Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver '04
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.sapportals.wcm.util.acl
Interface IAclManager

[contained in: com.sap.netweaver.bc.util.par - bc.util.public_api.jar]
All Known Subinterfaces:
IAclManagerRaw
public interface IAclManager

An IAclManager administers and persists Access Control Lists (ACLs).
Abbreviations:

Method Summary
 boolean addSupportedPermission(IObjectType objectType, IAclPermission permission)
          assign a permission to an object type
 boolean[] areAclsUpToDate(IAcl[] acls)
          check whether the ACLs are up to date (compared to the database)
 boolean changeAclID(com.sapportals.portal.security.usermanagement.IUMPrincipal caller, IAcl acl, java.lang.String newID)
          change the ID of an ACL ("rename")
 void changeMultipleAclIDs(java.lang.String oldAclIdPrefix, java.lang.String newAclIdPrefix)
          change the ID of multiple ACLs ("recursive rename") - does not change the root ACL (call changeAclID() for the root node previously to change the root ACL and to check for authorization)
 boolean[] checkPermissions(IAcl[] acls, com.sapportals.portal.security.usermanagement.IUMPrincipal principal, IAclPermission[] permissions)
          check multiple ACL permissions
 IAcl createAcl(com.sapportals.portal.security.usermanagement.IUMPrincipal owner, java.lang.String aclID, IObjectType objectType)
          create a new ACL
 IAclEntry createAclEntry(com.sapportals.portal.security.usermanagement.IUMPrincipal principal, boolean negative, IAclPermission permission, int sortIndex, boolean propagate)
          create a new ACE to grant or deny a permission to a principal
 IAclPermission createPermission(java.lang.String name)
          create a new permission (the permission can not be used until it is assigned to an object type by calling the addSupportedPermission() method)
 void deletePrincipal(java.lang.String principalID, int principalType)
          delete a principal - delete all ACEs which are subject to this principal - remove the principal from all ACL owner lists - if the principal is the last owner of an ACL, remove the ACL
 IAcl getAcl(java.lang.String aclID, long contextDBVersion)
          get a specific ACL
 IAcl[] getAcls(java.lang.String[] aclIDs)
          get multiple ACLs; set the ACLs as values of the HashMap; if no ACL is assigned to an ID the value will be null
 java.util.List getAffectedAclIDs(IAclPermission permission)
          get a list of all IDs of ACLs which use a permission
 IClusterCacheArea getCacheArea()
           
 long getDBVersion()
          Returns a value representing the state (timestamp or modifycounter) of all persisted acl entries.
 IAclPermission getPermission(java.lang.String name)
          get the IAclPermission object of the (supported) permission with a given name
 IObjectTypeList getSupportedObjectTypes()
          get a list of supported object types
 IAclPermissionList getSupportedPermissions(IObjectType objectType)
          get a list of permissions which are supported for a specific object type
 boolean isPermissionUsedInAcl(IAclPermission permission)
          check whether a permission is used in an ACL
 boolean isReadOnly()
          check whether IAclManager is read only (no creation or modification of ACLs is allowed)
 boolean removeAcl(com.sapportals.portal.security.usermanagement.IUMPrincipal caller, IAcl acl)
          remove a specific ACL
 boolean removeAcl(com.sapportals.portal.security.usermanagement.IUMPrincipal caller, java.lang.String aclID)
          remove a specific ACL
 void removeMultipleAcls(java.lang.String aclIdPrefix)
          remove multiple ACLs ("recursive deletion") - does not remove the root ACL (call removeAcl() for the root node previously to remove the root ACL and to check for authorization)
 boolean removePermission(IAclPermission permission)
          remove a permission - a permission can only be removed if it is not predefined and not used in an ACL
 boolean removeSupportedPermission(IObjectType objectType, IAclPermission permission)
          remove the assignment of a permission to an object type
 void updatePrincipal(java.lang.String principalID, int principalType)
          update a principal - remove related entries from caches
 

Method Detail

createAclEntry

public IAclEntry createAclEntry(com.sapportals.portal.security.usermanagement.IUMPrincipal principal,
                                boolean negative,
                                IAclPermission permission,
                                int sortIndex,
                                boolean propagate)
                         throws AclPersistenceException,
                                InvalidClassException
create a new ACE to grant or deny a permission to a principal
Parameters:
principal - the principal
negative - true if the ACE denies a permission, false if it grants
permission - the permission
sortIndex - the position of the ACE in the ACL
propagate - TBD: Description of the incoming method parameter
Returns:
the newly created ACE
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
InvalidClassException - the permission was created by a foreign resource acl manager

createAcl

public IAcl createAcl(com.sapportals.portal.security.usermanagement.IUMPrincipal owner,
                      java.lang.String aclID,
                      IObjectType objectType)
               throws AclPersistenceException,
                      AclExistsException
create a new ACL
Parameters:
owner - the initial owner of the ACL
aclID - the ID of the new ACL
objectType - the type of object the ACL is for
Returns:
the newly created ACL
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
AclExistsException - an ACL with the same ID already exists

getAcl

public IAcl getAcl(java.lang.String aclID,
                   long contextDBVersion)
            throws AclPersistenceException
get a specific ACL
Parameters:
aclID - ID of the ACL
contextDBVersion - TBD: Description of the incoming method parameter
Returns:
the ACL with the given ID or null
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

getAcls

public IAcl[] getAcls(java.lang.String[] aclIDs)
               throws AclPersistenceException
get multiple ACLs; set the ACLs as values of the HashMap; if no ACL is assigned to an ID the value will be null
Parameters:
aclIDs - IDs of the ACLs
Returns:
acls
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

checkPermissions

public boolean[] checkPermissions(IAcl[] acls,
                                  com.sapportals.portal.security.usermanagement.IUMPrincipal principal,
                                  IAclPermission[] permissions)
                           throws AclPersistenceException
check multiple ACL permissions
Parameters:
acls - ACLs to check
principal - the user or group
permissions - requested permissions
Returns:
array elements are true for grant on corresponding acl, otherwise false
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

removeAcl

public boolean removeAcl(com.sapportals.portal.security.usermanagement.IUMPrincipal caller,
                         java.lang.String aclID)
                  throws AclPersistenceException,
                         NotAuthorizedException
remove a specific ACL
Parameters:
caller - a principal which must be an owner of the ACL
aclID - ID of the ACL
Returns:
true iff the ACL did exist and was removed
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
NotAuthorizedException - the caller is not an owner of the ACL

removeAcl

public boolean removeAcl(com.sapportals.portal.security.usermanagement.IUMPrincipal caller,
                         IAcl acl)
                  throws AclPersistenceException,
                         InvalidClassException,
                         NotAuthorizedException
remove a specific ACL
Parameters:
caller - a principal which must be an owner of the ACL
acl - the subject of removal
Returns:
true iff the ACL did exist and was removed
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
NotAuthorizedException - the caller is not an owner of the ACL
InvalidClassException - Exception raised in failure situation

deletePrincipal

public void deletePrincipal(java.lang.String principalID,
                            int principalType)
                     throws AclPersistenceException
delete a principal - delete all ACEs which are subject to this principal - remove the principal from all ACL owner lists - if the principal is the last owner of an ACL, remove the ACL
Parameters:
principalID - the principal's ID
principalType - type of the principal (from IUMPrincipal)
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

updatePrincipal

public void updatePrincipal(java.lang.String principalID,
                            int principalType)
                     throws AclPersistenceException
update a principal - remove related entries from caches
Parameters:
principalID - the principal's ID
principalType - type of the principal (from IUMPrincipal)
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

getSupportedObjectTypes

public IObjectTypeList getSupportedObjectTypes()
                                        throws AclPersistenceException
get a list of supported object types
Returns:
the supported object types
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

getSupportedPermissions

public IAclPermissionList getSupportedPermissions(IObjectType objectType)
                                           throws AclPersistenceException
get a list of permissions which are supported for a specific object type
Parameters:
objectType - the object type
Returns:
the permissions
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

getPermission

public IAclPermission getPermission(java.lang.String name)
                             throws AclPersistenceException
get the IAclPermission object of the (supported) permission with a given name
Parameters:
name - the name of the permission
Returns:
the IAclPermission object
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

addSupportedPermission

public boolean addSupportedPermission(IObjectType objectType,
                                      IAclPermission permission)
                               throws AclPersistenceException,
                                      PredefinedPermissionException
assign a permission to an object type
Parameters:
objectType - the object type
permission - the permission
Returns:
true iff the permission was assigned successfully
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
PredefinedPermissionException - the permission is predefined and thus not allowed to be changed

removeSupportedPermission

public boolean removeSupportedPermission(IObjectType objectType,
                                         IAclPermission permission)
                                  throws AclPersistenceException,
                                         PredefinedPermissionException,
                                         PermissionUsedException
remove the assignment of a permission to an object type
Parameters:
objectType - the object type
permission - the permission
Returns:
true iff the assignment was removed successfully
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
PredefinedPermissionException - the permission is predefined and thus not allowed to be changed
PermissionUsedException - Exception raised in failure situation

createPermission

public IAclPermission createPermission(java.lang.String name)
                                throws AclPersistenceException,
                                       PermissionExistsException
create a new permission (the permission can not be used until it is assigned to an object type by calling the addSupportedPermission() method)
Parameters:
name - the permission name
Returns:
the newly created permission
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
PermissionExistsException - a permission with that name exists already

removePermission

public boolean removePermission(IAclPermission permission)
                         throws AclPersistenceException,
                                PredefinedPermissionException,
                                PermissionUsedException
remove a permission - a permission can only be removed if it is not predefined and not used in an ACL
Parameters:
permission - the permission
Returns:
true iff the permission was removed successfully
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
PredefinedPermissionException - the permission is predefined and thus not allowed to be changed
PermissionUsedException - the permission is used in some ACL and thus not allowed to be changed

isPermissionUsedInAcl

public boolean isPermissionUsedInAcl(IAclPermission permission)
                              throws AclPersistenceException
check whether a permission is used in an ACL
Parameters:
permission - the permission
Returns:
true iff the permission is used in an ACL
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

getAffectedAclIDs

public java.util.List getAffectedAclIDs(IAclPermission permission)
                                 throws AclPersistenceException
get a list of all IDs of ACLs which use a permission
Parameters:
permission - the permission
Returns:
the list of accected ACL IDs (Strings)
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

changeAclID

public boolean changeAclID(com.sapportals.portal.security.usermanagement.IUMPrincipal caller,
                           IAcl acl,
                           java.lang.String newID)
                    throws AclPersistenceException,
                           NotAuthorizedException,
                           AclExistsException
change the ID of an ACL ("rename")
Parameters:
caller - a principal which must be an owner of the ACL
acl - the ACL
newID - the new ID of the ACL
Returns:
true iff the ID has been changed successfully
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
NotAuthorizedException - Exception raised in failure situation
AclExistsException - Exception raised in failure situation

changeMultipleAclIDs

public void changeMultipleAclIDs(java.lang.String oldAclIdPrefix,
                                 java.lang.String newAclIdPrefix)
                          throws AclPersistenceException,
                                 AclExistsException
change the ID of multiple ACLs ("recursive rename") - does not change the root ACL (call changeAclID() for the root node previously to change the root ACL and to check for authorization)
Parameters:
oldAclIdPrefix - prefix of the old ACL IDs
newAclIdPrefix - prefix of the new ACL IDs
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred
AclExistsException - Exception raised in failure situation

removeMultipleAcls

public void removeMultipleAcls(java.lang.String aclIdPrefix)
                        throws AclPersistenceException
remove multiple ACLs ("recursive deletion") - does not remove the root ACL (call removeAcl() for the root node previously to remove the root ACL and to check for authorization)
Parameters:
aclIdPrefix - prefix of the ACL IDs to be deleted
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

isReadOnly

public boolean isReadOnly()
                   throws AclPersistenceException
check whether IAclManager is read only (no creation or modification of ACLs is allowed)
Returns:
true iff the IAclManager is read only
Throws:
AclPersistenceException - a problem with the storage where the ACLs are persisted occurred

areAclsUpToDate

public boolean[] areAclsUpToDate(IAcl[] acls)
                          throws AclPersistenceException
check whether the ACLs are up to date (compared to the database)
Parameters:
acls - the ACLs to check
Returns:
a boolean array containing true for the ACLs which are up to date
Throws:
AclPersistenceException - Exception raised in failure situation

getDBVersion

public long getDBVersion()
Returns a value representing the state (timestamp or modifycounter) of all persisted acl entries. If a negative number is returned this method is not supported or an error occured.
Returns:
dBVersion

getCacheArea

public IClusterCacheArea getCacheArea()
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver '04
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
Copyright © 2004 by SAP AG. All Rights Reserved.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.