|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.ObjectARoad0.gBase.PrivilegeAbst
public abstract class PrivilegeAbst
This abstract class is used by its subclasses for creating the Privileges. A privilege instance is controlled by an ACS, and delivers rights applicable to couples (source or sources set or source containers set, target or targets set). The rights of a privilege are immutable after its creation, while the AclEntry has immutable source and target, but with editable rights after the creation. The objects in the couple may be external sometimes. In other words, they do not belong to the privilege ACS. If the ACS constraints define no rights, the privilege cannot have any effective right. These ACS constraints depend on the privilege main type.
There are 7 main types of privilege defined in this class, and two interfaces which are implemented by two classes: - PrivilegeForType interface, where the source and target types are the main criteria to apply the privilege rights to sources and targets which are not known by the privilege, with the four types TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC, and TYPED_FOR_SEED. TYPED_CLASSED privilege is a TYPED one with contraints on source and target classes. TYPED_CLASSED_SPECIFIC is a TYPED_CLASSED privilege for designated source or target. TYPED_FOR_SEED is a TYPED privilege reserved for Authorization (or Rights) Servers. - PrivilegeForLinks interface, where the dynamic links to the source and the target are the single criteria to apply the privilege, which then knows to which entities it is applied, with the three types LINKED, LINKED_IF_ALL_SOURCES and LINKED_FOR_ONE_TO_ONE. The access sources are EligibleParties, and the access targets are Resources or VirtualFolders. The LINKED type allows to define in one privilege, a immutable set of rights, and each EligibleParty which is source have all the rights on all the targets. With LINKED_IF_ALL_SOURCES, the true access sources are not the linked sources, since they must be EligibleParties belonging to ALL the set of source containers (GroupIDMembers or DirectoryEPs) which are the authorized linked sources. The LINKED_FOR_ONE_TO_ONE type is very like an AclEntry, but with static rights, for GroupIDs only as sources, but for Resources, EP and Resource VirtualFolders as targets (VirtualFolders are not used by AclEntry).
Directory and Resource may manage container-for-target privilege inheritance from its parent and to its children, but this is provided only for PrivilegeForLinks having the types LINKED and LINKED_FOR_ONE_TO_ONE, and only one target is then possible. At the source side, the container-for-source principle is an inner principle in GroupID to deliver rights to its members. The container-for-source principle is also managed in DirectoryEP (future version) to deliver rights to its children.
A Privilege instance is always dedicated to one ACS. There is a 'See why' description to complement the comment. For PrivilegeForTypes, sources and target may be any ACSObject, to allow to give a privilege to a Directory, and to allow certificate seeds in Authorization Servers. For most of the PrivilegeForLinks, the source is any EligibleParty, but only GroupIDMembers are allowed for the LINKED_IF_ALL_SOURCES type, and only GroupIDs are allowed for the LINKED_FOR_ONE_TO_ONE type. For PrivilegeForLinks, access targets are only Resources or VirtualFolders.
The privileges may be applicable to external objects (that is, other ACS than the Privilege ACS) for LINKED_FOR_ONE_TO_ONE PrivilegeForLinks, and they are always applicable for the TYPED_FOR_SEED PrivilegeForTypes. In the other cases, privileges are limited to their own ACS objects. The copy of PrivilegeForType is for the same ACS, and the copy of PrivilegeForLinks may be for another ACS. The TYPED_FOR_SEED PrivilegeForTypes are the only privileges which are not registered in their sources and targets. The external LINKED_FOR_ONE_TO_ONE PrivilegeForLinks change their detailled names when the state external/internal changes. An ACS saving produces the deleting of the external LINKED_FOR_ONE_TO_ONE PrivilegeForLinks to be replaced, at the next ACS restoring, by some true copies. An ACS cannot manage both the external AclEntries and the external linked Privileges.
All the typed privileges have a detailled name which starts with 'TYPED'. All the linked privileges have a detailled name which starts with 'LINKED', but after the ACS name if it is an external linked privilege. Starting with 'TYPED' is detected by Gui2.ExplorerTreeCellRenderer.getTreeCellRendererComponent(). Each main type may be used to set some constraints in the ACS on the allowed rights. For instance, 'Privilege.PrivilegeRights.TYPED' is a possible key for a standard rights policy in the ACS. It is also possible to use specialized rights and to select them from the type, exactly like a Resource or an EligibleParty.
