|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface ImmutablePrivilege
This interface models the Privilege, which, like ACL or AGO rights, is a type of granted or denied access right delivered to an access source for accessing to a target. A privilege instance is controlled by an ACS, and delivers immutable rights applicable to couples (source or sources set or source containers set, target or targets set). The objects in the couple may be external in some precise cases, in other words, they may do not belong to the privilege ACS. The rights of a privilege are immutable after its creation, while the AclEntry has immutable source and target, but with editable rights after the creation.
There are 7 types of privilege defined in this interface, and two interfaces which are implemented by two classes: - PrivilegeForType interface, where the static type is the main criteria to apply the privilege to sources and targets which are not known by the privilege, with the four subtypes TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC, and TYPED_FOR_SEED. TYPED_CLASSED privilege is a TYPED one with contraints on source and target classes. TYPED_CLASSED_SPECIFIC is a TYPED_CLASSED privilege for a designated source or target. TYPED_FOR_SEED is a TYPED privilege reserved for Authorization Servers. - PrivilegeForLink interface, where the dynamic links to the source and the target are the single criteria to apply the privilege, which then knows to which entities it is applied, with the three subtypes LINKED, LINKED_IF_ALL_SOURCES and LINKED_FOR_ONE_TO_ONE, and with EligibleParty as access sources, Resource and VirtualFolder as access targets. The LINKED type allows to define in one privilege, a generic set of rights, and each EligibleParty which is source have all the rights on all the targets. With LINKED_IF_ALL_SOURCES, the true access sources are not the linked sources, since they must belong to ALL the set of source containers (GroupIDMembers or DirectoryEPs) which are the authorized linked sources. The LINKED_FOR_ONE_TO_ONE type is very like an AclEntry, but with static rights and for EP and Resource VirtualFolders as targets.
Directory may manage container-for-target cascading privileges from its parent and to its children, but it is not true for VirtualFolders. At the source side, the container-for-source principle is an inner principle in GroupIDMember, and it is managed explicitly in DirectoryEP.
A Privilege instance is always dedicated to one ACS. There is a long privilege description associated to the short one. For PrivilegeForTypes, sources and target may be any ACSObject, to allow to give a privilege to a Directory, and to allow certificate seeds in Authorization Servers. For PrivilegeForLinks, sources are always EligibleParties, and only GroupIDMembers if it has the LINKED_IF_ALL_SOURCES type. For PrivilegeForLinks, access targets are Resources or VirtualFolders.
The privileges are applicable to external (that is, other ACS than the Privilege ACS) objects optionally for LINKED_FOR_ONE_TO_ONE PrivilegeForLinks, and always for TYPED_FOR_SEED PrivilegeForTypes. In the other cases, privileges are limited to their own ACS. The copy of a PrivilegeForType is for the same ACS, and the copy of a PrivilegeForLink may be for another ACS. The TYPED_FOR_SEED PrivilegeForTypes are the only privileges which are not registered in their sources and targets. See the Copyright.
PrivilegeAbst
Method Summary | |
---|---|
ImmutableACS |
getAcsFromName(ImmutableName _name)
Gets the ACS from the privilege name. |
java.lang.String |
getComment()
|
Privilege |
getEmptyInstance()
|
ImmutableACS |
getEorACS()
|
java.lang.Object[] |
getKeyReferencesFromName(ImmutableName _privName)
Gets the main components from the privilege name as a string, returned by getName(). |
StringRight[] |
getL_Rights()
Gets the effective privilege rights. |
java.lang.String |
getMainType()
The main type has several uses: - to define the general behavior of the privilege, - for defining the authorized privilege standard rights. |
ImmutableName |
getName()
Gets the BaseObject name of the privilege. |
boolean |
getPositiveRight()
|
java.beans.PropertyChangeListener[] |
getPropertyChangeListeners(java.lang.String _propertyName)
Returns the change listeners for a property. |
java.lang.String |
getSecondType()
The second type is defined at the creation of the object, then it may be updated by the user. |
java.lang.String |
getSeeWhy()
|
boolean |
isEmpty()
|
boolean |
isExternalPrivilege()
Only the privileges TYPED_FOR_SEED and LINKED_FOR_ONE_TO_ONE may be external. |
Methods inherited from interface ARoad0.gBaseInterface.ACSObject |
---|
getAcsName |
Methods inherited from interface ARoad0.gBaseInterface.BaseObject |
---|
equals, getFullName, getNickName, hashCode |
Methods inherited from interface ARoad0.gBaseInterface.BoundBean |
---|
addPropertyChangeListener, addPropertyChangeListener, removePropertyChangeListener, removePropertyChangeListener |
Methods inherited from interface ARoad0.gBaseInterface.DetailledName |
---|
getDetailledName, getDetailledNameFromName, getKeyPropertiesFromDetailledName, getNameFromDetailledName |
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObjectForUser |
---|
finalizeForUser |
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObject |
---|
finalizeForBase |
Methods inherited from interface java.lang.Comparable |
---|
compareTo |
Method Detail |
---|
ImmutableName getName()
ACS:: ACS name
:: || PRIV_TYPE:: type
:: || NICK_NAME:: privilege name
:: || SENS:: 'grant' or 'deny'
:: || XXXX:: xxxx value
:: >> YYYY:: yyyy value
where:
- ':: ' is added by gBase.NameImpl.toString(),
- the type is one of the types defined in the PrivilegeAbst class,
- XXXX and YYYY are implementation-dependant values (see the relevant classes).
The reverse function of getName() is getKeyReferencesFromName(). This name is used only outside gBase, following BaseObject interface.
getName
in interface BaseObject
java.lang.String getMainType()
- to define the general behavior of the privilege,
- for defining the authorized privilege standard rights.
java.lang.String getSecondType()
- to define the type updating policy from the ACS,
- for defining the authorized privilege specialized rights,
- to manage the capacity to delete the instance.
This is not the main type, which is get by getMainType().
boolean getPositiveRight()
java.lang.String getSeeWhy()
StringRight[] getL_Rights()
java.lang.String getComment()
ImmutableACS getEorACS()
getEorACS
in interface ACSObject
boolean isEmpty()
Privilege getEmptyInstance()
boolean isExternalPrivilege()
java.lang.Object[] getKeyReferencesFromName(ImmutableName _privName) throws CreateError
The Privilege name is composed of ACS:: _aCS name:: >> PRIV_TYPE:: type:: >> PRIV_NAME:: _shortPrivilege :: >> XXXX:: _firstObject:: >> YYYY:: _secondObject
where:
- ':: ' is added by gBase.NameImpl.toString(),
- the type is one of the constants defined in the PrivilegeAbst class
- XXXX and YYYY are implementation-dependant values
- YYYY is optional.
This method is used by Gui1.PropertyEditor to remove a privilege from a list displaying the privilege name in the beamer.
_privName
- is the privilege name, get through getName()
- index 0: name of the ACS which manages this privilege (ImmutableName)
- index 1: a privilege type among the constant types defined in the PrivilegeAbst class (String)
- index 2: short privilege description (String)
- index 3: XXXX is an implementation-dependant value.
- index 4: YYYY is an implementation-dependant value, if it exists.
CreateError
- if a main component string is not provided by NameImpl.toString()ImmutableACS getAcsFromName(ImmutableName _name) throws BaseError
_name
- a privilege name
BaseError
- if the argument is not a privilege name, if
it is a closed ACS or if it is unknownjava.beans.PropertyChangeListener[] getPropertyChangeListeners(java.lang.String _propertyName)
_propertyName
- name of the listened property.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |