org.apache.jetspeed.security
Interface SecurityAccessController


public interface SecurityAccessController

This component abstracts access to security checks. Jetspeed supports two kinds of secured access:

Permissions are checked via Java Security. Jetspeed implements its own security policy. Constrainted are checked via the Page Manager's constraints. Either way, the implicit Jetspeed Security Subject is applied to the security access check.

Version:
$Id: $
Author:
David Sean Taylor

Field Summary
static int CONSTRAINTS
          Use the Jetspeed Security Constraints to make secure access checks
static int PERMISSIONS
          Use the Java Security Policy (Permissions) to make secure access checks
 
Method Summary
 boolean checkPortletAccess(PortletDefinitionComposite portlet, int mask)
           Checks access for the implicit active subject's access to the resource protected by the portlet permission This is an abstraction introduced in 2.1 for Permission Manager implementations NOT founded upon the a Java security policy.
 int getSecurityMode()
          Returns the configured security mode for this accessor This component can be configured to make Java Security Policy permission checks or Jetspeed Security Constraint checks
 

Field Detail

PERMISSIONS

static final int PERMISSIONS
Use the Java Security Policy (Permissions) to make secure access checks

See Also:
Constant Field Values

CONSTRAINTS

static final int CONSTRAINTS
Use the Jetspeed Security Constraints to make secure access checks

See Also:
Constant Field Values
Method Detail

checkPortletAccess

boolean checkPortletAccess(PortletDefinitionComposite portlet,
                           int mask)

Checks access for the implicit active subject's access to the resource protected by the portlet permission This is an abstraction introduced in 2.1 for Permission Manager implementations NOT founded upon the a Java security policy. If the Permission Manager is configured to run with Security Constraints, then a security constraint check is made. Otherwise, a standard Java Security permission check is made.

Parameters:
portlet - The portlet to be checked
mask - A mask JetspeedActions such as view, edit
Returns:
true if access is granted, false if access denied based on policy or constraints

getSecurityMode

int getSecurityMode()
Returns the configured security mode for this accessor This component can be configured to make Java Security Policy permission checks or Jetspeed Security Constraint checks

Returns:
either PERMISSIONS or CONSTRAINTS


Copyright © 1999-2007 Apache Software Foundation. All Rights Reserved.