It is a javabean with the following bound properties:
- 'Comment'
- 'SeeWhy' is an optional description, usually longer than the comment
- 'SecondType'
The listeners are proper to this instance, outside gBase, transient (not serialized in this instance backup). They are called in any order. They receive only a copy of the new value, to protect the property. All the exceptions from the listeners are catched, and a dialog box is displayed to inform the user. See the Copyright.
Privilege
,
Serialized FormField Summary | |
---|---|
protected ImmutableACS |
aCS_
The ACS which manages the privilege. |
protected ImmutableName |
acsName_
The acs name, wich is used in clone() |
protected java.beans.PropertyChangeSupport |
changeSupport_
manages all the property change listeners of this classes and its subclasses |
protected java.lang.String |
comment_
Privilege comment updated by the user |
protected java.lang.String |
detailledName_
The privilege key is built up with the format: privilegeType >> nickName || grant/deny. |
static Privilege |
EMPTY_INSTANCE
The empty instance is an empty PrivilegeForType |
protected static int |
INCREMENT_CAPACITY
|
protected static int |
INITIAL_CAPACITY
|
protected StringRight[] |
l_rights_
Positive or negative rights set for the privilege |
protected static java.util.List |
L_TYPES
|
static java.lang.String |
LINKED
|
static java.lang.String |
LINKED_FOR_ONE_TO_ONE
|
static java.lang.String |
LINKED_IF_ALL_SOURCES
|
protected java.lang.String |
mainType_
The possible values of the main type are in L_TYPES. |
protected java.lang.String |
nickName_
Short privilege description displayed to the user in the beamer |
protected boolean |
positiveRight_
|
protected static int |
PRIME
|
protected java.lang.String |
secondType_
The possible values of the second type are defined by the ACS. |
protected java.lang.String |
seeWhy_
Long description to understand the privilege |
static java.io.ObjectStreamField[] |
serialPersistentFields
variable for the JDK 2 serialization |
private static long |
serialVersionUID
|
static java.lang.String |
TYPED
|
static java.lang.String |
TYPED_CLASSED
|
static java.lang.String |
TYPED_CLASSED_SPECIFIC
|
static java.lang.String |
TYPED_FOR_SEED
|
Constructor Summary | |
---|---|
PrivilegeAbst()
Constructor to use only as a transient value for initialization, or used from ARoad0.gBase.PrivilegeImplBeanInfo.getPropertyDescriptors() in ARoad0.Gui1.CollectionPropertyEditor.getValue(). |
|
PrivilegeAbst(ACS _aCS,
java.lang.String _nickName,
java.lang.String _mainType,
StringRight[] _l_rights,
java.lang.String _secondType)
This is the only way to create an instance. |
Method Summary | |
---|---|
void |
addPropertyChangeListener(java.beans.PropertyChangeListener _l)
Adds a listener to the bean. |
void |
addPropertyChangeListener(java.lang.String _propertyName,
java.beans.PropertyChangeListener _l)
Adds a listener to the bean. |
protected static java.lang.String |
buildUpDetailledName(java.lang.String _mainType,
java.lang.String _nickName,
java.lang.String _firstRight,
java.lang.String _sourceType,
java.lang.String _targetType)
This method allows to create the detailled name, unique in the ACS. |
java.lang.Object |
clone()
Used to clone a Privilege when an acs is closing, or to clone an ACS. |
int |
compareTo(java.lang.Object o)
Based on the main type first, and then on the nick name, if the main types are equals, then on the detailled names at the end. |
boolean |
equals(java.lang.Object _obj)
|
void |
finalizeForBase()
It sets to null almost all variables, so the instance is equals to a new PrivilegeAbst(). |
void |
finalizeForUser()
It sets to null almost all variables, so the instance is equals to a new PrivilegeForTypeImpl(). |
protected void |
firePropertyChange(java.lang.String _propertyName,
java.lang.Object _oldValue,
java.lang.Object _newValue)
Fires an event to every registered listener, in any order. |
ImmutableACS |
getAcsFromName(ImmutableName _name)
Gets the ACS from the privilege name. |
ImmutableName |
getAcsName()
|
java.lang.String |
getComment()
|
java.lang.String |
getDetailledName()
This method returns the detailled name for the explorer, which gives the key components of the object. |
java.lang.String |
getDetailledNameFromName(ImmutableName _name)
Gets the detailled name from the privilege name. |
ImmutableACS |
getEorACS()
|
ImmutableName[] |
getKeyPropertiesFromDetailledName(java.lang.String _displayedName)
Extracts the 3 key properties from the key of an object. |
static java.util.List<java.lang.String> |
getL_PrivilegeTypes()
Gets the immutable main types, not the second types which depends on the ACS. |
StringRight[] |
getL_Rights()
Gets the effective privilege rights. |
java.lang.String |
getMainType()
The main type has several uses: - to define the general behavior of the privilege, - to define the authorized privilege standard rights. |
ImmutableName |
getNameFromDetailledName(ImmutableACS _acs,
java.lang.String _detailledName)
Extracts the BaseObject name from the detailled name of a Privilege. |
java.lang.String |
getNickName()
This short name is NOT unique for the Access Road program nor the ACS if it is an ACS object. |
boolean |
getPositiveRight()
|
java.lang.String |
getPreviousDetailledName()
This method returns the previous detailled name for the explorer, which gives the key components of the object. |
java.beans.PropertyChangeListener[] |
getPropertyChangeListeners(java.lang.String _propertyName)
Returns the change listeners for a property. |
java.lang.String |
getSecondType()
The second type is defined at the creation of the object, then it may be updated by the user. |
java.lang.String |
getSeeWhy()
Currently unused. |
long |
getSerialVersionUID()
Return long value for serialization |
int |
hashCode()
Note: cannot use detailledName_ because it may be changed in PrivilegeForLinksImpl. |
void |
removePropertyChangeListener(java.beans.PropertyChangeListener _l)
removes a listener to the bean. |
void |
removePropertyChangeListener(java.lang.String _propertyName,
java.beans.PropertyChangeListener _l)
Removes a listener to the bean. |
void |
setComment(java.lang.String _s)
Sets any comment related to this privilege. |
protected void |
setRights(StringRight[] _st)
Sets the rights array mainly at the instance construction. |
void |
setSecondType(java.lang.String _st)
If the new value is allowed by the ACS, sets the second type of this privilege. |
void |
setSeeWhy(java.lang.String _see)
Currently unused. |
Methods inherited from class java.lang.Object |
---|
finalize, getClass, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface ARoad0.gBaseInterface.ImmutablePrivilege |
---|
getEmptyInstance, getKeyReferencesFromName, getName, isEmpty, isExternalPrivilege |
Methods inherited from interface ARoad0.gBaseInterface.BaseObject |
---|
getFullName |
Field Detail |
---|
private static final long serialVersionUID
protected static final int PRIME
protected static final int INITIAL_CAPACITY
protected static final int INCREMENT_CAPACITY
public static final java.lang.String TYPED
public static final java.lang.String TYPED_CLASSED
public static final java.lang.String TYPED_CLASSED_SPECIFIC
public static final java.lang.String TYPED_FOR_SEED
public static final java.lang.String LINKED
public static final java.lang.String LINKED_IF_ALL_SOURCES
public static final java.lang.String LINKED_FOR_ONE_TO_ONE
protected static final java.util.List L_TYPES
protected ImmutableACS aCS_
protected ImmutableName acsName_
protected java.lang.String detailledName_
protected java.lang.String nickName_
protected java.lang.String seeWhy_
protected java.lang.String comment_
protected StringRight[] l_rights_
protected java.lang.String mainType_
protected boolean positiveRight_
protected java.lang.String secondType_
public static final Privilege EMPTY_INSTANCE
protected transient java.beans.PropertyChangeSupport changeSupport_
public static final java.io.ObjectStreamField[] serialPersistentFields
Constructor Detail |
---|
public PrivilegeAbst()
PrivilegeAbst(ACS _aCS, java.lang.String _nickName, java.lang.String _mainType, StringRight[] _l_rights, java.lang.String _secondType) throws CreateError
_aCS
- is the ACS which owns this Privilege.
Non-null External Object Reference.
This instance is not registered in the ACS; it is done
by subclasses._nickName
- is the short privilege name. Cannot be null.
It may be the StringRight.getRight() value of the main right in the privilege._mainType
- must be one of the PrivilegeAbst constant_l_rights
- is a StringRight array of privilege rights.
May be null, but a null value is not allowed at the first position.
Creates an empty array with a length of 0 if the argument is null.
All rights have to be all positive or all negative._secondType
- second type which drives the rights and the immutability,
just like a Basic type. If null, the value is set to "<undefined>".
CreateError
- if the rights or the privilege type is not correct,
or if the nick name contains '::' or '>>', contains a character that is not a letter,
if a null right or a right which is not authorized.
java.lang.InternalError
- if the ACS does not manage the privilege rights,
or the required privilege type.Method Detail |
---|
protected static java.lang.String buildUpDetailledName(java.lang.String _mainType, java.lang.String _nickName, java.lang.String _firstRight, java.lang.String _sourceType, java.lang.String _targetType) throws CreateError
privilegeType || nickName || first right
Called by the constructors, PrivilegeForType.getDetailledNameFromNameForType() and PrivilegeForLinks.getDetailledNameFromNameForLinks(). Overridden by PrivilegeForTypeImpl and PrivilegeForLinksImpl.
_mainType
- main type of the privilege. Never null._nickName
- nick name of the privilege. Never null._firstRight
- first right of the privilege. Never null._sourceType
- source type of the privilege. Used only in PrivilegeForTypeImpl
which overrides this method, and unused otherwise._targetType
- target type of the privilege. Used only in PrivilegeForTypeImpl
which overrides this method, and unused otherwise.
CreateError
- if '||', '>>' or '::' is in _nickNamepublic static final java.util.List<java.lang.String> getL_PrivilegeTypes()
public ImmutableACS getAcsFromName(ImmutableName _name) throws BaseError
getAcsFromName
in interface ImmutablePrivilege
_name
- a privilege name
BaseError
- if the argument is not a privilege name, if
it is a closed ACS or if it is unknownpublic java.lang.String getDetailledNameFromName(ImmutableName _name) throws BaseError
getDetailledNameFromName
in interface DetailledName
_name
- name of a typed or a linked privilege
BaseError
- if the argument has a wrong formatbuildUpDetailledName(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
public ImmutableName getAcsName()
getAcsName
in interface ACSObject
public java.lang.String getNickName()
getNickName
in interface BaseObject
public java.lang.String getDetailledName()
privilegeType || nickName || grant/deny
or, for a PrivilegeForType:
privilegeType || nickName || first right || source type >> target type
Furthermore, an external privilege starts with 'ACS: acs_name | '.
getDetailledName
in interface DetailledName
getKeyPropertiesFromDetailledName(java.lang.String)
public java.lang.String getPreviousDetailledName()
public final java.lang.String getMainType()
- to define the general behavior of the privilege,
- to define the authorized privilege standard rights.
getMainType
in interface ImmutablePrivilege
public java.lang.String getSecondType()
- to define the type updating policy from the ACS,
- to define the authorized privilege specialized rights,
- to manage the capacity to delete the instance.
This is not the main type, which is get by getMainType().
getSecondType
in interface ImmutablePrivilege
public void setSecondType(java.lang.String _st) throws UpDateError
setSecondType
in interface Privilege
_st
- second type of the privilege. It is not the main type.
UpDateError
- if the type is null, starts with '<byAcsCreator>',
or not known by the ACS, or not associated to the previous type.public final boolean getPositiveRight()
getPositiveRight
in interface ImmutablePrivilege
public final java.lang.String getSeeWhy()
getSeeWhy
in interface ImmutablePrivilege
public final StringRight[] getL_Rights()
getL_Rights
in interface ImmutablePrivilege
protected void setRights(StringRight[] _st) throws CreateError
Controls the rights constraints in the ACS from the privilege main type. If there is a null array of allowed rights, no right is set and there is an exception.
