Adds a creatable resources set to a profile (collection dedicated).
 void addFilter(CollectionItem collection, MethodItem filter)
          For the specified collection, apply a filter on its getter, so that some items can be hidden depending on the user.
 void addOwnerFilter(String profile, ClassItem cl, String collectionName)
          For the specified collection, users will only see the objects that they own.
 void addReadable(String profile, String resourceExpr)
          Adds a readable resources set to a profile.
 void addRemovable(String profile, String resourceExpr)
          Adds an removable resources set to a profile (collection dedicated).
 void addUnaddable(String profile, String resourceExpr)
           
 void addUnreadable(String profile, String resourceExpr)
           
 void addUnremovable(String profile, String resourceExpr)
           
 void addUnwritable(String profile, String resourceExpr)
           
 void addWritable(String profile, String resourceExpr)
          Adds a writable resources set to a profile.
 void autoInitClasses(ClassItem cl, String triggerClassExpr, String triggerMethodExpr)
           
 void autoInitClasses(String classExpr)
          This method should affect all the classes that define a reference towards a user of the application and that should be seamlessly initialized to the currently logged user (instead of been filled in interactively).
 void clearProfile(String name)
          Use this config method to clear a profile so that it can be reinitialized from the config file.
 Object controlAttribute(Object substance, MetaItem item, String attrName, Object value)
          This method controls the access to a given meta item of the RTTI.
 void declareProfile(String name)
          Declares a new profile (that has no parent).
 void declareProfile(String name, String parent)
          Declares a new profile that inherits from the caracteristics of its parent.
 void defineAdministrator(String login, String password)
          Create an administrator user.
 void defineHabilitation(ClassItem cli, MethodItem habilitation)
          Defines a contextual habilitation test for instances of given class (This is a generic method to be used when the habilitation does not fit any simple scheme).
 void defineHabilitation(MethodItem habilitation)
          Defines a contextual habilitation test (this is a generic method to be used when the habilitation does not fit any simple scheme).
 Object getCurrentUser()
          Returns the user that is currently logged in.
 String getCurrentUserLogin()
          Gets the login for the currently logged user.
 String getCurrentUserPassword()
          Gets the password for the currently logged user.
 String[] getDefaultConfigs()
          Returns defaults configuration files that must be loaded before the user's configuration
 FieldItem getLoginField()
           
 Object getOwner(Object object)
          Returns the owner of an object.
 Profile getProfile(String name)
           
 Profile getProfileFromUser(Object user)
           
static UserManager getProfiles()
           
protected  List getProfiles(String authuser, Object substance)
          Gets the profiles of a user for checking access rights for an object.
 ClassItem getUserClass()
           
 Object getUserFromLogin(String login)
          Gets a user from its login as defined in setUserClass.
 String getUserLogin(Object user)
          Gets the login value for a given user.
 UserManager getUserManager()
           
 String getUserPassword(Object user)
          Gets the password value for a given user.
 void invalidateCache()
          Invalidate controlAttribute's cache.
 void setContextualProfile(ClassItem cl, String field, String profile)
          Set a contextual profile to a reference or a collection that contains user(s).
 void setProfileToUser(Object user, Profile profile)
           
 void setUserClass(ClassItem userClass, String loginField, String passwordField, String profileField)
          Sets the class of the application that must be used as a storage for the users.
static boolean userController(String username, Object wrappee, MethodItem method)
          This controlling method can be used by the authentification aspect to control that the authenticated user is valid.
static void viewProfiles(DisplayContext context, String panelID)
          Display the profiles.
 
Methods inherited from class org.objectweb.jac.core.AspectComponent
addWrapper, afterApplicationStarted, afterRunningWrapper, afterWrap, afterWrappeeInit, attr, attrdef, beforeConfiguration, beforeReload, beforeRunningWrapper, beforeWrappeeInit, configure, defines, defineTimer, doRegister, doUnregister, error, getAC, getApplication, getBlockKeywords, getConfigurationMethods, getConfigurationMethodsName, getConfigurationMethodsName, getName, getNameCounters, getWrappers, init, isConfigurationMethod, isSystemListener, onExit, pointcut, pointcut, pointcut, pointcut, pointcut, pointcut, pointcut, pointcut, setApplication, setAttribute, setAttribute, setAttribute, setSystemListener, simulateUsingNewInstance, unweave, unwrapAll, updateNameCounters, warning, weave, whenClone, whenCloseDisplay, whenConfigured, whenDeleted, whenDeserialized, whenFree, whenGetObjects, whenNameObject, whenObjectMiss, whenReload, whenRemoteInstantiation, whenSerialized, whenTopologyChanged, whenUsingNewClass, whenUsingNewInstance
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

public static final org.apache.log4j.Logger logger

loggerAuth

public static final org.apache.log4j.Logger loggerAuth

loggerProfile

public static final org.apache.log4j.Logger loggerProfile

loggerFilter

public static final org.apache.log4j.Logger loggerFilter

USER

public static final String USER
See Also:
Constant Field Values

CONTEXTUAL_PROFILE

public static final String CONTEXTUAL_PROFILE
See Also:
Constant Field Values

HABILITATION

public static final String HABILITATION
See Also:
Constant Field Values

FILTER

public static final String FILTER
See Also:
Constant Field Values

habilitation

public MethodItem habilitation
Constructor Detail

UserAC

public UserAC()
The default controller registers its controlAttribute method as an access controller for the RTTI.

Method Detail

setContextualProfile

public void setContextualProfile(ClassItem cl,
                                 String field,
                                 String profile)
Description copied from interface: UserConf
Set a contextual profile to a reference or a collection that contains user(s).

If one user is added to the given field at runtime, the user will then have the given profile for the current object.

Specified by:
setContextualProfile in interface UserConf
Parameters:
cl - the class that owns the field
field - the profiled field
profile - the profile to be set contextually

addContextualProfiledUser

public static void addContextualProfiledUser(Object substance,
                                             Object user,
                                             Profile profile)
Adds a contextually profiled user.

Parameters:
substance - object whose field(s) to set
user - user object
profile - set fields tagged with this profile

getProfileFromUser

public Profile getProfileFromUser(Object user)

setProfileToUser

public void setProfileToUser(Object user,
                             Profile profile)

getProfiles

protected List getProfiles(String authuser,
                           Object substance)
Gets the profiles of a user for checking access rights for an object.

If the user is the owner of the checked object, the "owner" profile is returned in addition to the user's profile.

Parameters:
authuser - the user's name
substance - the checked object

invalidateCache

public void invalidateCache()
Invalidate controlAttribute's cache.

See Also:
controlAttribute(Object,MetaItem,String,Object)

controlAttribute

public Object controlAttribute(Object substance,
                               MetaItem item,
                               String attrName,
                               Object value)
This method controls the access to a given meta item of the RTTI.

The profile of the current user is fetched and the permissions are checked against this profile. If the user owns the object being controlled, the "owner" profile is checked first.

Specified by:
controlAttribute in interface AttributeController
Parameters:
substance -
item - the meta item that is currently accessed
attrName - the attribute that is asked on item
value - the already fetched value (can be overriden or returned as is)
Returns:
the value that will finally be returned by the RTTI
See Also:
MetaItem.getAttribute(String), invalidateCache()

getCurrentUser

public Object getCurrentUser()
Returns the user that is currently logged in.

Returns:
the user

getUserFromLogin

public Object getUserFromLogin(String login)
Gets a user from its login as defined in setUserClass.

Parameters:
login - the user's id
Returns:
the user (instance of the user's class)
See Also:
setUserClass(ClassItem,String,String,String), getUserLogin(Object), getUserPassword(Object)

getUserLogin

public String getUserLogin(Object user)
Gets the login value for a given user.

Parameters:
user - the user object
Returns:
its login value (null if the user is null or if setUserClass is not correctly defined)
See Also:
setUserClass(ClassItem,String,String,String), getUserFromLogin(String)

getUserPassword

public String getUserPassword(Object user)
Gets the password value for a given user.

Parameters:
user - the user object
Returns:
its password value (null if the user is null or if setUserClass is not correctly defined)
See Also:
setUserClass(ClassItem,String,String,String), getUserFromLogin(String)

getCurrentUserLogin

public String getCurrentUserLogin()
Gets the login for the currently logged user.

Returns:
the login
See Also:
getCurrentUser()

getCurrentUserPassword

public String getCurrentUserPassword()
Gets the password for the currently logged user.

Returns:
the password
See Also:
getCurrentUser()

userController

public static boolean userController(String username,
                                     Object wrappee,
                                     MethodItem method)
This controlling method can be used by the authentification aspect to control that the authenticated user is valid.

Parameters:
username - the username that is given by the authenticator
wrappee - the object that is currently accessed
method - the method that is currently called
See Also:
AuthenticationAC, AuthenticationAC.setController(String,String,MethodItem)

getUserClass

public ClassItem getUserClass()

getLoginField

public FieldItem getLoginField()

setUserClass

public void setUserClass(ClassItem userClass,
                         String loginField,
                         String passwordField,
                         String profileField)
Description copied from interface: UserConf
Sets the class of the application that must be used as a storage for the users.

The users are eventually used to know what user is currently logged into the system so you should define fields that can be used to identify the user.

Specified by:
setUserClass in interface UserConf
Parameters:
userClass - the class that represents the application's users
loginField - the field that stores the login (iow the user's id)
passwordField - the field that stores the password (not mandatory it no password authentication is performed)
profileField - the field that contains the profile (if any, can be null)
See Also:
UserPasswordAuthenticator

defineAdministrator

public void defineAdministrator(String login,
                                String password)
Description copied from interface: UserConf
Create an administrator user.

A user class must have been defined with setUserClass(). The administrator user will be created only if no user with the given login already exist. If created, the administrator user will be given the "administrator" profile.

Specified by:
defineAdministrator in interface UserConf
Parameters:
login - the login name of the administrator
password - the password of the administrator
See Also:
UserConf.setUserClass(ClassItem,String,String,String)

autoInitClasses

public void autoInitClasses(String classExpr)
Description copied from interface: UserConf
This method should affect all the classes that define a reference towards a user of the application and that should be seamlessly initialized to the currently logged user (instead of been filled in interactively).

Specified by:
autoInitClasses in interface UserConf
Parameters:
classExpr - a class pointcut expression that denote all the classes that should be affected by this behavior

autoInitClasses

public void autoInitClasses(ClassItem cl,
                            String triggerClassExpr,
                            String triggerMethodExpr)

getUserManager

public UserManager getUserManager()

declareProfile

public void declareProfile(String name)
Description copied from interface: UserConf
Declares a new profile (that has no parent).

A profile is a kind of user type that has some well-defined persmissions to access or to modify elements of the configured application (e.g. the default user.acc defines an administrator profile that grants access and modification of all the elements).

Specified by:
declareProfile in interface UserConf
Parameters:
name - the profile's name
See Also:
UserConf.declareProfile(String,String)

declareProfile

public void declareProfile(String name,
                           String parent)
Description copied from interface: UserConf
Declares a new profile that inherits from the caracteristics of its parent.

All the parent access permissions can be restrained (and only restrained) by the child profile (a permission that is not granted by the parent cannot be granted by the child).

Specified by:
declareProfile in interface UserConf
Parameters:
name - the profile's name
parent - the parent profile's name
See Also:
UserConf.declareProfile(String)

getProfile

public Profile getProfile(String name)

clearProfile

public void clearProfile(String name)
Use this config method to clear a profile so that it can be reinitialized from the config file.

Specified by:
clearProfile in interface UserConf
Parameters:
name - name of the profile to clear

addReadable

public void addReadable(String profile,
                        String resourceExpr)
Description copied from interface: UserConf
Adds a readable resources set to a profile.

Specified by:
addReadable in interface UserConf
Parameters:
profile - the profile's name
resourceExpr - a regular expression that denotes a set of resources (based on package.class.member)

addUnreadable

public void addUnreadable(String profile,
                          String resourceExpr)

addWritable

public void addWritable(String profile,
                        String resourceExpr)
Description copied from interface: UserConf
Adds a writable resources set to a profile.

