ARoad0.gBaseInterface
Interface PrivilegeForType

All Superinterfaces:
ACSObject, BaseObject, BoundBean, java.lang.Cloneable, java.lang.Comparable, DetailledName, FinalizedObject, FinalizedObjectForUser, ImmutablePrivilege, Privilege
All Known Implementing Classes:
PrivilegeForTypeImpl

public interface PrivilegeForType
extends Privilege

This interface is responsible for modeling rights from a source with a given type, to an access target with another given type. A source has rights upon a target through a typed privilege if the privilege source type is the type of the given source, and if the privilege target type is the type of the given target. One typed privilege is designed to produce rights for numerous sources and numerous targets, and without ability to change them except through a straight deletion of the typed privilege. A typed privilege cannot be inherited from the (in)direct parents of the target.

Any privilege is managed by an ACS, and it is registered by the program in the relevant sources and targets. They may be external ones (that is, their ACS is not the Privilege ACS) only for TYPED_FOR_SEED privileges, and then the privilege is not registered in its sources and targets. Access sources are not always EligibleParties. This choice allows to give a PrivilegeForType to a Directory for example.

The ACSObject type is the main criteria to apply the privilege to sources and targets. There are the four subtypes TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC, and TYPED_FOR_SEED. TYPED_CLASSED privilege is a TYPED one with contraints on source and target classes. TYPED_CLASSED_SPECIFIC is a TYPED_CLASSED privilege reserved to a designated source or target. TYPED_FOR_SEED is a TYPED privilege reserved for Rights Server ACS, where sources and targets are always external ones.

Following the ACS policy, sources and targets may have static or dynamic types - 'dynamic' means here that the user may change the type after the object creation -, but VirtualFolders are targets with always static types. If the source type (or the target type) is set 'undefined' in the privilege, then there is no restriction for the relevant type. It may have some limitations about the allowed source and target types, and this is controlled by the ACS.

The relevant sources and targets register/unregister the typed privilege when the source, the target, the type or the privilege is created/deleted, so sources and targets know their typed privileges, but typed privileges do not know the sources and targets which use them. To detect the applicable typed privileges between a source and a target, the two privilege lists are compared through '==', not equals(). But the relevant sources and targets do NOR register/unregister TYPED_FOR_SEED privileges, which have external sources and targets having no link to these privileges.

The source type and the target type are constants and they are the static criteria to apply the privilege, plus the static source class and/or the target class if TYPED_CLASSED. These privileges should not be too numerous to reduce the analysis time by the program, and the number of privileges is controlled by the ACS. To control the rights through direct dynamic links rather than static values, use PrivilegeForLinks.

Sources and target may be any ACSObject, to allow to give a privilege to a Directory, and to allow certificate seeds in Right Servers. A Privilege instance is always dedicated to one ACS. The privileges may be applicable to external (other ACS) objects only for TYPED_FOR_RIGHT_SERVER privileges. In the other cases, privileges are limited to their own ACS.

With a TYPED_CLASSED privilege, the source and target classes are constrained, in addition to their type restrictions. For instance, the access source may have to be an ImmutableEligibleParty, as like many other right types (aclEntry or AGO right), and the target may have to be a Resource. With a TYPED or a TYPED_CLASSED privilege, the rights are not classed nor typed if they are standard ones (not possible if they are metarights). With a TYPED_CLASSED_SPECIFIC privilege, the designated source or target is put in the privilege type.

An access control seed is the ACS data which allows an ACS, as a Rights Server, to answer the certificat request from external actors. The real access control right is a certificate or an equivalent. It is then built up by the gWork package from the seed given by gBase. A TYPED_FOR_SEED privilege is used, where the criteria to deliver the certificate is put in the privilege type. This criteria is applicable to the source and to the target. It has generally the following structure: Basic_getFullName.toString(). The Rights Server ACS has then to not use restrictions about target type values in privileges. The right is translated and stored by gWork for any access source which requests to the Right Server and is authorized to receive it. In that use, the privilege ACS is different to the access source and target ACSs.

It is a javabean, and the bound properties are from the parent class. See the Copyright.

