Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver 7.30 SP01 KMC
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
com.sap.netweaver.bc.rf.mi.security

Class SecurityChecker

java.lang.Object
  extended by com.sap.netweaver.bc.rf.mi.security.SecurityChecker

public final class SecurityChecker
extends Object

Checks permissions for authorizing operations on resources by a repository manager implementation. This class should be used by repository implementations to ensure compliant behaviour when doing permission checks with the SAP ACL Security Manager for the predefined ACL permissions. Repositories should use this class instead of calling isAllowed() directly at the security manager. The checkXXX() methods will throw a AccessDeniedException if the user does not have the needed permission(s).

Usage example for a repository's delete() method: public void delete(IResource resource) throws ResourceException, NotSupportedException, AccessDeniedException { this.getSecurityChecker().checkDelete(resource); // ... }

Method Summary
 void checkCopy(IResourceHandle resource)
          Checks permissions for copying of resource.
 void checkCreateChild(IResourceHandle resource, boolean position)
          Checks permissions for creating a child with optional position.
 void checkDelete(IResourceHandle resource)
          Checks permissions for delete of resource.
 void checkDelete(IResourceHandle parentCollection, IResourceHandle resource)
          Checks permissions for delete of resource.
 void checkListChildren(IResourceHandle resource)
          Checks permissions for listing children.
 void checkLock(IResourceHandle resource)
          Checks permissions for lock/unlock of resource.
 void checkModifyAll(IResourceHandle resource)
          Checks permissions for content and property modification.
 void checkModifyContent(IResourceHandle resource)
          Checks permissions for content modification.
 void checkModifyProperties(IResourceHandle resource)
          Checks permissions for property modification.
 void checkReadAll(IResourceHandle resource)
          Checks permissions for content and property access.
 void checkReadContent(IResourceHandle resource)
          Checks permissions for content access.
 void checkReadProperties(IResourceHandle resource)
          Checks permissions for property access.
 Map checkReadProperties(Set resourceHandles)
          Checks permissions for property access.
 void checkRemoveChild(IResourceHandle resource)
          Checks permissions for removing a child.
 void checkRenameChild(IResourceHandle resource)
          Checks permissions for renaming a child.
static SecurityChecker getInstance(IManager rm)
           
 boolean isNecessary()
          Return if checking of permissions is necessary.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

getInstance

public static SecurityChecker getInstance(IManager rm)
                                   throws ResourceException
Throws:
ResourceException

isNecessary

public boolean isNecessary()
Return if checking of permissions is necessary. If this is false, then this checker will never throw any AccessDeniedExceptions.

Returns:
if checking of permissions is necessary.

checkReadProperties

public void checkReadProperties(IResourceHandle resource)
                         throws ResourceException,
                                AccessDeniedException
Checks permissions for property access.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkReadProperties

public Map checkReadProperties(Set resourceHandles)
                        throws ResourceException,
                               AccessDeniedException
Checks permissions for property access.

Parameters:
resource - to check on
Returns:
Returns a map with IRid->AccessDeniedException mapping for all resources where the user is missing the needed permissions.
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkReadContent

public void checkReadContent(IResourceHandle resource)
                      throws ResourceException
Checks permissions for content access.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkReadAll

public void checkReadAll(IResourceHandle resource)
                  throws ResourceException,
                         AccessDeniedException
Checks permissions for content and property access.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkListChildren

public void checkListChildren(IResourceHandle resource)
                       throws ResourceException,
                              AccessDeniedException
Checks permissions for listing children.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkCreateChild

public void checkCreateChild(IResourceHandle resource,
                             boolean position)
                      throws ResourceException,
                             AccessDeniedException
Checks permissions for creating a child with optional position.

Parameters:
resource - to check on
position - true if the createXXX() call uses position information
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkRemoveChild

public void checkRemoveChild(IResourceHandle resource)
                      throws ResourceException,
                             AccessDeniedException
Checks permissions for removing a child.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkRenameChild

public void checkRenameChild(IResourceHandle resource)
                      throws ResourceException,
                             AccessDeniedException
Checks permissions for renaming a child.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkModifyProperties

public void checkModifyProperties(IResourceHandle resource)
                           throws ResourceException,
                                  AccessDeniedException
Checks permissions for property modification.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkModifyContent

public void checkModifyContent(IResourceHandle resource)
                        throws ResourceException,
                               AccessDeniedException
Checks permissions for content modification.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkModifyAll

public void checkModifyAll(IResourceHandle resource)
                    throws ResourceException,
                           AccessDeniedException
Checks permissions for content and property modification.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkDelete

public void checkDelete(IResourceHandle resource)
                 throws ResourceException,
                        AccessDeniedException
Checks permissions for delete of resource.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkDelete

public void checkDelete(IResourceHandle parentCollection,
                        IResourceHandle resource)
                 throws ResourceException,
                        AccessDeniedException
Checks permissions for delete of resource.

Parameters:
parentCollection - the parent of the to be removed resource
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkLock

public void checkLock(IResourceHandle resource)
               throws ResourceException,
                      AccessDeniedException
Checks permissions for lock/unlock of resource.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure

checkCopy

public void checkCopy(IResourceHandle resource)
               throws ResourceException,
                      AccessDeniedException
Checks permissions for copying of resource.

Parameters:
resource - to check on
Throws:
AccessDeniedException - on insufficient permissions
ResourceException - on failure
Access Rights

This class can be accessed from:







SC


DC

Public Part

ACH






[sap.com] KMC-WPC


[sap.com] tc/kmc/wpc/wpcfacade


api


EP-PIN-WPC-WCM






[sap.com] KMC-CM


[sap.com] tc/km/frwk


api


EP-KM-CM





















  

      Overview 
      Package 
    Class 
      Use 
      Tree 
      Deprecated 
      Index 
      Help 
  





SAP NetWeaver 7.30 SP01 KMC







 PREV CLASS 
 NEXT CLASS

  FRAMES   
 NO FRAMES   
 









  SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD









Copyright 2011 SAP AG Complete Copyright Notice