SecurityPolicyService (Nuxeo Enterprise Platform 5.4 API Documentation)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Nuxeo Enterprise Platform 5.4

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.nuxeo.ecm.core.security
Interface SecurityPolicyService

All Superinterfaces:: java.io.Serializable

All Known Implementing Classes:: SecurityPolicyServiceImpl

public interface SecurityPolicyService
extends java.io.Serializable
extends java.io.Serializable

Service checking permissions for pluggable policies.

Author:: Anahide Tchertchian, Florent Guillaume

Method Summary
`boolean`	`arePoliciesExpressibleInQuery()` Checks if the policies can be expressed in a query.
`boolean`	`arePoliciesRestrictingPermission(java.lang.String permission)` Checks if any policy restricts the given permission.
`Access`	`checkPermission(Document doc, ACP mergedAcp, java.security.Principal principal, java.lang.String permission, java.lang.String[] resolvedPermissions, java.lang.String[] principalsToCheck)` Checks given permission for doc and principal.
`java.util.Collection<SQLQuery.Transformer>`	`getPoliciesQueryTransformers()` Get the transformers to apply the policies to a query.
`void`	`registerDescriptor(SecurityPolicyDescriptor descriptor)`
`void`	`unregisterDescriptor(SecurityPolicyDescriptor descriptor)`

Method Detail

checkPermission

Access checkPermission(Document doc,
                       ACP mergedAcp,
                       java.security.Principal principal,
                       java.lang.String permission,
                       java.lang.String[] resolvedPermissions,
                       java.lang.String[] principalsToCheck)

Checks given permission for doc and principal.

The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.

Parameters:: doc - the document to check; mergedAcp - merged acp resolved for this document; principal - principal to check; permission - permission to check; resolvedPermissions - permissions or groups of permissions containing permission; principalsToCheck - principals (groups) to check for principal
Returns:: access: true, false, or nothing. When nothing is returned, following policies or default core security are applied.

registerDescriptor

void registerDescriptor(SecurityPolicyDescriptor descriptor)

unregisterDescriptor

void unregisterDescriptor(SecurityPolicyDescriptor descriptor)

arePoliciesRestrictingPermission

boolean arePoliciesRestrictingPermission(java.lang.String permission)

Checks if any policy restricts the given permission.

If not, then no post-filtering on policies will be needed for query results.

Returns:: true if a policy restricts the permission

arePoliciesExpressibleInQuery

boolean arePoliciesExpressibleInQuery()

Checks if the policies can be expressed in a query.

If not, then any query made will have to be post-filtered.

Returns:: true if all policies can be expressed in a query

getPoliciesQueryTransformers

java.util.Collection<SQLQuery.Transformer> getPoliciesQueryTransformers()

Get the transformers to apply the policies to a query.

Returns:: the transformers.