ARoad0.gBaseInterface
Interface ImmutablePrivilege

All Superinterfaces:
ACSObject, BaseObject, BoundBean, java.lang.Cloneable, java.lang.Comparable, DetailledName, FinalizedObject, FinalizedObjectForUser
All Known Subinterfaces:
Privilege, PrivilegeForLinks, PrivilegeForType
All Known Implementing Classes:
PrivilegeAbst, PrivilegeForLinksImpl, PrivilegeForTypeImpl

public interface ImmutablePrivilege
extends ACSObject, java.lang.Cloneable, BoundBean, FinalizedObjectForUser, DetailledName, java.lang.Comparable

This interface models the Privilege, which, like ACL or AGO rights, is a type of granted or denied access right delivered to an access source for accessing to a target. A privilege instance is controlled by an ACS, and delivers immutable rights applicable to couples (source or sources set or source containers set, target or targets set). The objects in the couple may be external in some precise cases, in other words, they may do not belong to the privilege ACS. The rights of a privilege are immutable after its creation, while the AclEntry has immutable source and target, but with editable rights after the creation.

There are 7 types of privilege defined in this interface, and two interfaces which are implemented by two classes: - PrivilegeForType interface, where the static type is the main criteria to apply the privilege to sources and targets which are not known by the privilege, with the four subtypes TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC, and TYPED_FOR_SEED. TYPED_CLASSED privilege is a TYPED one with contraints on source and target classes. TYPED_CLASSED_SPECIFIC is a TYPED_CLASSED privilege for a designated source or target. TYPED_FOR_SEED is a TYPED privilege reserved for Authorization Servers. - PrivilegeForLink interface, where the dynamic links to the source and the target are the single criteria to apply the privilege, which then knows to which entities it is applied, with the three subtypes LINKED, LINKED_IF_ALL_SOURCES and LINKED_FOR_ONE_TO_ONE, and with EligibleParty as access sources, Resource and VirtualFolder as access targets. The LINKED type allows to define in one privilege, a generic set of rights, and each EligibleParty which is source have all the rights on all the targets. With LINKED_IF_ALL_SOURCES, the true access sources are not the linked sources, since they must belong to ALL the set of source containers (GroupIDMembers or DirectoryEPs) which are the authorized linked sources. The LINKED_FOR_ONE_TO_ONE type is very like an AclEntry, but with static rights and for EP and Resource VirtualFolders as targets.

Directory may manage container-for-target cascading privileges from its parent and to its children, but it is not true for VirtualFolders. At the source side, the container-for-source principle is an inner principle in GroupIDMember, and it is managed explicitly in DirectoryEP.

A Privilege instance is always dedicated to one ACS. There is a long privilege description associated to the short one. For PrivilegeForTypes, sources and target may be any ACSObject, to allow to give a privilege to a Directory, and to allow certificate seeds in Authorization Servers. For PrivilegeForLinks, sources are always EligibleParties, and only GroupIDMembers if it has the LINKED_IF_ALL_SOURCES type. For PrivilegeForLinks, access targets are Resources or VirtualFolders.

The privileges are applicable to external (that is, other ACS than the Privilege ACS) objects optionally for LINKED_FOR_ONE_TO_ONE PrivilegeForLinks, and always for TYPED_FOR_SEED PrivilegeForTypes. In the other cases, privileges are limited to their own ACS. The copy of a PrivilegeForType is for the same ACS, and the copy of a PrivilegeForLink may be for another ACS. The TYPED_FOR_SEED PrivilegeForTypes are the only privileges which are not registered in their sources and targets. See the Copyright.

See Also:
PrivilegeAbst

Method Summary
 ImmutableACS getAcsFromName(ImmutableName _name)
          Gets the ACS from the privilege name.
 java.lang.String getComment()
           
 Privilege getEmptyInstance()
           
 ImmutableACS getEorACS()
           
 java.lang.Object[] getKeyReferencesFromName(ImmutableName _privName)
          Gets the main components from the privilege name as a string, returned by getName().
 StringRight[] getL_Rights()
          Gets the effective privilege rights.
 java.lang.String getMainType()
          The main type has several uses: - to define the general behavior of the privilege, - for defining the authorized privilege standard rights.
 ImmutableName getName()
          Gets the BaseObject name of the privilege.
 boolean getPositiveRight()
           
 java.beans.PropertyChangeListener[] getPropertyChangeListeners(java.lang.String _propertyName)
          Returns the change listeners for a property.
 java.lang.String getSecondType()
          The second type is defined at the creation of the object, then it may be updated by the user.
 java.lang.String getSeeWhy()
           
 boolean isEmpty()
           
 boolean isExternalPrivilege()
          Only the privileges TYPED_FOR_SEED and LINKED_FOR_ONE_TO_ONE may be external.
 
Methods inherited from interface ARoad0.gBaseInterface.ACSObject
getAcsName
 
Methods inherited from interface ARoad0.gBaseInterface.BaseObject
equals, getFullName, getNickName, hashCode
 
Methods inherited from interface ARoad0.gBaseInterface.BoundBean
addPropertyChangeListener, addPropertyChangeListener, removePropertyChangeListener, removePropertyChangeListener
 
Methods inherited from interface ARoad0.gBaseInterface.DetailledName
getDetailledName, getDetailledNameFromName, getKeyPropertiesFromDetailledName, getNameFromDetailledName
 
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObjectForUser
finalizeForUser
 
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObject
finalizeForBase
 
Methods inherited from interface java.lang.Comparable
compareTo
 

Method Detail

getName

ImmutableName getName()
Gets the BaseObject name of the privilege. The Privilege name is composed of:

ACS:: ACS name

:: || PRIV_TYPE:: type

:: || NICK_NAME:: privilege name

:: || SENS:: 'grant' or 'deny'

:: || XXXX:: xxxx value

:: >> YYYY:: yyyy value

where:

- ':: ' is added by gBase.NameImpl.toString(),

- the type is one of the types defined in the PrivilegeAbst class,

- XXXX and YYYY are implementation-dependant values (see the relevant classes).

The reverse function of getName() is getKeyReferencesFromName(). This name is used only outside gBase, following BaseObject interface.

Specified by:
getName in interface BaseObject
Returns:
the privilege name, or null if it is an empty privilege

getMainType

java.lang.String getMainType()
The main type has several uses:

- to define the general behavior of the privilege,

- for defining the authorized privilege standard rights.

Returns:
the privilege type. As a PrivilegeAbst constant, the value may be TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC, TYPED_FOR_SEED, LINKED, LINKED_IF_ALL_SOURCE, LINKED_FOR_ONE_TO_ONE

getSecondType

java.lang.String getSecondType()
The second type is defined at the creation of the object, then it may be updated by the user. It has several uses:

- to define the type updating policy from the ACS,

- for defining the authorized privilege specialized rights,

- to manage the capacity to delete the instance.

This is not the main type, which is get by getMainType().

Returns:
second type, as for exemple "read" or "role one". Not null.

getPositiveRight

boolean getPositiveRight()
Returns:
true if the privilege rights grant access to the source, and false if the rights deny an access type.

getSeeWhy

java.lang.String getSeeWhy()
Returns:
a long description which is displayed to the user. May be null.

getL_Rights

StringRight[] getL_Rights()
Gets the effective privilege rights. Unworkable for a PrivilegeForType with a wrong initialization. If a PrivilegeForType is classed but with a null source class or target class, returns a 0-size array.

Returns:
the rights. May be a 0-size array.

getComment

java.lang.String getComment()
Returns:
privilege comment which is associated to the resource.

getEorACS

ImmutableACS getEorACS()
Specified by:
getEorACS in interface ACSObject
Returns:
ACS of this Privilege, as an External Object Reference

isEmpty

boolean isEmpty()
Returns:
true if equal to new Privilege instance

getEmptyInstance

Privilege getEmptyInstance()

isExternalPrivilege

boolean isExternalPrivilege()
Only the privileges TYPED_FOR_SEED and LINKED_FOR_ONE_TO_ONE may be external. An external privilege has exactly one source or one target that does not belong to the privilege ACS. For linked privileges, if the source or the target is null, returns always false.

Returns:
for linked privilege, true if the source or the target is from another ACS, and for a typed privilege, true if the source or the target may be from another ACS

getKeyReferencesFromName

java.lang.Object[] getKeyReferencesFromName(ImmutableName _privName)
                                            throws CreateError
Gets the main components from the privilege name as a string, returned by getName(). These key components define fully the privilege instance. This method is implemented by each PrivilegeAbst subclass, and the result depends on the subclass: PrivilegeForType or PrivilegeForLinks.

The Privilege name is composed of ACS:: _aCS name:: >> PRIV_TYPE:: type:: >> PRIV_NAME:: _shortPrivilege :: >> XXXX:: _firstObject:: >> YYYY:: _secondObject

where:

- ':: ' is added by gBase.NameImpl.toString(),

- the type is one of the constants defined in the PrivilegeAbst class

- XXXX and YYYY are implementation-dependant values

- YYYY is optional.

This method is used by Gui1.PropertyEditor to remove a privilege from a list displaying the privilege name in the beamer.

Parameters:
_privName - is the privilege name, get through getName()
Returns:
null if the name format is wrong (for PrivilegeForType or PrivilegeForLinks), or an array of the 6 Privilege components:

- index 0: name of the ACS which manages this privilege (ImmutableName)

- index 1: a privilege type among the constant types defined in the PrivilegeAbst class (String)

- index 2: short privilege description (String)

- index 3: XXXX is an implementation-dependant value.

- index 4: YYYY is an implementation-dependant value, if it exists.

Throws:
CreateError - if a main component string is not provided by NameImpl.toString()

getAcsFromName

ImmutableACS getAcsFromName(ImmutableName _name)
                            throws BaseError
Gets the ACS from the privilege name.

Parameters:
_name - a privilege name
Returns:
the opened ACS.
Throws:
BaseError - if the argument is not a privilege name, if it is a closed ACS or if it is unknown

getPropertyChangeListeners

java.beans.PropertyChangeListener[] getPropertyChangeListeners(java.lang.String _propertyName)
Returns the change listeners for a property. Used by the AcsAddons.

Parameters:
_propertyName - name of the listened property.
Returns:
the change listeners. May be null or empty.