de.hybris.platform.webservices

Class AccessManagerSecurityStrategy

java.lang.Object

de.hybris.platform.webservices.AbstractSecurityStrategy

de.hybris.platform.webservices.AccessManagerSecurityStrategy

All Implemented Interfaces:

SecurityStrategy

public class AccessManagerSecurityStrategy
extends AbstractSecurityStrategy

WS security system is integrated with a type based (hmc managed) security configuration.

Constructor Summary

Constructors

Constructor and Description
AccessManagerSecurityStrategy()

Method Summary

Modifier and Type	Method and Description
boolean	isAttributeOperationAllowed(java.lang.Class<?> objectClass, java.lang.String attrQualifier, java.lang.String operation) Method checks whether current session user has permission to work with specified attribute for the specified access operation.
boolean	isDtoOperationAllowed(java.lang.Class<?> objectClass, java.lang.String operation) Method checks whether current session user has permission to work with current processed dto for the specified access operation.
boolean	isResourceCommandAllowed(RestResource resource, java.lang.String command) Method checks whether current session user has permission to execute specified command on current resource.
boolean	isResourceOperationAllowed(RestResource resource, java.lang.String operation) Method checks whether current session user has permission to work with current resource for the specified access operation.

Methods inherited from class de.hybris.platform.webservices.AbstractSecurityStrategy

getComposedType, getModelService, getOperation, performDtoReadOperationAllowed, setModelService

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AccessManagerSecurityStrategy

public AccessManagerSecurityStrategy()

Method Detail

isResourceOperationAllowed

public boolean isResourceOperationAllowed(RestResource resource,
                                          java.lang.String operation)

Description copied from interface: SecurityStrategy

Method checks whether current session user has permission to work with current resource for the specified access operation.

Parameters:

resource - The requested resource which will be checked.

operation - The read, change, create or remove access operations.

Returns:

true if allowed.

isDtoOperationAllowed

public boolean isDtoOperationAllowed(java.lang.Class<?> objectClass,
                                     java.lang.String operation)

Description copied from interface: SecurityStrategy

Method checks whether current session user has permission to work with current processed dto for the specified access operation.

Parameters:

objectClass - The dto class which will be checked.

operation - The read, change, create or remove access operations.

Returns:

true if allowed.

isAttributeOperationAllowed

public boolean isAttributeOperationAllowed(java.lang.Class<?> objectClass,
                                           java.lang.String attrQualifier,
                                           java.lang.String operation)

Description copied from interface: SecurityStrategy

Method checks whether current session user has permission to work with specified attribute for the specified access operation.

Parameters:

objectClass - The dto class that contains the attribute which will be checked.

attrQualifier - The attribute which will be checked.

operation - The read or change operations.

Returns:

true if allowed.

isResourceCommandAllowed

public boolean isResourceCommandAllowed(RestResource resource,
                                        java.lang.String command)

Description copied from interface: SecurityStrategy

Method checks whether current session user has permission to execute specified command on current resource.

Parameters:

resource - The requested resource which will be checked.

command - The command which will be checked.

Returns:

true if allowed.