Specified by:
addWritable in interface UserConf
Parameters:
profile - the profile's name
resourceExpr - a regular expression that denotes a set of resources (based on package.class.member)

addUnwritable

public void addUnwritable(String profile,
                          String resourceExpr)

addRemovable

public void addRemovable(String profile,
                         String resourceExpr)
Description copied from interface: UserConf
Adds an removable resources set to a profile (collection dedicated).

Specified by:
addRemovable in interface UserConf
Parameters:
profile - the profile's name
resourceExpr - a regular expression that denotes a set of resources (based on package.class.member)

addUnremovable

public void addUnremovable(String profile,
                           String resourceExpr)

addAddable

public void addAddable(String profile,
                       String resourceExpr)
Description copied from interface: UserConf
Adds an addable resources set to a profile (collection dedicated).

Specified by:
addAddable in interface UserConf
Parameters:
profile - the profile's name
resourceExpr - a regular expression that denotes a set of resources (based on package.class.member)

addCreatable

public void addCreatable(String profile,
                         String resourceExpr)
Description copied from interface: UserConf
Adds a creatable resources set to a profile (collection dedicated).

Specified by:
addCreatable in interface UserConf
Parameters:
profile - the profile's name
resourceExpr - a regular expression that denotes a set of resources (based on package.class)

addUnaddable

public void addUnaddable(String profile,
                         String resourceExpr)

defineHabilitation

public void defineHabilitation(MethodItem habilitation)
Description copied from interface: UserConf
Defines a contextual habilitation test (this is a generic method to be used when the habilitation does not fit any simple scheme).

Specified by:
defineHabilitation in interface UserConf
Parameters:
habilitation - the contextual condition (a static method that takes the substance, the currently tested item, the action's type and that returns true if the habilitation is granted)
See Also:
UserConf.defineHabilitation(ClassItem,MethodItem)

defineHabilitation

public void defineHabilitation(ClassItem cli,
                               MethodItem habilitation)
Description copied from interface: UserConf
Defines a contextual habilitation test for instances of given class (This is a generic method to be used when the habilitation does not fit any simple scheme).

Specified by:
defineHabilitation in interface UserConf
Parameters:
cli - the class the test applies to
habilitation - the contextual condition (a static method that takes the substance, the currently tested item, the action's type (one of GuiAC.VISIBLE, GuiAC.EDITABLE, GuiAC.ADDABLE or GuiAC.REMOVABLE) and that returns true if the habilitation is granted)
See Also:
UserConf.defineHabilitation(MethodItem)

addOwnerFilter

public void addOwnerFilter(String profile,
                           ClassItem cl,
                           String collectionName)
Description copied from interface: UserConf
For the specified collection, users will only see the objects that they own.

Specified by:
addOwnerFilter in interface UserConf
Parameters:
profile - apply the filter only if the user has this profile
cl - the class holding the collection
collectionName - name of the collection attribute

addFilter

public void addFilter(CollectionItem collection,
                      MethodItem filter)
Description copied from interface: UserConf
For the specified collection, apply a filter on its getter, so that some items can be hidden depending on the user.

Specified by:
addFilter in interface UserConf
Parameters:
collection - the collection to filter
filter - a static method which takes a Collection (the one to filter), an Object (the holder of the collection), a CollectionItem, and a User and returns the filtered collection.

getOwner

public Object getOwner(Object object)

Returns the owner of an object.

The owner of an object is defined as the value of a field whose type is the type defined by setUserClass

Parameters:
object - the object
Returns:
the owner of the object, or null if the object does not have a owner.

getDefaultConfigs

public String[] getDefaultConfigs()
Description copied from class: AspectComponent
Returns defaults configuration files that must be loaded before the user's configuration

Overrides:
getDefaultConfigs in class AspectComponent

viewProfiles

public static void viewProfiles(DisplayContext context,
                                String panelID)
Display the profiles.

This method can be used as a menu callback by applications.


getProfiles

public static UserManager getProfiles()