SecurityAccessController (Jetspeed-2 Core API 2.1.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.jetspeed.security
Interface SecurityAccessController

public interface SecurityAccessController

This component abstracts access to security checks. Jetspeed supports two kinds of secured access:

Permissions
Constraints

Permissions are checked via Java Security. Jetspeed implements its own security policy. Constrainted are checked via the Page Manager's constraints. Either way, the implicit Jetspeed Security Subject is applied to the security access check.

Version:: $Id: $
Author:: David Sean Taylor

Field Summary
`static int`	`CONSTRAINTS` Use the Jetspeed Security Constraints to make secure access checks
`static int`	`PERMISSIONS` Use the Java Security Policy (Permissions) to make secure access checks

Method Summary
`boolean`	`checkPortletAccess(PortletDefinitionComposite portlet, int mask)` Checks access for the implicit active subject's access to the resource protected by the portlet permission This is an abstraction introduced in 2.1 for Permission Manager implementations NOT founded upon the a Java security policy.
`int`	`getSecurityMode()` Returns the configured security mode for this accessor This component can be configured to make Java Security Policy permission checks or Jetspeed Security Constraint checks

Field Detail

PERMISSIONS

static final int PERMISSIONS

Use the Java Security Policy (Permissions) to make secure access checks

See Also:: Constant Field Values

CONSTRAINTS

static final int CONSTRAINTS

Use the Jetspeed Security Constraints to make secure access checks

See Also:: Constant Field Values

Method Detail

checkPortletAccess

boolean checkPortletAccess(PortletDefinitionComposite portlet,
                           int mask)

Checks access for the implicit active subject's access to the resource protected by the portlet permission This is an abstraction introduced in 2.1 for Permission Manager implementations NOT founded upon the a Java security policy. If the Permission Manager is configured to run with Security Constraints, then a security constraint check is made. Otherwise, a standard Java Security permission check is made.

Parameters:: portlet - The portlet to be checked; mask - A mask JetspeedActions such as view, edit
Returns:: true if access is granted, false if access denied based on policy or constraints

getSecurityMode

int getSecurityMode()

Returns the configured security mode for this accessor This component can be configured to make Java Security Policy permission checks or Jetspeed Security Constraint checks

Returns:: either PERMISSIONS or CONSTRAINTS