Package systems.dmx.accesscontrol
Class AccessControlPlugin
- java.lang.Object
-
- systems.dmx.core.osgi.PluginActivator
-
- systems.dmx.accesscontrol.AccessControlPlugin
-
- All Implemented Interfaces:
org.osgi.framework.BundleActivator,AccessControlService,ConfigCustomizer,PluginContext,CheckAssocReadAccess,CheckAssocWriteAccess,CheckTopicReadAccess,CheckTopicWriteAccess,PostCreateAssoc,PostCreateTopic,PostUpdateAssoc,PostUpdateTopic,PreCreateAssoc,ServiceRequestFilter,StaticResourceFilter,EventListener,CheckDiskQuota
public class AccessControlPlugin extends PluginActivator implements AccessControlService, ConfigCustomizer, CheckTopicReadAccess, CheckTopicWriteAccess, CheckAssocReadAccess, CheckAssocWriteAccess, PreCreateAssoc, PostCreateTopic, PostCreateAssoc, PostUpdateTopic, PostUpdateAssoc, ServiceRequestFilter, StaticResourceFilter, CheckDiskQuota
-
-
Field Summary
-
Fields inherited from class systems.dmx.core.osgi.PluginActivator
bundle, dmx, mf
-
Fields inherited from interface systems.dmx.accesscontrol.AccessControlService
ADMIN_INITIAL_PASSWORD, ADMIN_USERNAME, ADMIN_WORKSPACE_NAME, ADMIN_WORKSPACE_SHARING_MODE, ADMIN_WORKSPACE_URI, DEFAULT_PRIVATE_WORKSPACE_NAME, SYSTEM_WORKSPACE_NAME, SYSTEM_WORKSPACE_SHARING_MODE, SYSTEM_WORKSPACE_URI
-
-
Constructor Summary
Constructors Constructor Description AccessControlPlugin()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description Topic_createUserAccount(Credentials cred)Deprecated.List<RelatedTopic>bulkUpdateMemberships(long workspaceId, IdList addUserIds, IdList removeUserIds)List<RelatedTopic>bulkUpdateMemberships(String username, IdList addWorkspaceIds, IdList removeWorkspaceIds)voidcheckAdmin()Checks if the current user is a DMX admin and throws AccessControlException if not.voidcheckAssocReadAccess(long assocId)voidcheckAssocWriteAccess(long assocId)voidcheckDiskQuota(String username, long fileSize, long diskQuota)voidcheckTopicReadAccess(long topicId)voidcheckTopicWriteAccess(long topicId)voidcreateMembership(String username, long workspaceId)Makes the given user a member of the given workspace.TopiccreateUserAccount(Credentials cred)Deprecated.TopiccreateUsername(String username)Deprecated.voidenrichWithOwnerInfo(Topic workspace)Retrieves the OWNER and stores it in the given topic's model (under synthetic child type URIdmx.accesscontrol.owner).voidenrichWithUserInfo(DMXObject object)Retrieves the CREATOR/MODIFIER usernames and stores them in the given object's model (under synthetic child type URIsdmx.accesscontrol.creatoranddmx.accesscontrol.modifier).longgetAdminWorkspaceId()Collection<Assoc>getAssocsByCreator(String username)Set<String>getAuthorizationMethods()Returns the names of all authorization methods, as registered byAccessControlService.registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod).TopicModelgetConfigValue(Topic topic)StringgetCreator(long objectId)Returns the creator of a topic or an association.AssocgetMembership(String username, long workspaceId)List<RelatedTopic>getMemberships(long workspaceId)Returns the members of the given workspace.List<RelatedTopic>getMemberships(String username)Returns the workspaces of the given user.StringgetModifier(long objectId)Returns the modifier of a topic or an association.PermissionsgetPermissions(long objectId)TopicgetPrivateWorkspace()Returns the private workspace of the logged in user.Collection<Topic>getTopicsByCreator(String username)StringgetUsername()Returns the username of the logged in user.TopicgetUsernameTopic()Returns the "Username" topic of the logged in user.TopicgetUsernameTopic(String username)Returns the "Username" topic for the specified username (case-insensitive).StringgetWorkspaceOwner(long workspaceId)Returns the owner of a workspace.Collection<Topic>getWorkspacesByOwner(String username)booleanisMember(String username, long workspaceId)Checks if a user is a member of the given workspace.voidlogin()Checks whether the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session.voidlogout()Logs the user out.voidpostCreateAssoc(Assoc assoc)voidpostCreateTopic(Topic topic)voidpostUpdateAssoc(Assoc assoc, ChangeReport report, AssocModel updateModel)voidpostUpdateTopic(Topic topic, ChangeReport report, TopicModel updateModel)voidpreCreateAssoc(AssocModel assoc)voidpreInstall()voidregisterAuthorizationMethod(String name, AuthorizationMethod am)Registers an authorization method under the given name, e.g.voidserviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)voidsetWorkspaceOwner(Topic workspace, String username)Sets the owner of a workspace.voidshutdown()voidstaticResourceFilter(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse)voidunregisterAuthorizationMethod(String name)Unregisters the authorization method that has been registered under the given name.-
Methods inherited from class systems.dmx.core.osgi.PluginActivator
getBundleContext, getPluginName, getStaticResource, getUri, init, publishFileSystem, serviceArrived, serviceGone, setCoreService, start, stop, toString
-
-
-
-
Method Detail
-
createUserAccount
@Deprecated public Topic createUserAccount(Credentials cred)
Deprecated.- Specified by:
createUserAccountin interfaceAccessControlService
-
_createUserAccount
@Deprecated public Topic _createUserAccount(Credentials cred) throws Exception
Deprecated.- Specified by:
_createUserAccountin interfaceAccessControlService- Throws:
Exception
-
createUsername
@Deprecated public Topic createUsername(String username)
Deprecated.- Specified by:
createUsernamein interfaceAccessControlService
-
login
public void login()
Description copied from interface:AccessControlServiceChecks whether the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session. ### FIXDOC- Specified by:
loginin interfaceAccessControlService
-
logout
public void logout()
Description copied from interface:AccessControlServiceLogs the user out. That is invalidating the session associated with the JSESSION ID cookie. For a "non-private" DM installation the response is 204 No Content. For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable when logged in.- Specified by:
logoutin interfaceAccessControlService
-
getUsername
public String getUsername()
Description copied from interface:AccessControlServiceReturns the username of the logged in user.- Specified by:
getUsernamein interfaceAccessControlService- Returns:
- The username, or
nullif no user is logged in.
-
getUsernameTopic
public Topic getUsernameTopic()
Description copied from interface:AccessControlServiceReturns the "Username" topic of the logged in user.- Specified by:
getUsernameTopicin interfaceAccessControlService- Returns:
- The "Username" topic (type
dmx.accesscontrol.username), ornullif no user is logged in.
-
getPrivateWorkspace
public Topic getPrivateWorkspace()
Description copied from interface:AccessControlServiceReturns the private workspace of the logged in user.Note: a user can have more than one private workspace. This method returns only the first one.
- Specified by:
getPrivateWorkspacein interfaceAccessControlService- Returns:
- The logged in user's private workspace (a topic of type "Workspace").
-
checkAdmin
public void checkAdmin()
Description copied from interface:AccessControlServiceChecks if the current user is a DMX admin and throws AccessControlException if not. Note: if invoked as "System" no AccessControlException is thrown.- Specified by:
checkAdminin interfaceAccessControlService
-
getUsernameTopic
public Topic getUsernameTopic(String username)
Description copied from interface:AccessControlServiceReturns the "Username" topic for the specified username (case-insensitive).- Specified by:
getUsernameTopicin interfaceAccessControlService- Parameters:
username- a username. Must not be null.- Returns:
- The "Username" topic (type
dmx.accesscontrol.username), ornullif no such username exists.
-
getWorkspaceOwner
public String getWorkspaceOwner(long workspaceId)
Description copied from interface:AccessControlServiceReturns the owner of a workspace.- Specified by:
getWorkspaceOwnerin interfaceAccessControlService- Returns:
- The username of the owner, or
nullif no owner is set.
-
setWorkspaceOwner
public void setWorkspaceOwner(Topic workspace, String username)
Description copied from interface:AccessControlServiceSets the owner of a workspace. ### TODO: should take an ID instead a topic. ### Core service must be extended with a property setter.- Specified by:
setWorkspaceOwnerin interfaceAccessControlService
-
enrichWithOwnerInfo
public void enrichWithOwnerInfo(Topic workspace)
Description copied from interface:AccessControlServiceRetrieves the OWNER and stores it in the given topic's model (under synthetic child type URIdmx.accesscontrol.owner).- Specified by:
enrichWithOwnerInfoin interfaceAccessControlService
-
getMemberships
public List<RelatedTopic> getMemberships(String username)
Description copied from interface:AccessControlServiceReturns the workspaces of the given user.- Specified by:
getMembershipsin interfaceAccessControlService- Returns:
- a list of Workspace topics. The "relating" part is the Membership association.
-
getMemberships
public List<RelatedTopic> getMemberships(long workspaceId)
Description copied from interface:AccessControlServiceReturns the members of the given workspace.- Specified by:
getMembershipsin interfaceAccessControlService- Returns:
- a list of Username topics. The "relating" part is the Membership association.
-
isMember
public boolean isMember(String username, long workspaceId)
Description copied from interface:AccessControlServiceChecks if a user is a member of the given workspace.- Specified by:
isMemberin interfaceAccessControlService- Parameters:
username- the user. Ifnullis passed,falseis returned. If an unknown username is passed an exception is thrown.workspaceId- the workspace.- Returns:
trueif the user is a member,falseotherwise.
-
getMembership
public Assoc getMembership(String username, long workspaceId)
- Specified by:
getMembershipin interfaceAccessControlService- Returns:
- the Membership assoc between the given username and workspace, or
nullif the user is not a member.
-
createMembership
public void createMembership(String username, long workspaceId)
Description copied from interface:AccessControlServiceMakes the given user a member of the given workspace.- Specified by:
createMembershipin interfaceAccessControlService
-
bulkUpdateMemberships
public List<RelatedTopic> bulkUpdateMemberships(String username, IdList addWorkspaceIds, IdList removeWorkspaceIds)
- Specified by:
bulkUpdateMembershipsin interfaceAccessControlService- Returns:
- a list of Workspace topics. The "relating" part is the Membership association.
-
bulkUpdateMemberships
public List<RelatedTopic> bulkUpdateMemberships(long workspaceId, IdList addUserIds, IdList removeUserIds)
- Specified by:
bulkUpdateMembershipsin interfaceAccessControlService- Returns:
- a list of Username topics. The "relating" part is the Membership association.
-
getAdminWorkspaceId
public long getAdminWorkspaceId()
- Specified by:
getAdminWorkspaceIdin interfaceAccessControlService
-
getPermissions
public Permissions getPermissions(long objectId)
- Specified by:
getPermissionsin interfaceAccessControlService- Parameters:
objectId- a topic ID, or an association ID.- Returns:
- A Permissions object with one entry:
dmx.accesscontrol.operation.write.
-
getCreator
public String getCreator(long objectId)
Description copied from interface:AccessControlServiceReturns the creator of a topic or an association.- Specified by:
getCreatorin interfaceAccessControlService- Returns:
- The username of the creator, or
nullif no creator is set.
-
getModifier
public String getModifier(long objectId)
Description copied from interface:AccessControlServiceReturns the modifier of a topic or an association.- Specified by:
getModifierin interfaceAccessControlService- Returns:
- The username of the modifier, or
nullif no modifier is set.
