|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface PrivilegeForType
This interface is responsible for modeling rights from a source with a given type, to an access target with another given type. A source has rights upon a target through a typed privilege if the privilege source type is the type of the given source, and if the privilege target type is the type of the given target. One typed privilege is designed to produce rights for numerous sources and numerous targets, and without ability to change them except through a straight deletion of the typed privilege. A typed privilege cannot be inherited from the (in)direct parents of the target.
Any privilege is managed by an ACS, and it is registered by the program in the relevant sources and targets. They may be external ones (that is, their ACS is not the Privilege ACS) only for TYPED_FOR_SEED privileges, and then the privilege is not registered in its sources and targets. Access sources are not always EligibleParties. This choice allows to give a PrivilegeForType to a Directory for example.
The ACSObject type is the main criteria to apply the privilege to sources and targets. There are the four subtypes TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC, and TYPED_FOR_SEED. TYPED_CLASSED privilege is a TYPED one with contraints on source and target classes. TYPED_CLASSED_SPECIFIC is a TYPED_CLASSED privilege reserved to a designated source or target. TYPED_FOR_SEED is a TYPED privilege reserved for Rights Server ACS, where sources and targets are always external ones.
Following the ACS policy, sources and targets may have static or dynamic types - 'dynamic' means here that the user may change the type after the object creation -, but VirtualFolders are targets with always static types. If the source type (or the target type) is set 'undefined' in the privilege, then there is no restriction for the relevant type. It may have some limitations about the allowed source and target types, and this is controlled by the ACS.
The relevant sources and targets register/unregister the typed privilege when the source, the target, the type or the privilege is created/deleted, so sources and targets know their typed privileges, but typed privileges do not know the sources and targets which use them. To detect the applicable typed privileges between a source and a target, the two privilege lists are compared through '==', not equals(). But the relevant sources and targets do NOR register/unregister TYPED_FOR_SEED privileges, which have external sources and targets having no link to these privileges.
The source type and the target type are constants and they are the static criteria to apply the privilege, plus the static source class and/or the target class if TYPED_CLASSED. These privileges should not be too numerous to reduce the analysis time by the program, and the number of privileges is controlled by the ACS. To control the rights through direct dynamic links rather than static values, use PrivilegeForLinks.
Sources and target may be any ACSObject, to allow to give a privilege to a Directory, and to allow certificate seeds in Right Servers. A Privilege instance is always dedicated to one ACS. The privileges may be applicable to external (other ACS) objects only for TYPED_FOR_RIGHT_SERVER privileges. In the other cases, privileges are limited to their own ACS.
With a TYPED_CLASSED privilege, the source and target classes are constrained, in addition to their type restrictions. For instance, the access source may have to be an ImmutableEligibleParty, as like many other right types (aclEntry or AGO right), and the target may have to be a Resource. With a TYPED or a TYPED_CLASSED privilege, the rights are not classed nor typed if they are standard ones (not possible if they are metarights). With a TYPED_CLASSED_SPECIFIC privilege, the designated source or target is put in the privilege type.
An access control seed is the ACS data which allows an ACS, as a Rights Server, to answer the certificat request from external actors. The real access control right is a certificate or an equivalent. It is then built up by the gWork package from the seed given by gBase. A TYPED_FOR_SEED privilege is used, where the criteria to deliver the certificate is put in the privilege type. This criteria is applicable to the source and to the target. It has generally the following structure: Basic_getFullName.toString(). The Rights Server ACS has then to not use restrictions about target type values in privileges. The right is translated and stored by gWork for any access source which requests to the Right Server and is authorized to receive it. In that use, the privilege ACS is different to the access source and target ACSs.
It is a javabean, and the bound properties are from the parent class. See the Copyright.
Resource
Method Summary | |
---|---|
boolean |
getClassed()
|
java.lang.String |
getSourceClass()
Gets the interface which may be assignable from the effective source class. |
java.lang.String |
getSourceType()
|
java.lang.String |
getTargetClass()
Gets the interface which may be assignable from the effective target class. |
java.lang.String |
getTargetType()
|
void |
setSourceClassOneTime(java.lang.String _class)
Sets the interface which may be assignable from the effective source class. |
void |
setTargetClassOneTime(java.lang.String _class)
Sets the interface which may be assignable from the effective targets class. |
Methods inherited from interface ARoad0.gBaseInterface.Privilege |
---|
setComment, setSecondType, setSeeWhy |
Methods inherited from interface ARoad0.gBaseInterface.ImmutablePrivilege |
---|
getAcsFromName, getComment, getEmptyInstance, getEorACS, getKeyReferencesFromName, getL_Rights, getMainType, getName, getPositiveRight, getPropertyChangeListeners, getSecondType, getSeeWhy, isEmpty, isExternalPrivilege |
Methods inherited from interface ARoad0.gBaseInterface.ACSObject |
---|
getAcsName |
Methods inherited from interface ARoad0.gBaseInterface.BaseObject |
---|
equals, getFullName, getNickName, hashCode |
Methods inherited from interface ARoad0.gBaseInterface.BoundBean |
---|
addPropertyChangeListener, addPropertyChangeListener, removePropertyChangeListener, removePropertyChangeListener |
Methods inherited from interface ARoad0.gBaseInterface.DetailledName |
---|
getDetailledName, getDetailledNameFromName, getKeyPropertiesFromDetailledName, getNameFromDetailledName |
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObjectForUser |
---|
finalizeForUser |
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObject |
---|
finalizeForBase |
Methods inherited from interface java.lang.Comparable |
---|
compareTo |
Method Detail |
---|
java.lang.String getSourceType()
java.lang.String getTargetType()
boolean getClassed()
java.lang.String getSourceClass()
java.lang.String getTargetClass()
void setSourceClassOneTime(java.lang.String _class) throws CreateError
_class
- end of a gBaseInterface class name, like 'Resource' for
the class ARoad0.gBaseInterface.Resource
CreateError
- if the privilege has not the type TYPED_CLASSED or
TYPED_CLASSED_SPECIFIC, if _class does not define a gBaseInterface class or
if it is not the first call to this methodvoid setTargetClassOneTime(java.lang.String _class) throws CreateError
_class
- end of a gBaseInterface class name, like 'Resource' for
the class ARoad0.gBaseInterface.Resource
CreateError
- if the privilege has not the type TYPED_CLASSED or
TYPED_CLASSED_SPECIFIC, if _class does not define a gBaseInterface class or
if it is not the first call to this method
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |