|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.ObjectARoad0.gBase.PrivilegeAbst
ARoad0.gBase.PrivilegeForTypeImpl
public class PrivilegeForTypeImpl
This class is responsible for modeling a set of rights from a source with a given type, to an access target with another given type. A source has rights upon a target through a typed privilege if the privilege source type is the type of the given source, and if the privilege target type is the type of the given target. One typed privilege is designed to produce rights for numerous sources and numerous targets, and without ability to change them except through a straight deletion of the typed privilege. The rights of a privilege are immutable after its creation, while the AclEntry has immutable source and target, but with editable rights after the creation.
A typed privilege is managed by an ACS, and it is registered by the program in the relevant sources and targets. They may be external ones (that is, their ACS is not the Privilege ACS) only for TYPED_FOR_SEED privileges, and then the privilege is not registered in its sources and targets. Access sources are usually EligibleParties, but not only. This allows to give a PrivilegeForType to a Directory for example.
The ACSObject type is the main criteria to apply the privilege to sources and targets. However, the prefix '<immutable>' in a type does not change the PrivilegeforTypes of the ACSObject. There are the four privilege subtypes: TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC, and TYPED_FOR_SEED. TYPED_CLASSED privilege is a TYPED privilege with contraints on source and target classes. TYPED_CLASSED_SPECIFIC is a TYPED_CLASSED privilege for named source and target. TYPED_FOR_SEED is a TYPED privilege reserved for the authorization servers and for external sources and targets. CAUTION: the gWork package manages only the TYPED PrivilegeForType, in this version.
Following the ACS policy, sources and targets may have static or dynamic types. 'dynamic' means that the user may change the type after the object creation. If the source type (or the target type) is set '<undefined>' in the privilege, then there is no restriction for the relevant type. It may have some limitations about the allowed source and target types, and this is controlled by the ACS.
The relevant sources and targets register/unregister the typed privilege when the source, the target, the type or the privilege is created/deleted. Then, sources and targets know their typed privileges, but typed privileges do not know the sources and targets which use them. To detect the applicable typed privileges between a source and a target, the two privilege lists are compared through '==', not equals(). But the relevant sources and targets do NOT register/unregister TYPED_FOR_SEED privileges, which have external sources and targets having no link to these privileges.
When a target is created or deleted, it calls the method fireOneTypedPrivilegeTargetEvent() in its typed privileges, which fires an event 'OneTypedPrivilegeTarget' to its listeners. This is used by gWork.RightsMediatorImpl to detect when a view may have to change its rights.
This is a javabean with the following bound properties:
- 'PrivilegeSourceClass'
- 'PrivilegeTargetClass'
- 'OneTypedPrivilegeTarget'
The privilege key is used by the ACS to find a privilege. The key is the couple (main type, nick name). The main privilege value is an immutable list of rights. The privilege gets positive or negative rights: it grants or denies accesses. The rights and the key CANNOT be updated after the privilege creation, nor the rights sens (grant or deny). There is a 'See Why' description to complement the comment.
Sources and target may be any ACSObject, to allow to give a privilege to a Directory, and to allow certificate seeds in Authorization Servers. A Privilege instance is always dedicated to one ACS. The privileges may be applicable to external (from other ACS) objects only for TYPED_FOR_SEED privileges. In the other cases, privileges are limited to their own ACS.
With a TYPED, a TYPED_CLASSED or a TYPED_CLASSED_SPECIFIC privilege, the standard rights are never classed nor typed (not possible if they are metarights). With a TYPED_CLASSED privilege, the source and target classes are constrained, in addition to their type restrictions. For instance, the access source may have to be an ImmutableEligibleParty, like many other right types, and the target may have to be a Resource. A TYPED_CLASSED_SPECIFIC privilege is reserved to a named source and a named target. Their two names are put in the privilege source or target type, while the source an the target do not register the privilege. At the construction of a classed privilege, it is mandatory for the user to call setSourceClassOneTime() and setTargetClassOneTime() to define the source class and the target class. Otherwise, PrivilegeAbst.getL_Rights() returns an empty array.
An access control seed is the ACS data which allows an ACS, as an Authorization Server, to provide a certificat at the request of external actors. The true access control right is a certificate or an equivalent. It is then built up by the gWork package from the seed given by the Authorization Server. A TYPED_FOR_SEED privilege is then used by the Authorization Server, where the criterion to deliver the certificate is put in the privilege type. This criteria is applicable to the source and to the target. It has generally the following structure: Basic_FullName.toString(). The Authorization Server has to not use any constraint on the target types in privileges. The right is translated and stored by gWork for any access source which requests to the Authorization Server and is authorized to receive it. A TYPED_FOR_SEED privilege is always external.
This class has subclasses in the AcsAddon packages. Most of the variables are protected. See the Copyright.
PrivilegeAbst
,
PrivilegeForLinksImpl
,
Serialized FormField Summary | |
---|---|
protected boolean |
classed_
if true, the instance has the TYPED_CLASSED or a TYPED_CLASSED_SPECIFIC type |
static PrivilegeForTypeImpl |
EMPTY_INSTANCE
A reusable empty instance for initialization, to avoid the use of 'new' for temporary values. |
protected boolean |
seed_
if true, the instance has the TYPED_FOR_SEED type |
static java.io.ObjectStreamField[] |
serialPersistentFields
variable for the JDK 2 serialization |
protected java.lang.Class |
sourceClass_
Class of the privilege users, if TYPED_CLASSED or TYPED_CLASSED_SPECIFIC. |
protected java.lang.String |
sourceType_
The source type. |
protected boolean |
specific_
if true, the instance has the TYPED_CLASSED_SPECIFIC type |
protected java.lang.Class |
targetClass_
Class on which the privilege is applied, if TYPED_CLASSED or TYPED_CLASSED_SPECIFIC. |
protected java.lang.String |
targetType_
The target type. |
Fields inherited from class ARoad0.gBase.PrivilegeAbst |
---|
aCS_, acsName_, changeSupport_, comment_, detailledName_, INCREMENT_CAPACITY, INITIAL_CAPACITY, l_rights_, L_TYPES, LINKED, LINKED_FOR_ONE_TO_ONE, LINKED_IF_ALL_SOURCES, mainType_, nickName_, positiveRight_, PRIME, secondType_, seeWhy_, TYPED, TYPED_CLASSED, TYPED_CLASSED_SPECIFIC, TYPED_FOR_SEED |
Constructor Summary | |
---|---|
PrivilegeForTypeImpl()
Constructor to use only as a transient value for initialization, or used from ARoad0.gBase.PrivilegeImplBeanInfo.getPropertyDescriptors() in ARoad0.Gui1.CollectionPropertyEditor.getValue(). |
|
PrivilegeForTypeImpl(ACS _aCS,
java.lang.String _nickName,
java.lang.String _sourceType,
java.lang.String _targetType,
java.lang.String _mainType,
StringRight[] _l_rights,
java.lang.String _secondType)
This is the only way to request the creation of a typed privilege instance from the GUI. |
|
PrivilegeForTypeImpl(ACS _aCS,
java.lang.String _sourceType,
java.lang.String _targetType,
java.lang.String _nickName,
java.lang.String _mainType,
StringRight[] _l_rights,
java.lang.String _secondType,
boolean _toRegisterInManager)
This is the only way to create a typed privilege, with one of the four possible types. |
Method Summary | |
---|---|
void |
addPropertyChangeListener(java.lang.String _propertyName,
java.beans.PropertyChangeListener _l)
Adds a listener to the bean for the events 'PrivilegeSourceClass', 'PrivilegeTargetClass', 'OneTypedPrivilegeTarget'. |
protected static java.lang.String |
buildUpDetailledName(java.lang.String _mainType,
java.lang.String _nickName,
java.lang.String _firstRight,
java.lang.String _sourceType,
java.lang.String _targetType)
This method allows to create the detailled name, unique in the ACS. |
java.lang.Object |
clone()
Used to clone an ACS. |
java.lang.Object |
copy(ImmutableName _name,
ACS _acs,
Node _parent,
java.lang.Boolean _toRegisterInManager)
This method provides a copy of the instance with another name, only for another ACS. |
boolean |
equals(java.lang.Object _obj)
Do NOT use this method to compare the typed privileges of a source and a target. |
protected void |
finalize()
This method calls finalizeForBase(), but there is no guarantee that the JVM calls this method before the end of the application. |
void |
finalizeForBase()
It sets to null almost all variables, so the instance is equals to a new PrivilegeForTypeImpl(). |
protected void |
finalizeFromDeserialization()
This method does not finalize the sources and the targets, even for a TYPED_CLASSED_SPECIFIC. |
void |
fireOneTypedPrivilegeTargetEvent(ImmutablePrivilegeTarget _oldValue,
ImmutablePrivilegeTarget _newValue)
Activates the firing of a 'OneTypedPrivilegeTarget' event to all its listeners. |
boolean |
getClassed()
|
protected static java.lang.String |
getDetailledNameFromNameForType(ImmutableName _name,
int _typeIndex)
Gets the detailled name from the privilege name. |
Privilege |
getEmptyInstance()
|
boolean |
getForSeed()
|
ImmutableName |
getFullName()
The full name is unique for the Access Road program. |
java.lang.Object[] |
getKeyReferencesFromName(ImmutableName _privName)
Gets the main components from the typed privilege name as a string, returned by getName(). |
ImmutableName |
getName()
Gets the BaseObject name of the privilege. |
java.beans.PropertyChangeListener[] |
getPropertyChangeListeners(java.lang.String _propertyName)
Returns the change listeners for a property. |
java.lang.String |
getSourceClass()
Gets the interface which may be assignable from the effective source class. |
java.lang.String |
getSourceType()
|
boolean |
getSpecific()
|
java.lang.String |
getTargetClass()
Gets the interface which may be assignable from the effective target class. |
java.lang.String |
getTargetType()
|
boolean |
isEmpty()
|
boolean |
isExternalPrivilege()
Only LINKED_FOR_SEED privileges are external ones, among the typed privileges, and this is true for them in all cases. |
void |
removePropertyChangeListener(java.lang.String _propertyName,
java.beans.PropertyChangeListener _l)
Removes a listener to the bean for the events 'PrivilegeSourceClass', 'PrivilegeTargetClass', 'OneTypedPrivilegeTarget'. |
void |
setSourceClassOneTime(java.lang.String _class)
Sets the interface which may be assignable from the effective source class. |
void |
setTargetClassOneTime(java.lang.String _class)
Sets the interface which may be assignable from the effective targets class. |
java.lang.String |
toString()
The format is ' Detailled name: KKKK; source type: FFFF; target type: NNNNNNNN'. |
Methods inherited from class java.lang.Object |
---|
getClass, notify, notifyAll, wait, wait, wait |
Methods inherited from interface ARoad0.gBaseInterface.Privilege |
---|
setComment, setSecondType, setSeeWhy |
Methods inherited from interface ARoad0.gBaseInterface.ImmutablePrivilege |
---|
getAcsFromName, getComment, getEorACS, getL_Rights, getMainType, getPositiveRight, getSecondType, getSeeWhy |
Methods inherited from interface ARoad0.gBaseInterface.ACSObject |
---|
getAcsName |
Methods inherited from interface ARoad0.gBaseInterface.BaseObject |
---|
getNickName, hashCode |
Methods inherited from interface ARoad0.gBaseInterface.BoundBean |
---|
addPropertyChangeListener, removePropertyChangeListener |
Methods inherited from interface ARoad0.gBaseInterface.DetailledName |
---|
getDetailledName, getDetailledNameFromName, getKeyPropertiesFromDetailledName, getNameFromDetailledName |
Methods inherited from interface ARoad0.gBaseInterface.FinalizedObjectForUser |
---|
finalizeForUser |
Methods inherited from interface java.lang.Comparable |
---|
compareTo |
Field Detail |
---|
protected boolean classed_
protected boolean specific_
protected boolean seed_
protected java.lang.String sourceType_
protected java.lang.String targetType_
protected java.lang.Class sourceClass_
protected java.lang.Class targetClass_
public static final PrivilegeForTypeImpl EMPTY_INSTANCE
public static final java.io.ObjectStreamField[] serialPersistentFields
Constructor Detail |
---|
public PrivilegeForTypeImpl()
public PrivilegeForTypeImpl(ACS _aCS, java.lang.String _nickName, java.lang.String _sourceType, java.lang.String _targetType, java.lang.String _mainType, StringRight[] _l_rights, java.lang.String _secondType) throws CreateError
_aCS
- owns this Privilege.
Non-null External Object Reference._nickName
- short privilege name. Cannot be null._sourceType
- type of the object which have the access rights.
Cannot be null, but '<undefined>' is a neutral value.
For a TYPED_FOR_SEED privilege or a TYPED_CLASSED_SPECIFIC privilege,
it has to follow the format Name.toString()._targetType
- type of the object on which access rights are applied.
Cannot be null, but '<undefined>' is a neutral value.
For a TYPED_FOR_SEED privilege or a TYPED_CLASSED_SPECIFIC privilege,
it has to follow the format Name.toString()._mainType
- must be one of the PrivilegeAbst constant_l_rights
- StringRight array of privilege rights.
May be null, but a null value is not allowed at the first position.
Creates an empty array with a length of 0 if the argument is null.
All rights have to be all positive or all negative. If the type is
PrivilegeAbs.TYPED, rights have to be non-classed, non-typed rights._secondType
- the second type which drives the rights and the immutability,
just like a Basic type. If null, the internal value is set to "<undefined>".
CreateError
- if this privilege already exists
(_aCS.newEorPrivilege() throws it), if the rights or the
privilege type is not correct, or if _nickName contains '::'
or '>>', or if a parameter is null, or if a relevant source or a target
does not register this privilege, or if typed privilege with classed or typed rights.public PrivilegeForTypeImpl(ACS _aCS, java.lang.String _sourceType, java.lang.String _targetType, java.lang.String _nickName, java.lang.String _mainType, StringRight[] _l_rights, java.lang.String _secondType, boolean _toRegisterInManager) throws CreateError
A TYPED_CLASSED_SPECIFIC privilege is reserved to a named source and a named target. Their two names are put in the privilege source or target type, while the source an the target do not register the privilege. This criteria is applicable to the source and to the target. It has the following structure: Basic_FullName.toString().
The relevant sources and targets register/unregister the typed privilege when the source, the target or the privilege is created/deleted, so sources and targets know their typed privileges, but typed privileges do not know the sources and targets which use them. This is also true for TYPED_FOR_SEED privileges, which have external sources and targets. If the instance is classed, displays a message to the user to recall him that the source class and the target class have to be set. For this purpose, calls ARoad0.Gui1.DialogBox.showOkMessage().
_aCS
- owns this Privilege.
Non-null External Object Reference._sourceType
- type of the object which have the access rights.
Cannot be null, but '<undefined>' is a neutral value.
If it is a TYPED_FOR_SEED or a TYPED_CLASSED_SPECIFIC privilege,
the argument has to use the format Name.toString().
Otherwise, if the argument contains 'immutable ', this word is removed in the type._targetType
- type of the object on which access rights are applied.
Cannot be null, but '<undefined>' is a neutral value.
If it is a TYPED_FOR_SEED or a TYPED_CLASSED_SPECIFIC privilege,
the argument has to use the format Name.toString().
Otherwise, if the argument contains '<undefined>', this word is removed in the type._nickName
- short privilege name. Cannot be null._mainType
- must be one of the PrivilegeAbst constant_l_rights
- StringRight array of privilege rights.
May be null, but a null value is not allowed at the first position.
Creates an empty array with a length of 0 if the argument is null.
All rights have to be all positive or all negative. If the type is
PrivilegeAbs.TYPED, rights have to be non-classed, non-typed rights._secondType
- the second type drives the rights and the immutability,
just like a Basic type. If null, the internal value is set to '<undefined>'._toRegisterInManager
- false if this method must not register
the instance in its ACS.
CreateError
- if this privilege already exists,
if the rights or the privilege type is not correct,
or if the nick name contains '::' or '>>', contains a character that is not a letter,
if a null right or a right which is not authorized.
if a relevant source or a target does not register this privilege,
or if it is a typed privilege with classed or typed rights.Method Detail |
---|
protected static java.lang.String buildUpDetailledName(java.lang.String _mainType, java.lang.String _nickName, java.lang.String _firstRight, java.lang.String _sourceType, java.lang.String _targetType) throws CreateError
privilegeType || nickName || first right || source type >> target type
_mainType
- one of the allowed privilege types. Never null._nickName
- privilege nick name. Never null._firstRight
- first right of the privilege. Never null._sourceType
- source type of the privilege. Never null._targetType
- target type of the privilege. Never null.
CreateError
- if '||', '>>' or '::' is in _nickNameprotected static java.lang.String getDetailledNameFromNameForType(ImmutableName _name, int _typeIndex) throws BaseError
privilegeType || nickName || first right || source type >> target type Calls buildUpDetailledName(). Called only by PrivilegeAbst.getDetailledNameFromName().
_name
- typed privilege name_typeIndex
- index of the component '|| PRIV_TYPE' in _name
BaseError
- if there is a wrong format for _namePrivilegeAbst.buildUpDetailledName(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
public void setSourceClassOneTime(java.lang.String _class) throws CreateError
setSourceClassOneTime
in interface PrivilegeForType
_class
- end of a gBaseInterface class name, like 'Resource' for
the class ARoad0.gBaseInterface.Resource
CreateError
- if the privilege has not the main type TYPED_CLASSED or
TYPED_CLASSED_SPECIFIC, if _class does not define a gBaseInterface class or
if it is not the first call to this methodpublic void setTargetClassOneTime(java.lang.String _class) throws CreateError
setTargetClassOneTime
in interface PrivilegeForType
_class
- end of a gBaseInterface class name, like 'Resource' for
the class ARoad0.gBaseInterface.Resource
CreateError
- if the privilege has not the type TYPED_CLASSED or
TYPED_CLASSED_SPECIFIC, if _class does not define a gBaseInterface class or
if it is not the first call to this methodpublic ImmutableName getFullName()
getFullName
in interface BaseObject
public ImmutableName getName()
getName
in interface BaseObject
getName
in interface ImmutablePrivilege
public final java.lang.String getSourceType()
getSourceType
in interface PrivilegeForType
public final java.lang.String getTargetType()
getTargetType
in interface PrivilegeForType
public final boolean getClassed()
getClassed
in interface PrivilegeForType
public final boolean getSpecific()
public final boolean getForSeed()
public final java.lang.String getSourceClass()
getSourceClass
in interface PrivilegeForType
public final java.lang.String getTargetClass()
getTargetClass
in interface PrivilegeForType
public void addPropertyChangeListener(java.lang.String _propertyName, java.beans.PropertyChangeListener _l)
addPropertyChangeListener
in interface BoundBean
addPropertyChangeListener
in class PrivilegeAbst
_propertyName
- String is the name of the property_l
- PropertyChangeListener to addpublic void removePropertyChangeListener(java.lang.String _propertyName, java.beans.PropertyChangeListener _l)
removePropertyChangeListener
in interface BoundBean
removePropertyChangeListener
in class PrivilegeAbst
_propertyName
- String is the name of the property_l
- PropertyChangeListener to removepublic java.beans.PropertyChangeListener[] getPropertyChangeListeners(java.lang.String _propertyName)
getPropertyChangeListeners
in interface ImmutablePrivilege
getPropertyChangeListeners
in class PrivilegeAbst
_propertyName
- name of the listened property.
public java.lang.Object clone()
clone
in class PrivilegeAbst
public boolean equals(java.lang.Object _obj)
equals
in interface BaseObject
equals
in class PrivilegeAbst
_obj
- to compare.
public boolean isEmpty()
isEmpty
in interface ImmutablePrivilege
public Privilege getEmptyInstance()
getEmptyInstance
in interface ImmutablePrivilege
public boolean isExternalPrivilege()
isExternalPrivilege
in interface ImmutablePrivilege
public java.lang.String toString()
toString
in class java.lang.Object
public void finalizeForBase() throws UpDateError
finalizeForBase
in interface FinalizedObject
finalizeForBase
in class PrivilegeAbst
UpDateError
- if the privilege is unknwon from the ACS, the sources
or the targets.public java.lang.Object copy(ImmutableName _name, ACS _acs, Node _parent, java.lang.Boolean _toRegisterInManager) throws CreateError
_name
- is NOT the copy name; must be a one-component name,
and the component is the nick name of the copy._acs
- is the main ACS of the copy to create. Have to be different
to the ACS of this instance._parent
- must be null here._toRegisterInManager
- false if this method must not register
the instance in its ACS.
CreateError
- if _name or _acs is null, or _parent is not null,
or _acs is this privilege ACS, or _name is not a one-component name.public java.lang.Object[] getKeyReferencesFromName(ImmutableName _privName) throws CreateError
getKeyReferencesFromName
in interface ImmutablePrivilege
_privName
- is the privilege name, returned by getName()
- index 0: name of the ACS which manages this privilege (ImmutableName) - index 1: privilege type (String) - index 2: nick name (String) - index 3: grant or deny (String) - index 4: source type (String) - index 5: target type (String)
CreateError
- if the argument or a component is null or not correct,
not a privilege name string, or if a main component string
is not provided by NameImpl.toString()PrivilegeAbst.getAcsFromName(ARoad0.gBaseInterface.ImmutableName)
public void fireOneTypedPrivilegeTargetEvent(ImmutablePrivilegeTarget _oldValue, ImmutablePrivilegeTarget _newValue)
_oldValue
- of the property_newValue
- of the property. No operation if equal to _oldValue
and not null.protected void finalize() throws java.lang.Throwable
finalize
in class java.lang.Object
java.lang.Throwable
protected void finalizeFromDeserialization()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |