public class AccessControlPlugin extends PluginActivator implements AccessControlService, ConfigCustomizer, CheckTopicReadAccess, CheckTopicWriteAccess, CheckAssocReadAccess, CheckAssocWriteAccess, PreCreateAssoc, PreUpdateTopic, PostCreateTopic, PostCreateAssoc, PostDeleteTopic, PostUpdateTopic, PostUpdateAssoc, ServiceRequestFilter, StaticResourceFilter, CheckDiskQuota
bundle, dmx, mf
ADMIN_INITIAL_PASSWORD, ADMIN_USERNAME, ADMIN_WORKSPACE_NAME, ADMIN_WORKSPACE_SHARING_MODE, ADMIN_WORKSPACE_URI, DEFAULT_PRIVATE_WORKSPACE_NAME, SYSTEM_WORKSPACE_NAME, SYSTEM_WORKSPACE_SHARING_MODE, SYSTEM_WORKSPACE_URI
Constructor and Description |
---|
AccessControlPlugin() |
Modifier and Type | Method and Description |
---|---|
Topic |
_createUserAccount(Credentials cred)
Creates an user account.
|
List<RelatedTopic> |
bulkUpdateMemberships(long workspaceId,
IdList addUserIds,
IdList removeUserIds) |
List<RelatedTopic> |
bulkUpdateMemberships(String username,
IdList addWorkspaceIds,
IdList removeWorkspaceIds) |
void |
checkAdmin()
Checks if the current user is a DMX admin and throws AccessControlException if not.
|
void |
checkAssocReadAccess(long assocId) |
void |
checkAssocWriteAccess(long assocId) |
void |
checkDiskQuota(String username,
long fileSize,
long diskQuota) |
void |
checkTopicReadAccess(long topicId) |
void |
checkTopicWriteAccess(long topicId) |
void |
createMembership(String username,
long workspaceId)
Makes the given user a member of the given workspace.
|
Topic |
createUserAccount(Credentials cred)
Creates an user account.
|
Topic |
createUsername(String username)
Creates a Username topic and a private workspace.
|
void |
enrichWithOwnerInfo(Topic workspace)
Retrieves the OWNER and stores it in the given topic's model (under synthetic child type URI
dmx.accesscontrol.owner ). |
void |
enrichWithUserInfo(DMXObject object)
Retrieves the CREATOR/MODIFIER usernames and stores them in the given object's model (under synthetic child type
URIs
dmx.accesscontrol.creator and dmx.accesscontrol.modifier ). |
long |
getAdminWorkspaceId() |
Collection<Assoc> |
getAssocsByCreator(String username) |
Set<String> |
getAuthorizationMethods()
Returns the names of all authorization methods, as registered by
AccessControlService.registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod) . |
TopicModel |
getConfigValue(Topic topic) |
String |
getCreator(long objectId)
Returns the creator of a topic or an association.
|
Assoc |
getMembership(String username,
long workspaceId) |
List<RelatedTopic> |
getMemberships(long workspaceId)
Returns the members of the given workspace.
|
List<RelatedTopic> |
getMemberships(String username)
Returns the workspaces of the given user.
|
String |
getModifier(long objectId)
Returns the modifier of a topic or an association.
|
Permissions |
getPermissions(long objectId) |
Topic |
getPrivateWorkspace()
Returns the private workspace of the logged in user.
|
Collection<Topic> |
getTopicsByCreator(String username) |
String |
getUsername()
Returns the username of the logged in user.
|
Topic |
getUsernameTopic()
Returns the "Username" topic of the logged in user.
|
Topic |
getUsernameTopic(String username)
Returns the "Username" topic for the specified username (case-insensitive).
|
String |
getWorkspaceOwner(long workspaceId)
Returns the owner of a workspace.
|
Collection<Topic> |
getWorkspacesByOwner(String username) |
boolean |
isMember(String username,
long workspaceId)
Checks if a user is a member of the given workspace.
