Interface Security


  • public interface Security
    Security interface. This interface defines authorization-related methods.

    Implementations must be thread-safe because the instance will be shared among multiple threads.

    Note that the API is changing. New versions might not reference a Delegator. Therefore, implementations requiring a Delegator reference should get one from the GenericValue method argument.

    • Method Summary

      All Methods Instance Methods Abstract Methods Deprecated Methods 
      Modifier and Type Method Description
      void clearUserData​(GenericValue userLogin)
      Clears any user-related cached data.
      java.util.Iterator<GenericValue> findUserLoginSecurityGroupByUserLoginId​(java.lang.String userLoginId)
      Deprecated.
      No replacement.
      Delegator getDelegator()
      Deprecated.
      No replacement.
      boolean hasEntityPermission​(java.lang.String entity, java.lang.String action, javax.servlet.http.HttpSession session)
      Like hasPermission above, except it has functionality specific to Entity permissions.
      boolean hasEntityPermission​(java.lang.String entity, java.lang.String action, GenericValue userLogin)
      Like hasPermission above, except it has functionality specific to Entity permissions.
      boolean hasPermission​(java.lang.String permission, javax.servlet.http.HttpSession session)
      Checks to see if the currently logged in userLogin has the passed permission.
      boolean hasPermission​(java.lang.String permission, GenericValue userLogin)
      Checks to see if the userLogin has the passed permission.
      boolean hasRolePermission​(java.lang.String application, java.lang.String action, java.lang.String primaryKey, java.lang.String role, javax.servlet.http.HttpSession session)
      Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
      boolean hasRolePermission​(java.lang.String application, java.lang.String action, java.lang.String primaryKey, java.lang.String role, GenericValue userLogin)
      Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
      boolean hasRolePermission​(java.lang.String application, java.lang.String action, java.lang.String primaryKey, java.util.List<java.lang.String> roles, javax.servlet.http.HttpSession session)
      Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
      boolean hasRolePermission​(java.lang.String application, java.lang.String action, java.lang.String primaryKey, java.util.List<java.lang.String> roles, GenericValue userLogin)
      Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
      boolean securityGroupPermissionExists​(java.lang.String groupId, java.lang.String permission)
      Deprecated.
      No replacement.
      void setDelegator​(Delegator delegator)
      Deprecated.
      No replacement.
    • Method Detail

      • getDelegator

        @Deprecated
        Delegator getDelegator()
        Deprecated.
        No replacement.
      • setDelegator

        @Deprecated
        void setDelegator​(Delegator delegator)
        Deprecated.
        No replacement.
      • findUserLoginSecurityGroupByUserLoginId

        @Deprecated
        java.util.Iterator<GenericValue> findUserLoginSecurityGroupByUserLoginId​(java.lang.String userLoginId)
        Deprecated.
        No replacement.
        Uses userLoginSecurityGroupByUserLoginId cache to speed up the finding of the userLogin's security group list.
        Parameters:
        userLoginId - The userLoginId to find security groups by
        Returns:
        An iterator made from the Collection either cached or retrieved from the database through the UserLoginSecurityGroup Delegator.
      • securityGroupPermissionExists

        @Deprecated
        boolean securityGroupPermissionExists​(java.lang.String groupId,
                                              java.lang.String permission)
        Deprecated.
        No replacement.
        Finds whether or not a SecurityGroupPermission row exists given a groupId and permission. The groupId,permission pair is cached instead of the userLoginId,permission pair to keep the cache small and to make it more changeable.
        Parameters:
        groupId - The ID of the group
        permission - The name of the permission
        Returns:
        boolean specifying whether or not a SecurityGroupPermission row exists
      • hasPermission

        boolean hasPermission​(java.lang.String permission,
                              javax.servlet.http.HttpSession session)
        Checks to see if the currently logged in userLogin has the passed permission.
        Parameters:
        permission - Name of the permission to check.
        session - The current HTTP session, contains the logged in userLogin as an attribute.
        Returns:
        Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
      • hasPermission

        boolean hasPermission​(java.lang.String permission,
                              GenericValue userLogin)
        Checks to see if the userLogin has the passed permission.
        Parameters:
        permission - Name of the permission to check.
        userLogin - The userLogin object for user to check against.
        Returns:
        Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
      • hasEntityPermission

        boolean hasEntityPermission​(java.lang.String entity,
                                    java.lang.String action,
                                    javax.servlet.http.HttpSession session)
        Like hasPermission above, except it has functionality specific to Entity permissions. Checks the entity for the specified action, as well as for "_ADMIN" to allow for simplified general administration permission.
        Parameters:
        entity - The name of the Entity corresponding to the desired permission.
        action - The action on the Entity corresponding to the desired permission.
        session - The current HTTP session, contains the logged in userLogin as an attribute.
        Returns:
        Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
      • hasEntityPermission

        boolean hasEntityPermission​(java.lang.String entity,
                                    java.lang.String action,
                                    GenericValue userLogin)
        Like hasPermission above, except it has functionality specific to Entity permissions. Checks the entity for the specified action, as well as for "_ADMIN" to allow for simplified general administration permission.
        Parameters:
        entity - The name of the Entity corresponding to the desired permission.
        action - The action on the Entity corresponding to the desired permission.
        userLogin - The userLogin object for user to check against.
        Returns:
        Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
      • hasRolePermission

        boolean hasRolePermission​(java.lang.String application,
                                  java.lang.String action,
                                  java.lang.String primaryKey,
                                  java.lang.String role,
                                  javax.servlet.http.HttpSession session)
        Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
        Parameters:
        application - The name of the application corresponding to the desired permission.
        action - The action on the application corresponding to the desired permission.
        primaryKey - The primary key for the role check.
        role - The roleTypeId which the user must validate with.
        session - The current HTTP session, contains the logged in userLogin as an attribute.
        Returns:
        Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
      • hasRolePermission

        boolean hasRolePermission​(java.lang.String application,
                                  java.lang.String action,
                                  java.lang.String primaryKey,
                                  java.lang.String role,
                                  GenericValue userLogin)
        Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
        Parameters:
        application - The name of the application corresponding to the desired permission.
        action - The action on the application corresponding to the desired permission.
        primaryKey - The primary key for the role check.
        role - The roleTypeId which the user must validate with.
        userLogin - The userLogin object for user to check against.
        Returns:
        Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
      • hasRolePermission

        boolean hasRolePermission​(java.lang.String application,
                                  java.lang.String action,
                                  java.lang.String primaryKey,
                                  java.util.List<java.lang.String> roles,
                                  GenericValue userLogin)
        Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
        Parameters:
        application - The name of the application corresponding to the desired permission.
        action - The action on the application corresponding to the desired permission.
        primaryKey - The primary key for the role check.
        roles - List of roleTypeId of which the user must validate with (ORed).
        userLogin - The userLogin object for user to check against.
        Returns:
        Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
      • hasRolePermission

        boolean hasRolePermission​(java.lang.String application,
                                  java.lang.String action,
                                  java.lang.String primaryKey,
                                  java.util.List<java.lang.String> roles,
                                  javax.servlet.http.HttpSession session)
        Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
        Parameters:
        application - The name of the application corresponding to the desired permission.
        action - The action on the application corresponding to the desired permission.
        primaryKey - The primary key for the role check.
        roles - List of roleTypeId of which the user must validate with (ORed).
        session - The current HTTP session, contains the logged in userLogin as an attribute.
        Returns:
        Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
      • clearUserData

        void clearUserData​(GenericValue userLogin)
        Clears any user-related cached data. This method is called by the framework to indicate a user has logged out. Implementations should clear any cached data related to the user.
        Parameters:
        userLogin - The user login to be cleared