See Also:
Resource

Method Summary
 boolean getClassed()
           
 java.lang.String getSourceClass()
          Gets the interface which may be assignable from the effective source class.
 java.lang.String getSourceType()
           
 java.lang.String getTargetClass()
          Gets the interface which may be assignable from the effective target class.
 java.lang.String getTargetType()
           
 void setSourceClassOneTime(java.lang.String _class)
          Sets the interface which may be assignable from the effective source class.
 void setTargetClassOneTime(java.lang.String _class)
          Sets the interface which may be assignable from the effective targets class.
 
Methods inherited from interface ARoad0.gBaseInterface.Privilege
setComment, setSecondType, setSeeWhy
 
Methods inherited from interface ARoad0.gBaseInterface.ImmutablePrivilege
getAcsFromName, getComment, getEmptyInstance, getEorACS, getKeyReferencesFromName, getL_Rights, getMainType, getName, getPositiveRight, getPropertyChangeListeners, getSecondType, getSeeWhy, isEmpty, isExternalPrivilege
 
Methods inherited from interface ARoad0.gBaseInterface.ACSObject
getAcsName
 
Methods inherited from interface ARoad0.gBaseInterface.BaseObject
equals, getFullName, getNickName, hashCode
 
Methods inherited from interface ARoad0.gBaseInterface.BoundBean
addPropertyChangeListener, addPropertyChangeListener, removePropertyChangeListener, removePropertyChangeListener
 
Methods inherited from interface ARoad0.gBaseInterface.DetailledName
getDetailledName, getDetailledNameFromName, getKeyPropertiesFromDetailledName, getNameFromDetailledName
 
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObjectForUser
finalizeForUser
 
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObject
finalizeForBase
 
Methods inherited from interface java.lang.Comparable
compareTo
 

Method Detail

getSourceType

java.lang.String getSourceType()
Returns:
the source type. May be null.

getTargetType

java.lang.String getTargetType()
Returns:
the target type. May be null.

getClassed

boolean getClassed()
Returns:
boolean true if the Privilege type is PrivilegeAbst.TYPED_CLASSED or TYPED_CLASSED_SPECIFIC.

getSourceClass

java.lang.String getSourceClass()
Gets the interface which may be assignable from the effective source class. It is a criteria which complements the type to select the privilege source. This property is never null when it is a TYPED_CLASSED or a TYPED_CLASSED_SPECIFIC privilege, and always null otherwise. 'EligibleParty' is an example of value.

Returns:
the mandatory class name in gBaseInterface. May be null.

getTargetClass

java.lang.String getTargetClass()
Gets the interface which may be assignable from the effective target class. It is a criteria which complements the type to select the privilege targets. This property is never null when it is a TYPED_CLASSED or a TYPED_CLASSED_SPECIFIC privilege, and always null otherwise. 'Resource' is an example of value.

Returns:
the mandatory class name in gBaseInterface. May be null.

setSourceClassOneTime

void setSourceClassOneTime(java.lang.String _class)
                           throws CreateError
Sets the interface which may be assignable from the effective source class. It is a criteria which complements the type to select the privilege source. The source class is reserved to the 2 types TYPED_CLASSED and TYPED_CLASSED_SPECIFIC of privileges. This method may be called only one time, and it is mandatory to do it just after the creation of the privilege.

Parameters:
_class - end of a gBaseInterface class name, like 'Resource' for the class ARoad0.gBaseInterface.Resource
Throws:
CreateError - if the privilege has not the type TYPED_CLASSED or TYPED_CLASSED_SPECIFIC, if _class does not define a gBaseInterface class or if it is not the first call to this method

setTargetClassOneTime

void setTargetClassOneTime(java.lang.String _class)
                           throws CreateError
Sets the interface which may be assignable from the effective targets class. It is a criteria which complements the type to select the privilege targets. The target class is reserved to the 2 types TYPED_CLASSED and TYPED_CLASSED_SPECIFIC of privileges. This method may be called only one time, and it is mandatory to do it just after the creation of the privilege.

Parameters:
_class - end of a gBaseInterface class name, like 'Resource' for the class ARoad0.gBaseInterface.Resource
Throws:
CreateError - if the privilege has not the type TYPED_CLASSED or TYPED_CLASSED_SPECIFIC, if _class does not define a gBaseInterface class or if it is not the first call to this method