com.orientechnologies.orient.core.security.symmetrickey

Class OSymmetricKeySecurity

java.lang.Object

com.orientechnologies.orient.core.security.symmetrickey.OSymmetricKeySecurity

All Implemented Interfaces:

OSecurityInternal

public class OSymmetricKeySecurity
extends Object
implements OSecurityInternal

Provides a symmetric key specific authentication. Implements an OSecurity interface that delegates to the specified OSecurity object.

This is used with embedded (non-server) databases, like so: db.setProperty(ODatabase.OPTIONS.SECURITY.toString(), OSymmetricKeySecurity.class);

Author:

S. Colin Leister

Constructor Summary

Constructors

Constructor and Description
OSymmetricKeySecurity(OSecurityInternal iDelegate)

Method Summary

Modifier and Type	Method and Description
OIdentifiable	allowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId)
OIdentifiable	allowRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iRoleName)
OIdentifiable	allowUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iUserName)
OUser	authenticate(ODatabaseSession session, OToken authToken)
OUser	authenticate(ODatabaseSession session, String username, String password)
boolean	canCreate(ODatabaseSession session, ORecord record)
boolean	canDelete(ODatabaseSession session, ORecord record)
boolean	canExecute(ODatabaseSession session, OFunction function)
boolean	canRead(ODatabaseSession session, ORecord record)
boolean	canUpdate(ODatabaseSession session, ORecord record)
void	close()
OUser	create(ODatabaseSession session)
void	createClassTrigger(ODatabaseSession session)
ORole	createRole(ODatabaseSession session, String iRoleName, ORole iParent, OSecurityRole.ALLOW_MODES iAllowMode)
ORole	createRole(ODatabaseSession session, String iRoleName, OSecurityRole.ALLOW_MODES iAllowMode)
OSecurityPolicy	createSecurityPolicy(ODatabaseSession session, String name) creates and saves an empty security policy
OUser	createUser(ODatabaseSession session, String iUserName, String iUserPassword, ORole... iRoles)
OUser	createUser(ODatabaseSession session, String iUserName, String iUserPassword, String... iRoles)
void	deleteSecurityPolicy(ODatabaseSession session, String name)
OIdentifiable	denyRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iRoleName)
OIdentifiable	denyUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iUserName)
OIdentifiable	disallowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId)
boolean	dropRole(ODatabaseSession session, String iRoleName)
boolean	dropUser(ODatabaseSession session, String iUserName)
Set<OSecurityResourceProperty>	getAllFilteredProperties(ODatabaseDocumentInternal database) returns the list of all the filtered properties (for any role defined in the db)
List<ODocument>	getAllRoles(ODatabaseSession session)
List<ODocument>	getAllUsers(ODatabaseSession session)
Set<String>	getFilteredProperties(ODatabaseSession session, ODocument document) For property-level security.
ORole	getRole(ODatabaseSession session, OIdentifiable iRole)
ORole	getRole(ODatabaseSession session, String iRoleName)
Map<String,OSecurityPolicy>	getSecurityPolicies(ODatabaseSession session, OSecurityRole role)
OSecurityPolicy	getSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource) Returns the security policy policy assigned to a role for a specific resource (not recursive on superclasses, nor on role hierarchy)
OSecurityPolicy	getSecurityPolicy(ODatabaseSession session, String name)
OUser	getUser(ODatabaseSession session, ORID iUserId)
OUser	getUser(ODatabaseSession session, String iUserName)
long	getVersion(ODatabaseSession session)
void	incrementVersion(ODatabaseSession session)
boolean	isAllowed(ODatabaseSession session, Set<OIdentifiable> iAllowAll, Set<OIdentifiable> iAllowOperation)
boolean	isAllowedWrite(ODatabaseSession session, ODocument document, String propertyName) For property-level security
boolean	isReadRestrictedBySecurityPolicy(ODatabaseSession session, String resource) checks if for current session a resource is restricted by security resources (ie.
void	load(ODatabaseSession session)
void	removeSecurityPolicy(ODatabaseSession session, ORole role, String resource) Removes security policy bound to a role for a specific resource
void	saveSecurityPolicy(ODatabaseSession session, OSecurityPolicy policy)
void	setSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource, OSecurityPolicy policy) Sets a security policy for a specific resource on a role
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

OSymmetricKeySecurity

public OSymmetricKeySecurity(OSecurityInternal iDelegate)

Method Detail

authenticate

public OUser authenticate(ODatabaseSession session,
                          String username,
                          String password)

Specified by:

authenticate in interface OSecurityInternal

isAllowed

public boolean isAllowed(ODatabaseSession session,
                         Set<OIdentifiable> iAllowAll,
                         Set<OIdentifiable> iAllowOperation)

Specified by:

isAllowed in interface OSecurityInternal

allowUser

public OIdentifiable allowUser(ODatabaseSession session,
                               ODocument iDocument,
                               ORestrictedOperation iOperationType,
                               String iUserName)

Specified by:

allowUser in interface OSecurityInternal

allowRole

public OIdentifiable allowRole(ODatabaseSession session,
                               ODocument iDocument,
                               ORestrictedOperation iOperationType,
                               String iRoleName)

Specified by:

allowRole in interface OSecurityInternal

denyUser

public OIdentifiable denyUser(ODatabaseSession session,
                              ODocument iDocument,
                              ORestrictedOperation iOperationType,
                              String iUserName)