-
enrichWithUserInfo
public void enrichWithUserInfo(DMXObject object)
Description copied from interface:AccessControlServiceRetrieves the CREATOR/MODIFIER usernames and stores them in the given object's model (under synthetic child type URIsdmx.accesscontrol.creatoranddmx.accesscontrol.modifier).- Specified by:
enrichWithUserInfoin interfaceAccessControlService
-
getWorkspacesByOwner
public Collection<Topic> getWorkspacesByOwner(String username)
- Specified by:
getWorkspacesByOwnerin interfaceAccessControlService
-
getTopicsByCreator
public Collection<Topic> getTopicsByCreator(String username)
- Specified by:
getTopicsByCreatorin interfaceAccessControlService
-
getAssocsByCreator
public Collection<Assoc> getAssocsByCreator(String username)
- Specified by:
getAssocsByCreatorin interfaceAccessControlService
-
getAuthorizationMethods
public Set<String> getAuthorizationMethods()
Description copied from interface:AccessControlServiceReturns the names of all authorization methods, as registered byAccessControlService.registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod).- Specified by:
getAuthorizationMethodsin interfaceAccessControlService- Returns:
- the names of all registered authorization methods. Might be empty.
Note: authorization method "BASIC" is not included. This one is not registered by
AccessControlService.registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod), but is an integral part of the DMX platform.
-
registerAuthorizationMethod
public void registerAuthorizationMethod(String name, AuthorizationMethod am)
Description copied from interface:AccessControlServiceRegisters an authorization method under the given name, e.g. "LDAP".- Specified by:
registerAuthorizationMethodin interfaceAccessControlService
-
unregisterAuthorizationMethod
public void unregisterAuthorizationMethod(String name)
Description copied from interface:AccessControlServiceUnregisters the authorization method that has been registered under the given name. If no authorization method is registered under that name, nothing happens.- Specified by:
unregisterAuthorizationMethodin interfaceAccessControlService
-
preInstall
public void preInstall()
- Specified by:
preInstallin interfacePluginContext- Overrides:
preInstallin classPluginActivator
-
shutdown
public void shutdown()
- Specified by:
shutdownin interfacePluginContext- Overrides:
shutdownin classPluginActivator
-
getConfigValue
public TopicModel getConfigValue(Topic topic)
- Specified by:
getConfigValuein interfaceConfigCustomizer
-
checkTopicReadAccess
public void checkTopicReadAccess(long topicId)
- Specified by:
checkTopicReadAccessin interfaceCheckTopicReadAccess
-
checkTopicWriteAccess
public void checkTopicWriteAccess(long topicId)
- Specified by:
checkTopicWriteAccessin interfaceCheckTopicWriteAccess
-
checkAssocReadAccess
public void checkAssocReadAccess(long assocId)
- Specified by:
checkAssocReadAccessin interfaceCheckAssocReadAccess
-
checkAssocWriteAccess
public void checkAssocWriteAccess(long assocId)
- Specified by:
checkAssocWriteAccessin interfaceCheckAssocWriteAccess
-
postCreateTopic
public void postCreateTopic(Topic topic)
- Specified by:
postCreateTopicin interfacePostCreateTopic
-
preCreateAssoc
public void preCreateAssoc(AssocModel assoc)
- Specified by:
preCreateAssocin interfacePreCreateAssoc
-
postCreateAssoc
public void postCreateAssoc(Assoc assoc)
- Specified by:
postCreateAssocin interfacePostCreateAssoc
-
postUpdateTopic
public void postUpdateTopic(Topic topic, ChangeReport report, TopicModel updateModel)
- Specified by:
postUpdateTopicin interfacePostUpdateTopic
-
postUpdateAssoc
public void postUpdateAssoc(Assoc assoc, ChangeReport report, AssocModel updateModel)
- Specified by:
postUpdateAssocin interfacePostUpdateAssoc
-
serviceRequestFilter
public void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
- Specified by:
serviceRequestFilterin interfaceServiceRequestFilter
-
staticResourceFilter
public void staticResourceFilter(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse)- Specified by:
staticResourceFilterin interfaceStaticResourceFilter
-
checkDiskQuota
public void checkDiskQuota(String username, long fileSize, long diskQuota)
- Specified by:
checkDiskQuotain interfaceCheckDiskQuota
-
-