See: Description
| Interface | Description |
|---|---|
| IAcl |
An
IAcl is a Access Control List which defines the access
permissions to an object. |
| IAcl4Tx |
A
IAclRaw is a IAcl which also supports the
retrieval of deleted owners and ACEs for deleted principals. |
| IAclEntry |
An
IAclEntry is an entry in an IAcl which grants or
denies a permission to a specific principal. |
| IAclEntryList |
An
IAclEntryList is a list of IAclEntry s. |
| IAclEntryListIterator |
An
IAclEntryListIterator is an iterator for an
IAclEntryList . |
| IAclEntryRaw |
Tagging interface to mark an
IAclEntry/ |
| IAclManager |
An
IAclManager administers and persists Access Control Lists
(ACLs). |
| IAclManager4Tx |
A
IAclManagerRaw extends a IAclManager by
methods to access even those ACLs with either deleted owners or
deleted principals in the ACL's ACEs. |
| IAclManagerRaw |
A
IAclManagerRaw extends a IAclManager by
methods to access even those ACLs with either deleted owners or
deleted principals in the ACL's ACEs. |
| IAclPermission |
An
IAclPermission denominates a set of actions that can be
carried out on an object and can be granted or denied to a principal. |
| IAclPermissionList |
An
IAclPermissionList is a list of IAclPermission
s. |
| IAclPermissionListIterator |
An
IAclPermissionListIterator is an iterator for an
IAclPermissionList . |
| IAclProvidingDBVersion |
THIS IS AN INTERNAL INTERFACE AND SHOULD NOT BE IMPLEMENTED BY CUSTOMERS.
|
| IAclRaw |
A
IAclRaw is a IAcl which also supports the
retrieval of deleted owners and ACEs for deleted principals. |
| IAclVersioned |
A
IAclVersioned is an IAcl which also provides
the version of the acl. |
| IObjectType |
An
IObjectType is specifies the possible type of an object, an
ACL can be assigned to. |
| IObjectTypeList |
An
IObjectTypeList is a list of IObjectType s. |
| IObjectTypeListIterator |
An
IObjectTypeListIterator is an iterator for an
IObjectTypeList . |
| IOwner |
An
IOwner holds a list of principals that are the owners of an
ACL. |
| IPrincipalRaw |
A marker interface for unchecked (eventually non-existing)
IPrincipals |
| IUMPrincipalList | Deprecated
As of NetWeaver 7.1, methods previously returning an IUMPrincipalList, will now return a simple
java.util.List,
which contains objects of type com.sap.security.api.IPrincipal. |
| IUMPrincipalListIterator | Deprecated
As of NetWeaver 7.1, methods previously returning an IUMPrincipalList, will now return a simple
java.util.List,
which contains objects of type com.sap.security.api.IPrincipal. |
| IUMPrincipalRaw |
An
IUMPrincipalList is a list of IUMPrincipals . |
| Class | Description |
|---|---|
| AclEntryList |
Default implementation of an
IAclEntryList , a list of
IAclEntry s. |
| AclEntryListIterator |
Default implementation of an
IAclEntryListIterator , an iterator
for IAclEntryList s. |
| AclManagerFactory |
The factory which creates
IAclManager s. |
| AclPermissionImpl |
An abstract base class for
IAclPermission implementations. |
| AclPermissionList |
Default implementation of an
IAclPermissionList , a list of
IAclPermission s. |
| AclPermissionListIterator |
Default implementation of an
IAclPermissionListIterator , an
iterator for IAclPermissionList s. |
| AclPrinter |
This Util class pretty-prints ACLs or parts of ACLs.
|
| ObjectType |
The default implementation for
IObjectType s, the type of an
object associated to an IAcl . |
| ObjectTypeList |
Default implementation of an
IObjectTypeList , a list of
IObjectType s. |
| ObjectTypeListIterator |
Default implementation of an
IObjectTypeListIterator , an
iterator for IObjectTypeList s. |
| PrincipalRaw | Deprecated
As of NetWeaver 7.1, do not use this class anymore!
|
| UMPrincipalList | Deprecated
As of NetWeaver 7.1, methods previously returning an IUMPrincipalList, will now return a simple
java.util.List,
which contains objects of type com.sap.security.api.IPrincipal. |
| UMPrincipalListIterator | Deprecated
As of NetWeaver 7.1, methods previously returning an IUMPrincipalList, will now return a simple
java.util.List,
which contains objects of type com.sap.security.api.IPrincipal. |
| UMPrincipalRaw |
special implementation for a non existing user, tagged by
IUMPrincipalRaw. |
| UMPrincipalRaw.TypeInfo |
| Exception | Description |
|---|---|
| AclException |
Superclass for all exceptions thrown by
IAcl s, IAclEntry
s and IAclManager . |
| AclExistsException |
An
AclException that indicates that a specific IAcl
already exists. |
| AclLoadClassException |
An
AclException that indicates that a IAclManager
could not be loaded by the AclManagerFactory . |
| AclNotFoundException |
An
AclException that indicates that a specific IAcl
was not found. |
| AclPersistenceException |
An
AclException that indicates that an error occured during
access of the IAclManager 's persistence layer. |
| AclReadOnlyModeException |
A
ReadOnlyModeException that indicates that an error occured during
access of the IAclManager 's persistence layer because the
readonly mode is active preventing any write operations. |
| AlreadyAssignedToAclException |
An
AclException that indicates that a specific IAclEntry
is already assigned to an IAcl . |
| InvalidClassException |
An
AclException that indicates that the classname given for
IAclManager is invalid. |
| InvalidConfigException |
An
AclException that indicates that the config-id for a
IAclManager is not valid for within the AclManagerFactory
. |
| LastOwnerException |
An
AclException that indicates that a principal is the last
owner of an IAcl and can not be removed. |
| NoAclException |
No longer used.
|
| NotAuthenticatedException |
An
AclException that indicates that a principal is not
authenticated. |
| NotAuthorizedException |
An
AclException that indicates that a principal is not
authorized. |
| PermissionExistsException |
An
AclException that indicates that a specific
IAclPermission already exists. |
| PermissionNotSupportedException |
An
AclException that indicates that a specific
IAclPermission is not supported by the IAclManager . |
| PermissionUsedException |
An
AclException that indicates that a specific
IAclPermission is used and can not be removed. |
| PredefinedPermissionException |
An
AclException that indicates that a specific
IAclPermission is predefined by the IAclManager . |
With ACLs (Access Control Lists) specific Permissions can be
stored for a given Object (e.g. a document).
An ACL consists of ACEs (ACl Entries). Such an ACLEntry defines,
which principal (e.g. user 'admin') is given which permission (e.g. 'read').
An AclManager is responsible for storing and retrieving the ACLs.
The configured and available AclManagers are retrieved through the
AclManagerFactory.
Since the AclManagerFactory maintains the available AclManagers, each instance of an AclManager has to be defined within the AclManagerFactory's configuration with the following variables:
| Property | Required | Description |
class | yes |
The classname of the AclManager to use (e.g. com.sapportals.wcm.util.acl.jdbc.JDBCAclManager
to use the default implementation).
|
cfg | yes |
The configuration block to use for this manager (see below). Usualy this is either acl_jdbc_rep_mgr for the AclManager for the repository
ACLs, or acl_jdbc_service_mgr for the AclManager for service ACLs (see below).
|
The default implementation for AclManagers, the JDBCAclManager, has to be
configured using the following variables:
| Property | Required | Description |
poolid | yes | The id of the connection pool, which identifies the database where the ACLs are stored. |
cacheid | no |
The id of the cache to use for caching the ACLs (usualy ca_cm_xxx_acl,
where xxx is rep for the AclManager for repository ACLs and srv for the
AclManager for the service ACLs).Allthough this variable is optional, it is not recommended to leave it blank, because doing so will disable caching of the ACLs and thus leading to a significant performance slowdown! |
permission_cacheid | no |
The id of the cache to use for caching the Permissions (usualy ca_cm_xxx_acl_perm,
where xxx is rep for the AclManager for repository ACLs and srv for the
AclManager for the service ACLs).Allthough this variable is optional, it is not recommended to leave it blank, because doing so will disable caching of the persmission and thus leading to a drastic performance slowdown! |
The following is a sample configuration entry for the AclManager for repository ACLs:
poolid = dbcon_rep
cacheid = ca_cm_rep_acl
permission_cacheid = ca_cm_rep_acl_perm
Copyright 2018 SAP AG Complete Copyright Notice