Creates a 0-size array if the argument is null. Controls if the rights are allowed by the ACS, and it may depend on the privilege type if they are some matched specialized rights in the ACS. Only non-null, non-empty rights are set as new rights, if they have the sens of the property positiveRight_. If they have another sens, they are simply forgotten without exception. It is not a bound property; no event "PrivilegeRights" firing to the listeners. Sets the positiveRight_ property. Calls BaseUtilityImpl.getL_AcsRestrictedRights() for having the range of the authorized values. Calls UtilityImpl.selectHeaders(). Called only by the constructors.
_st
- is a StringRight array of rights
for the couple (resource, eligibleparty) in the Privilege ACS.
The actual list of authorized rights depends on the ACS.
_st cannot be null.
CreateError
- if a right is not allowed by the ACS, or null rights,
or if all rights have not the same sens.public final void setSeeWhy(java.lang.String _see)
setSeeWhy
in interface Privilege
_see
- may be null.public final void setComment(java.lang.String _s)
setComment
in interface Privilege
_s
- comment which is associated to the privilege.public final java.lang.String getComment()
getComment
in interface ImmutablePrivilege
public final ImmutableACS getEorACS()
getEorACS
in interface ACSObject
getEorACS
in interface ImmutablePrivilege
public void addPropertyChangeListener(java.lang.String _propertyName, java.beans.PropertyChangeListener _l)
addPropertyChangeListener
in interface BoundBean
_propertyName
- String is the name of the property_l
- PropertyChangeListener to addpublic void addPropertyChangeListener(java.beans.PropertyChangeListener _l)
addPropertyChangeListener
in interface BoundBean
_l
- PropertyChangeListener to addpublic void removePropertyChangeListener(java.lang.String _propertyName, java.beans.PropertyChangeListener _l)
removePropertyChangeListener
in interface BoundBean
_propertyName
- String is the name of the property_l
- PropertyChangeListener to removepublic void removePropertyChangeListener(java.beans.PropertyChangeListener _l)
removePropertyChangeListener
in interface BoundBean
_l
- PropertyChangeListener to removepublic java.beans.PropertyChangeListener[] getPropertyChangeListeners(java.lang.String _propertyName)
getPropertyChangeListeners
in interface ImmutablePrivilege
_propertyName
- name of the listened property.
public java.lang.Object clone()
clone
in class java.lang.Object
public int hashCode()
hashCode
in interface BaseObject
hashCode
in class java.lang.Object
public boolean equals(java.lang.Object _obj)
equals
in interface BaseObject
equals
in class java.lang.Object
_obj
- to compare.
public int compareTo(java.lang.Object o) throws java.lang.ClassCastException
compareTo
in interface java.lang.Comparable
o
- to compare must be an ImmutableAclEntry
java.lang.ClassCastException
- - if the specified object's type
prevents it from being compared to this current Objectpublic long getSerialVersionUID()
public final ImmutableName[] getKeyPropertiesFromDetailledName(java.lang.String _displayedName) throws BaseError
getKeyPropertiesFromDetailledName
in interface DetailledName
_displayedName
- is the detailled name of a privilege
- at the index 0, the main type in a one-component name
- at the index 1, the nick name in a one-component name
- at the index 2, the first right name in a one-component name
BaseError
- if the argument is not a valid key,
or if a main component string is not provided by NameImpl.toString().public ImmutableName getNameFromDetailledName(ImmutableACS _acs, java.lang.String _detailledName) throws BaseError
getNameFromDetailledName
in interface DetailledName
_detailledName
- the viewable name of the object in the explorer_acs
- ACS of the BaseObject
BaseError
public void finalizeForUser() throws UpDateError
finalizeForUser
in interface FinalizedObjectForUser
UpDateError
- from finalizeFromBase()public void finalizeForBase() throws UpDateError
finalizeForBase
in interface FinalizedObject
no
- UpDateError throwing
UpDateError
- if the resource is unknown of the main ACS (if
it is a clone without setName(), typically)protected void firePropertyChange(java.lang.String _propertyName, java.lang.Object _oldValue, java.lang.Object _newValue)
- 'Comment',
- 'SeeWhy',
- 'SecondType',
and for all the subclasses property changes.
_propertyName
- name of the changing property_oldValue
- of the property_newValue
- of the property. No operation if equal to _oldValue
and not null.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |