com.sap.netweaver.bc.rf.mi.security

Class SecurityChecker

java.lang.Object
  com.sap.netweaver.bc.rf.mi.security.SecurityChecker

public final class SecurityChecker

extends Object

Checks permissions for authorizing operations on resources by a repository manager implementation. This class should be used by repository implementations to ensure compliant behaviour when doing permission checks with the SAP ACL Security Manager for the predefined ACL permissions. Repositories should use this class instead of calling isAllowed() directly at the security manager. The checkXXX() methods will throw a AccessDeniedException if the user does not have the needed permission(s).

Usage example for a repository's delete() method: public void delete(IResource resource) throws ResourceException, NotSupportedException, AccessDeniedException { this.getSecurityChecker().checkDelete(resource); // ... }

Method Summary

void	checkCopy(IResourceHandle resource) Checks permissions for copying of resource.
void	checkCreateChild(IResourceHandle resource, boolean position) Checks permissions for creating a child with optional position.
void	checkDelete(IResourceHandle resource) Checks permissions for delete of resource.
void	checkDelete(IResourceHandle parentCollection, IResourceHandle resource) Checks permissions for delete of resource.
void	checkListChildren(IResourceHandle resource) Checks permissions for listing children.
void	checkLock(IResourceHandle resource) Checks permissions for lock/unlock of resource.
void	checkModifyAll(IResourceHandle resource) Checks permissions for content and property modification.
void	checkModifyContent(IResourceHandle resource) Checks permissions for content modification.
void	checkModifyProperties(IResourceHandle resource) Checks permissions for property modification.
void	checkReadAll(IResourceHandle resource) Checks permissions for content and property access.
void	checkReadContent(IResourceHandle resource) Checks permissions for content access.
void	checkReadProperties(IResourceHandle resource) Checks permissions for property access.
void	checkRemoveChild(IResourceHandle resource) Checks permissions for removing a child.
void	checkRenameChild(IResourceHandle resource) Checks permissions for renaming a child.
static SecurityChecker	getInstance(IManager rm)
boolean	isNecessary() Return if checking of permissions is necessary.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static SecurityChecker getInstance(IManager rm)
                                   throws ResourceException

Throws:

ResourceException

isNecessary

public boolean isNecessary()

Return if checking of permissions is necessary. If this is false, then this checker will never throw any AccessDeniedExceptions.

Returns:

if checking of permissions is necessary.

checkReadProperties

public void checkReadProperties(IResourceHandle resource)
                         throws ResourceException,
                                AccessDeniedException

Checks permissions for property access.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkReadContent

public void checkReadContent(IResourceHandle resource)
                      throws ResourceException

Checks permissions for content access.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkReadAll

public void checkReadAll(IResourceHandle resource)
                  throws ResourceException,
                         AccessDeniedException

Checks permissions for content and property access.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkListChildren

public void checkListChildren(IResourceHandle resource)
                       throws ResourceException,
                              AccessDeniedException

Checks permissions for listing children.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkCreateChild

public void checkCreateChild(IResourceHandle resource,
                             boolean position)
                      throws ResourceException,
                             AccessDeniedException

Checks permissions for creating a child with optional position.

Parameters:

resource - to check on

position - true if the createXXX() call uses position information

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkRemoveChild

public void checkRemoveChild(IResourceHandle resource)
                      throws ResourceException,
                             AccessDeniedException

Checks permissions for removing a child.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkRenameChild

public void checkRenameChild(IResourceHandle resource)
                      throws ResourceException,
                             AccessDeniedException

Checks permissions for renaming a child.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkModifyProperties

public void checkModifyProperties(IResourceHandle resource)
                           throws ResourceException,
                                  AccessDeniedException

Checks permissions for property modification.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkModifyContent

public void checkModifyContent(IResourceHandle resource)
                        throws ResourceException,
                               AccessDeniedException

Checks permissions for content modification.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkModifyAll

public void checkModifyAll(IResourceHandle resource)
                    throws ResourceException,
                           AccessDeniedException

Checks permissions for content and property modification.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkDelete

public void checkDelete(IResourceHandle resource)
                 throws ResourceException,
                        AccessDeniedException

Checks permissions for delete of resource.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkDelete

public void checkDelete(IResourceHandle parentCollection,
                        IResourceHandle resource)
                 throws ResourceException,
                        AccessDeniedException

Checks permissions for delete of resource.

Parameters:

parentCollection - the parent of the to be removed resource

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkLock

public void checkLock(IResourceHandle resource)
               throws ResourceException,
                      AccessDeniedException

Checks permissions for lock/unlock of resource.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure

checkCopy

public void checkCopy(IResourceHandle resource)
               throws ResourceException,
                      AccessDeniedException

Checks permissions for copying of resource.

Parameters:

resource - to check on

Throws:

AccessDeniedException - on insufficient permissions

ResourceException - on failure