Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver '04
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.sapportals.wcm.repository.security
Interface IResourceAclManager

[contained in: com.sap.netweaver.bc.rf.par - bc.rf.framework_api.jar]
All Known Subinterfaces:
IResourceAclManagerRaw
public interface IResourceAclManager

An IResourceAclManager administers and persists Access Control Lists (ACL)
- IResourceAclManagers are used by IAclSecurityManagers
- IResourceAclManagers use IAclManagers (one to one)
- IResourceAclManagers operate on IResources
- IAclManagers operate on arbitrary objects which are identified by an unique ID
- IResourceAclManagers pass the RID of the IResources as object ID to the IAclManagers
- IResourceAclManagers pass the logged in user (from the resource context) as the 'caller' to IAclManagers
- IResourceAclManagers use the wrappers IResourceAcl (for IAcl), IResourceAclEntry (for IAclEntry) in order to hide the calls of the IAclManager (so that nobody can pass a fake 'caller')

Abbreviations
ACL: Access Control List
ACE: Access Control List Entry

Copyright (c) SAP AG 2001-2004

Method Summary
 boolean addSupportedPermission(IObjectType objectType, IAclPermission permission)
          assign a permission to an object type
 boolean[] areAclsUpToDate(IResourceAcl[] acls)
          check whether the ACLs are up to date (compared to the database)
 boolean areNegativeAclEntriesSupported()
          check whether negative ACEs are supported
 boolean assignForeignAcl(IResourceAcl foreignAcl, IResource resource)
          assign an ACL from a foreign IResourceAclManager to a local resource - foreign ACEs which hold permissions that are not supported by the local IResourceAclManager are ignored - locally inherited ACEs are added - the owners are maintained - if the resource inherits an ACL the user must be an owner - fails, if the resource already has an ACL assigned
 IResourceAcl createAcl(IResource resource)
          create a new ACL for a resource - initial owner is the user in the resource context - inherited ACEs are added - if the resource inherits an ACL the user must be an owner - fails, if the resource already has an ACL assigned
 IResourceAclEntry createAclEntry(com.sapportals.portal.security.usermanagement.IUMPrincipal principal, boolean negative, IAclPermission permission, int sortIndex)
          create a new ACE for an ACL to grant or deny a permission to a principal
 IAclPermission createPermission(java.lang.String name)
          create a new permission (the permission can not be used until it is assigned to an object type by calling the addSupportedPermission() method)
 IResourceAcl getAcl(IResource resource)
          get the ACL of a specific resource
 long getDBVersion()
          Returns a value representing the state (timestamp or modifycounter) of all persisted acl entries.
 IResourceAcl getInheritedAcl(IResource resource)
          get the ACL that a resource inherits by its ancestors
 IObjectType getObjectType(IResource resource)
          get the object type of a resource
 IAclPermission getPermission(java.lang.String name)
          get the IAclPermission object of the (supported) permission with a given name
 IObjectTypeList getSupportedObjectTypes()
          get a list of object types which are supported by the IResourceAclManager for resources
 IAclPermissionList getSupportedPermissions(IResource resource)
          get a list of permissions which are supported by the IResourceAclManager for a specific resource
 boolean isPermissionUsedInAcl(IAclPermission permission)
          check whether a permission is used in an ACL
 boolean isReadOnly()
          check whether the IResourceAclManager is read only (no creation or modification of ACLs is allowed)
 IResourceList propagateAcl_Remove(IResource resource)
          remove the ACLs of the descendants of the resource
 boolean removeAcl(IResource resource)
          remove the ACL of a specific resource
 boolean removeAcl(IResourceAcl acl)
          remove an ACL
 boolean removePermission(IAclPermission permission)
          remove a permission - a permission can only be removed if it is not predefined and not used in an ACL
 boolean removeSupportedPermission(IObjectType objectType, IAclPermission permission)
          remove the assignment of a permission to an object type - a supported permission can only be removed if it is not predefined and not used in an ACL
 

Method Detail

createAclEntry

public IResourceAclEntry createAclEntry(com.sapportals.portal.security.usermanagement.IUMPrincipal principal,
                                        boolean negative,
                                        IAclPermission permission,
                                        int sortIndex)
                                 throws AclPersistenceException,
                                        java.lang.UnsupportedOperationException,
                                        InvalidClassException
create a new ACE for an ACL to grant or deny a permission to a principal
Parameters:
principal - the principal
negative - true if the entry denies a permission, false if it grants (denials are currently unsupported)
permission - the permission
sortIndex - the position of the ACE in an ACL (important only with denials)
Returns:
the newly created ACE
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
InvalidClassException - the permission was created by a foreign IResourceAclManager
java.lang.UnsupportedOperationException - negative ACEs are currently not supported (request support by using the areNegativeAclEntriesSupported() method)

areNegativeAclEntriesSupported

public boolean areNegativeAclEntriesSupported()
check whether negative ACEs are supported
Returns:
true iff negative ACEs are supported

createAcl

public IResourceAcl createAcl(IResource resource)
                       throws AclPersistenceException,
                              NotAuthorizedException,
                              AclExistsException,
                              ResourceException
create a new ACL for a resource - initial owner is the user in the resource context - inherited ACEs are added - if the resource inherits an ACL the user must be an owner - fails, if the resource already has an ACL assigned
Parameters:
resource - the resource
Returns:
the newly created ACL
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
NotAuthorizedException - the user in the resource context is not an owner of an inherited ACL
AclExistsException - an ACL already exists for the resource
ResourceException - the resource URI could not be determined

assignForeignAcl

public boolean assignForeignAcl(IResourceAcl foreignAcl,
                                IResource resource)
                         throws AclPersistenceException,
                                NotAuthorizedException,
                                AclExistsException,
                                ResourceException
assign an ACL from a foreign IResourceAclManager to a local resource - foreign ACEs which hold permissions that are not supported by the local IResourceAclManager are ignored - locally inherited ACEs are added - the owners are maintained - if the resource inherits an ACL the user must be an owner - fails, if the resource already has an ACL assigned
Parameters:
foreignAcl - the foreign ACL
resource - the local resource
Returns:
true iff the ACL has been assigned
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
NotAuthorizedException - the user in the resource context is not an owner of an inherited ACL
AclExistsException - an ACL already exists for the resource
ResourceException - the resource URI could not be determined

getAcl

public IResourceAcl getAcl(IResource resource)
                    throws AclPersistenceException,
                           ResourceException
get the ACL of a specific resource
Parameters:
resource - the resource
Returns:
the ACL of the resource or null in case none is assigned yet
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
ResourceException - the resource URI could not be determined

getInheritedAcl

public IResourceAcl getInheritedAcl(IResource resource)
                             throws AclPersistenceException,
                                    ResourceException
get the ACL that a resource inherits by its ancestors
Parameters:
resource - the resource
Returns:
the inherited ACL
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
ResourceException - the resource URI could not be determined

removeAcl

public boolean removeAcl(IResource resource)
                  throws AclPersistenceException,
                         NotAuthorizedException,
                         ResourceException,
                         ResourceException
remove the ACL of a specific resource
Parameters:
resource - the resource
Returns:
true iff an ACL did exist and was removed
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
NotAuthorizedException - the user in the resource context is not an owner of the ACL
ResourceException - the resource URI could not be determined

removeAcl

public boolean removeAcl(IResourceAcl acl)
                  throws AclPersistenceException,
                         NotAuthorizedException,
                         InvalidClassException,
                         ResourceException
remove an ACL
Parameters:
acl - the ACL
Returns:
true iff the ACL was removed
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
NotAuthorizedException - the caller is not an owner of the access control list
InvalidClassException - the acl was created by a foreign resource acl manager
ResourceException - Exception raised in failure situation

getSupportedObjectTypes

public IObjectTypeList getSupportedObjectTypes()
                                        throws AclPersistenceException
get a list of object types which are supported by the IResourceAclManager for resources
Returns:
the object types
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

getObjectType

public IObjectType getObjectType(IResource resource)
                          throws AclPersistenceException,
                                 ResourceException
get the object type of a resource
Parameters:
resource - the resource
Returns:
the object type
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
ResourceException - the resource URI could not be determined

getSupportedPermissions

public IAclPermissionList getSupportedPermissions(IResource resource)
                                           throws AclPersistenceException,
                                                  ResourceException
get a list of permissions which are supported by the IResourceAclManager for a specific resource
Parameters:
resource - the resource
Returns:
the permissions
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
ResourceException - the resource URI could not be determined

getPermission

public IAclPermission getPermission(java.lang.String name)
                             throws AclPersistenceException
get the IAclPermission object of the (supported) permission with a given name
Parameters:
name - the name of the permission
Returns:
the permission
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

addSupportedPermission

public boolean addSupportedPermission(IObjectType objectType,
                                      IAclPermission permission)
                               throws AclPersistenceException,
                                      PredefinedPermissionException
assign a permission to an object type
Parameters:
objectType - the object type
permission - the permission
Returns:
true iff the permission was assigned successfully
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
PredefinedPermissionException - the permission is predefined and thus not allowed to be changed

removeSupportedPermission

public boolean removeSupportedPermission(IObjectType objectType,
                                         IAclPermission permission)
                                  throws AclPersistenceException,
                                         PredefinedPermissionException,
                                         PermissionUsedException
remove the assignment of a permission to an object type - a supported permission can only be removed if it is not predefined and not used in an ACL
Parameters:
objectType - the object type
permission - the permission
Returns:
true iff the assignment was removed successfully
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
PredefinedPermissionException - the permission is predefined and thus not allowed to be changed
PermissionUsedException - Exception raised in failure situation

createPermission

public IAclPermission createPermission(java.lang.String name)
                                throws AclPersistenceException,
                                       PermissionExistsException
create a new permission (the permission can not be used until it is assigned to an object type by calling the addSupportedPermission() method)
Parameters:
name - the permission name
Returns:
the newly created permission
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
PermissionExistsException - a permission with that name exists already

removePermission

public boolean removePermission(IAclPermission permission)
                         throws AclPersistenceException,
                                PredefinedPermissionException,
                                PermissionUsedException
remove a permission - a permission can only be removed if it is not predefined and not used in an ACL
Parameters:
permission - the permission
Returns:
true iff the permission was removed successfully
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
PredefinedPermissionException - the permission is predefined and thus not allowed to be changed
PermissionUsedException - the permission is used in some acl and thus not allowed to be changed

isPermissionUsedInAcl

public boolean isPermissionUsedInAcl(IAclPermission permission)
                              throws AclPersistenceException
check whether a permission is used in an ACL
Parameters:
permission - the permission
Returns:
true iff the permission is used in an ACL
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

isReadOnly

public boolean isReadOnly()
                   throws AclPersistenceException
check whether the IResourceAclManager is read only (no creation or modification of ACLs is allowed)
Returns:
true iff the IResourceAclManager is read only
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

areAclsUpToDate

public boolean[] areAclsUpToDate(IResourceAcl[] acls)
                          throws AclPersistenceException
check whether the ACLs are up to date (compared to the database)
Parameters:
acls - the ACLs to check
Returns:
a boolean array containing true for the ACLs which are up to date
Throws:
AclPersistenceException - Exception raised in failure situation

propagateAcl_Remove

public IResourceList propagateAcl_Remove(IResource resource)
                                  throws AclPersistenceException,
                                         ResourceException,
                                         NoAclException,
                                         InvalidClassException,
                                         NotAuthorizedException
remove the ACLs of the descendants of the resource
Returns:
null if all acls could be removed successfully otherwise a list of all Resources which failed operation
Throws:
AclPersistenceException - Exception raised in failure situation
ResourceException - Exception raised in failure situation
NoAclException - Exception raised in failure situation
InvalidClassException - Exception raised in failure situation
NotAuthorizedException - Exception raised in failure situation

getDBVersion

public long getDBVersion()
Returns a value representing the state (timestamp or modifycounter) of all persisted acl entries. If a negative number is returned this method is not supported or an error occured.
Returns:
dBVersion
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver '04
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
Copyright © 2004 by SAP AG. All Rights Reserved.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.