|
void |
login()
Checks whether the credentials in the authorization string match an existing User Account,
and if so, creates an HTTP session.
|
void |
logout()
Logs the user out.
|
void |
postCreateAssoc(Assoc assoc) |
void |
postCreateTopic(Topic topic) |
void |
postDeleteTopic(TopicModel topic) |
void |
postUpdateAssoc(Assoc assoc,
ChangeReport report,
AssocModel updateModel) |
void |
postUpdateTopic(Topic topic,
ChangeReport report,
TopicModel updateModel) |
void |
preCreateAssoc(AssocModel assoc) |
void |
preInstall() |
void |
preUpdateTopic(Topic topic,
TopicModel updateModel) |
void |
registerAuthorizationMethod(String name,
AuthorizationMethod am)
Registers an authorization method under the given name, e.g.
|
void |
serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest) |
void |
setWorkspaceOwner(Topic workspace,
String username)
Sets the owner of a workspace.
|
void |
shutdown() |
void |
staticResourceFilter(javax.servlet.http.HttpServletRequest servletRequest,
javax.servlet.http.HttpServletResponse servletResponse) |
void |
unregisterAuthorizationMethod(String name)
Unregisters the authorization method that has been registered under the given name.
|
getBundleContext, getPluginName, getStaticResource, getUri, init, publishFileSystem, serviceArrived, serviceGone, setCoreService, start, stop, toString
public void login()
AccessControlService
login
in interface AccessControlService
public void logout()
AccessControlService
logout
in interface AccessControlService
public String getUsername()
AccessControlService
getUsername
in interface AccessControlService
null
if no user is logged in.public Topic getUsernameTopic()
AccessControlService
getUsernameTopic
in interface AccessControlService
dmx.accesscontrol.username
),
or null
if no user is logged in.public Topic getPrivateWorkspace()
AccessControlService
Note: a user can have more than one private workspace. This method returns only the first one.
getPrivateWorkspace
in interface AccessControlService
public void checkAdmin()
AccessControlService
checkAdmin
in interface AccessControlService
public Topic createUserAccount(Credentials cred)
AccessControlService
createUserAccount
in interface AccessControlService
public Topic _createUserAccount(Credentials cred) throws Exception
AccessControlService
Security: this method is not callable from outside as it has no REST interface. So the DMX platform is still secure. On the other hand, a 3rd-party plugin which provides a RESTful interface to this method is required to apply an additional authorization measure, e.g. a short-living access token sent via email.
_createUserAccount
in interface AccessControlService
Exception
public Topic createUsername(String username)
AccessControlService
createUsername
in interface AccessControlService
public Topic getUsernameTopic(String username)
AccessControlService
getUsernameTopic
in interface AccessControlService
username
- a username. Must not be null.dmx.accesscontrol.username
),
or null
if no such username exists.public String getWorkspaceOwner(long workspaceId)
AccessControlService
getWorkspaceOwner
in interface AccessControlService
null
if no owner is set.public void setWorkspaceOwner(Topic workspace, String username)
AccessControlService
setWorkspaceOwner
in interface AccessControlService
public void enrichWithOwnerInfo(Topic workspace)
AccessControlService
dmx.accesscontrol.owner
).enrichWithOwnerInfo
in interface AccessControlService
public List<RelatedTopic> getMemberships(String username)
AccessControlService
getMemberships
in interface AccessControlService
public List<RelatedTopic> getMemberships(long workspaceId)
AccessControlService
getMemberships
in interface AccessControlService
public boolean isMember(String username, long workspaceId)
AccessControlService
isMember
in interface AccessControlService
username
- the user.
If null
is passed, false
is returned.
If an unknown username is passed an exception is thrown.workspaceId
- the workspace.true
if the user is a member, false
otherwise.public Assoc getMembership(String username, long workspaceId)
getMembership
in interface AccessControlService
null
if the
user is not a member.public void createMembership(String username, long workspaceId)
AccessControlService
createMembership
in interface AccessControlService
public List<RelatedTopic> bulkUpdateMemberships(String username, IdList addWorkspaceIds, IdList removeWorkspaceIds)
bulkUpdateMemberships
in interface AccessControlService
public List<RelatedTopic> bulkUpdateMemberships(long workspaceId, IdList addUserIds, IdList removeUserIds)
bulkUpdateMemberships
in interface AccessControlService
public long getAdminWorkspaceId()
getAdminWorkspaceId
in interface AccessControlService
public Permissions getPermissions(long objectId)
getPermissions
in interface AccessControlService
objectId
- a topic ID, or an association ID.dmx.accesscontrol.operation.write
.public String getCreator(long objectId)
AccessControlService
getCreator
in interface AccessControlService
null
if no creator is set.public String getModifier(long objectId)
AccessControlService
getModifier
in interface AccessControlService
null
if no modifier is set.public void enrichWithUserInfo(DMXObject object)
AccessControlService
dmx.accesscontrol.creator
and dmx.accesscontrol.modifier
).enrichWithUserInfo
in interface AccessControlService
public Collection<Topic> getWorkspacesByOwner(String username)
getWorkspacesByOwner
in interface AccessControlService
public Collection<Topic> getTopicsByCreator(String username)
getTopicsByCreator
in interface AccessControlService
public Collection<Assoc> getAssocsByCreator(String username)
getAssocsByCreator
in interface AccessControlService
public Set<String> getAuthorizationMethods()
AccessControlService
AccessControlService.registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod)
.getAuthorizationMethods
in interface AccessControlService
AccessControlService.registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod)
, but is an integral part of the DMX platform.public void registerAuthorizationMethod(String name, AuthorizationMethod am)
AccessControlService
registerAuthorizationMethod
in interface AccessControlService
public void unregisterAuthorizationMethod(String name)
AccessControlService
unregisterAuthorizationMethod
in interface AccessControlService
public void preInstall()
preInstall
in interface PluginContext
preInstall
in class PluginActivator
public void shutdown()
shutdown
in interface PluginContext
shutdown
in class PluginActivator
public TopicModel getConfigValue(Topic topic)
getConfigValue
in interface ConfigCustomizer
public void checkTopicReadAccess(long topicId)
checkTopicReadAccess
in interface CheckTopicReadAccess
public void checkTopicWriteAccess(long topicId)
checkTopicWriteAccess
in interface CheckTopicWriteAccess
public void checkAssocReadAccess(long assocId)
checkAssocReadAccess
in interface CheckAssocReadAccess
public void checkAssocWriteAccess(long assocId)
checkAssocWriteAccess
in interface CheckAssocWriteAccess
public void postCreateTopic(Topic topic)
postCreateTopic
in interface PostCreateTopic
public void preCreateAssoc(AssocModel assoc)
preCreateAssoc
in interface PreCreateAssoc
public void postCreateAssoc(Assoc assoc)
postCreateAssoc
in interface PostCreateAssoc
public void preUpdateTopic(Topic topic, TopicModel updateModel)
preUpdateTopic
in interface PreUpdateTopic
public void postUpdateTopic(Topic topic, ChangeReport report, TopicModel updateModel)
postUpdateTopic
in interface PostUpdateTopic
public void postUpdateAssoc(Assoc assoc, ChangeReport report, AssocModel updateModel)
postUpdateAssoc
in interface PostUpdateAssoc
public void postDeleteTopic(TopicModel topic)
postDeleteTopic
in interface PostDeleteTopic
public void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
serviceRequestFilter
in interface ServiceRequestFilter
public void staticResourceFilter(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse)
staticResourceFilter
in interface StaticResourceFilter
public void checkDiskQuota(String username, long fileSize, long diskQuota)
checkDiskQuota
in interface CheckDiskQuota
Copyright © 2023. All Rights Reserved.