Package com.sapportals.wcm.util.acl

Contains interfaces for ACLs and AclManagers with definitions for permissions, ACLs and ACL entries.

See:
          Description

Interface Summary
IAcl An IAcl is a Access Control List which defines the access permissions to an object.
IAcl4Tx A IAclRaw is a IAcl which also supports the retrieval of deleted owners and ACEs for deleted principals.
IAclEntry An IAclEntry is an entry in an IAcl which grants or denies a permission to a specific principal.
IAclEntryList An IAclEntryList is a list of IAclEntry s.
IAclEntryListIterator An IAclEntryListIterator is an iterator for an IAclEntryList .
IAclEntryRaw Tagging interface to mark an IAclEntry/ as an ACE for a deleted principal.
IAclManager An IAclManager administers and persists Access Control Lists (ACLs).
IAclManager4Tx A IAclManagerRaw extends a IAclManager by methods to access even those ACLs with either deleted owners or deleted principals in the ACL's ACEs.
IAclManagerRaw A IAclManagerRaw extends a IAclManager by methods to access even those ACLs with either deleted owners or deleted principals in the ACL's ACEs.
IAclPermission An IAclPermission denominates a set of actions that can be carried out on an object and can be granted or denied to a principal.
IAclPermissionList An IAclPermissionList is a list of IAclPermission s.
IAclPermissionListIterator An IAclPermissionListIterator is an iterator for an IAclPermissionList .
IAclProvidingDBVersion THIS IS AN INTERNAL INTERFACE AND SHOULD NOT BE IMPLEMENTED BY CUSTOMERS.
IAclRaw A IAclRaw is a IAcl which also supports the retrieval of deleted owners and ACEs for deleted principals.
IAclVersioned A IAclVersioned is an IAcl which also provides the version of the acl.
IObjectType An IObjectType is specifies the possible type of an object, an ACL can be assigned to.
IObjectTypeList An IObjectTypeList is a list of IObjectType s.
IObjectTypeListIterator An IObjectTypeListIterator is an iterator for an IObjectTypeList .
IOwner An IOwner holds a list of principals that are the owners of an ACL.
IPrincipalRaw A marker interface for unchecked (eventually non-existing) IPrincipals
IUMPrincipalList Deprecated. As of NetWeaver 7.1, methods previously returning an IUMPrincipalList, will now return a simple java.util.List, which contains objects of type com.sap.security.api.IPrincipal.
IUMPrincipalListIterator Deprecated. As of NetWeaver 7.1, methods previously returning an IUMPrincipalList, will now return a simple java.util.List, which contains objects of type com.sap.security.api.IPrincipal.
IUMPrincipalRaw An IUMPrincipalList is a list of IUMPrincipals .
 

Class Summary
AclEntryList Default implementation of an IAclEntryList , a list of IAclEntry s.
AclEntryListIterator Default implementation of an IAclEntryListIterator , an iterator for IAclEntryList s.
AclManagerFactory The factory which creates IAclManager s.
AclPermissionImpl An abstract base class for IAclPermission implementations.
AclPermissionList Default implementation of an IAclPermissionList , a list of IAclPermission s.
AclPermissionListIterator Default implementation of an IAclPermissionListIterator , an iterator for IAclPermissionList s.
AclPrinter This Util class pretty-prints ACLs or parts of ACLs.
ObjectType The default implementation for IObjectType s, the type of an object associated to an IAcl .
ObjectTypeList Default implementation of an IObjectTypeList , a list of IObjectType s.
ObjectTypeListIterator Default implementation of an IObjectTypeListIterator , an iterator for IObjectTypeList s.
PrincipalRaw Deprecated. As of NetWeaver 7.1, do not use this class anymore!
UMPrincipalList Deprecated. As of NetWeaver 7.1, methods previously returning an IUMPrincipalList, will now return a simple java.util.List, which contains objects of type com.sap.security.api.IPrincipal.
UMPrincipalListIterator Deprecated. As of NetWeaver 7.1, methods previously returning an IUMPrincipalList, will now return a simple java.util.List, which contains objects of type com.sap.security.api.IPrincipal.
UMPrincipalRaw special implementation for a non existing user, tagged by IUMPrincipalRaw.
UMPrincipalRaw.TypeInfo  
 

Exception Summary
AclException Superclass for all exceptions thrown by IAcl s, IAclEntry s and IAclManager .
AclExistsException An AclException that indicates that a specific IAcl already exists.
AclLoadClassException An AclException that indicates that a IAclManager could not be loaded by the AclManagerFactory .
AclNotFoundException An AclException that indicates that a specific IAcl was not found.
AclPersistenceException An AclException that indicates that an error occured during access of the IAclManager 's persistence layer.
AclReadOnlyModeException A ReadOnlyModeException that indicates that an error occured during access of the IAclManager 's persistence layer because the readonly mode is active preventing any write operations.
AlreadyAssignedToAclException An AclException that indicates that a specific IAclEntry is already assigned to an IAcl .
InvalidClassException An AclException that indicates that the classname given for IAclManager is invalid.
InvalidConfigException An AclException that indicates that the config-id for a IAclManager is not valid for within the AclManagerFactory .
LastOwnerException An AclException that indicates that a principal is the last owner of an IAcl and can not be removed.
NoAclException No longer used.
NotAuthenticatedException An AclException that indicates that a principal is not authenticated.
NotAuthorizedException An AclException that indicates that a principal is not authorized.
PermissionExistsException An AclException that indicates that a specific IAclPermission already exists.
PermissionNotSupportedException An AclException that indicates that a specific IAclPermission is not supported by the IAclManager .
PermissionUsedException An AclException that indicates that a specific IAclPermission is used and can not be removed.
PredefinedPermissionException An AclException that indicates that a specific IAclPermission is predefined by the IAclManager .
 

Package com.sapportals.wcm.util.acl Description

Contains interfaces for ACLs and AclManagers with definitions for permissions, ACLs and ACL entries.

Package Specification

Purpose

With ACLs (Access Control Lists) specific Permissions can be stored for a given Object (e.g. a document).
An ACL consists of ACEs (ACl Entries). Such an ACLEntry defines, which principal (e.g. user 'admin') is given which permission (e.g. 'read').
An AclManager is responsible for storing and retrieving the ACLs.
The configured and available AclManagers are retrieved through the AclManagerFactory.

Installation

Since the AclManagerFactory maintains the available AclManagers, each instance of an AclManager has to be defined within the AclManagerFactory's configuration with the following variables:

PropertyRequiredDescription
classyes The classname of the AclManager to use (e.g. com.sapportals.wcm.util.acl.jdbc.JDBCAclManager to use the default implementation).
cfgyes The configuration block to use for this manager (see below).
Usualy this is either acl_jdbc_rep_mgr for the AclManager for the repository ACLs, or acl_jdbc_service_mgr for the AclManager for service ACLs (see below).

The default implementation for AclManagers, the JDBCAclManager, has to be configured using the following variables:

PropertyRequiredDescription
poolidyes The id of the connection pool, which identifies the database where the ACLs are stored.
cacheidno The id of the cache to use for caching the ACLs (usualy ca_cm_xxx_acl, where xxx is rep for the AclManager for repository ACLs and srv for the AclManager for the service ACLs).
Allthough this variable is optional, it is not recommended to leave it blank, because doing so will disable caching of the ACLs and thus leading to a significant performance slowdown!
permission_cacheidno The id of the cache to use for caching the Permissions (usualy ca_cm_xxx_acl_perm, where xxx is rep for the AclManager for repository ACLs and srv for the AclManager for the service ACLs).
Allthough this variable is optional, it is not recommended to leave it blank, because doing so will disable caching of the persmission and thus leading to a drastic  performance slowdown!

The following is a sample configuration entry for the AclManager for repository ACLs:

poolid = dbcon_rep
cacheid = ca_cm_rep_acl
permission_cacheid = ca_cm_rep_acl_perm

Implementation notes

Issues

Related Documentation



Copyright 2014 SAP AG Complete Copyright Notice