Specified by:

denyUser in interface OSecurityInternal

denyRole

public OIdentifiable denyRole(ODatabaseSession session,
                              ODocument iDocument,
                              ORestrictedOperation iOperationType,
                              String iRoleName)

Specified by:

denyRole in interface OSecurityInternal

allowIdentity

public OIdentifiable allowIdentity(ODatabaseSession session,
                                   ODocument iDocument,
                                   String iAllowFieldName,
                                   OIdentifiable iId)

Specified by:

allowIdentity in interface OSecurityInternal

disallowIdentity

public OIdentifiable disallowIdentity(ODatabaseSession session,
                                      ODocument iDocument,
                                      String iAllowFieldName,
                                      OIdentifiable iId)

Specified by:

disallowIdentity in interface OSecurityInternal

create

public OUser create(ODatabaseSession session)

Specified by:

create in interface OSecurityInternal

load

public void load(ODatabaseSession session)

Specified by:

load in interface OSecurityInternal

authenticate

public OUser authenticate(ODatabaseSession session,
                          OToken authToken)

Specified by:

authenticate in interface OSecurityInternal

getUser

public OUser getUser(ODatabaseSession session,
                     String iUserName)

Specified by:

getUser in interface OSecurityInternal

getUser

public OUser getUser(ODatabaseSession session,
                     ORID iUserId)

Specified by:

getUser in interface OSecurityInternal

createUser

public OUser createUser(ODatabaseSession session,
                        String iUserName,
                        String iUserPassword,
                        String... iRoles)

Specified by:

createUser in interface OSecurityInternal

createUser

public OUser createUser(ODatabaseSession session,
                        String iUserName,
                        String iUserPassword,
                        ORole... iRoles)

Specified by:

createUser in interface OSecurityInternal

getRole

public ORole getRole(ODatabaseSession session,
                     String iRoleName)

Specified by:

getRole in interface OSecurityInternal

getRole

public ORole getRole(ODatabaseSession session,
                     OIdentifiable iRole)

Specified by:

getRole in interface OSecurityInternal

createRole

public ORole createRole(ODatabaseSession session,
                        String iRoleName,
                        OSecurityRole.ALLOW_MODES iAllowMode)

Specified by:

createRole in interface OSecurityInternal

createRole

public ORole createRole(ODatabaseSession session,
                        String iRoleName,
                        ORole iParent,
                        OSecurityRole.ALLOW_MODES iAllowMode)

Specified by:

createRole in interface OSecurityInternal

getAllUsers

public List<ODocument> getAllUsers(ODatabaseSession session)

Specified by:

getAllUsers in interface OSecurityInternal

getAllRoles

public List<ODocument> getAllRoles(ODatabaseSession session)

Specified by:

getAllRoles in interface OSecurityInternal

getSecurityPolicies

public Map<String,OSecurityPolicy> getSecurityPolicies(ODatabaseSession session,
                                                       OSecurityRole role)

Specified by:

getSecurityPolicies in interface OSecurityInternal

getSecurityPolicy

public OSecurityPolicy getSecurityPolicy(ODatabaseSession session,
                                         OSecurityRole role,
                                         String resource)

Description copied from interface: OSecurityInternal

Returns the security policy policy assigned to a role for a specific resource (not recursive on superclasses, nor on role hierarchy)

Specified by:

getSecurityPolicy in interface OSecurityInternal

Parameters:

session - an active DB session

role - the role

resource - the string representation of the security resource, eg. "database.class.Person"

Returns:

setSecurityPolicy

public void setSecurityPolicy(ODatabaseSession session,
                              OSecurityRole role,
                              String resource,
                              OSecurityPolicy policy)

Description copied from interface: OSecurityInternal

Sets a security policy for a specific resource on a role

Specified by:

setSecurityPolicy in interface OSecurityInternal

Parameters:

session - a valid db session to perform the operation (that has permissions to do it)

role - The role

resource - the string representation of the security resource, eg. "database.class.Person"

policy - The security policy

createSecurityPolicy

public OSecurityPolicy createSecurityPolicy(ODatabaseSession session,
                                            String name)

Description copied from interface: OSecurityInternal

creates and saves an empty security policy

Specified by:

createSecurityPolicy in interface OSecurityInternal

Parameters:

session - the session to a DB where the policy has to be created

name - the policy name

Returns:

getSecurityPolicy

public OSecurityPolicy getSecurityPolicy(ODatabaseSession session,
                                         String name)

Specified by:

getSecurityPolicy in interface OSecurityInternal

saveSecurityPolicy

public void saveSecurityPolicy(ODatabaseSession session,
                               OSecurityPolicy policy)

Specified by:

saveSecurityPolicy in interface OSecurityInternal

deleteSecurityPolicy

public void deleteSecurityPolicy(ODatabaseSession session,
                                 String name)

Specified by:

deleteSecurityPolicy in interface OSecurityInternal

removeSecurityPolicy

public void removeSecurityPolicy(ODatabaseSession session,
                                 ORole role,
                                 String resource)

Description copied from interface: OSecurityInternal

Removes security policy bound to a role for a specific resource

Specified by:

removeSecurityPolicy in interface OSecurityInternal

Parameters:

session - A valid db session to perform the operation

role - the role

resource - the string representation of the security resource, eg. "database.class.Person"

toString

public String toString()

Overrides:

toString in class Object

dropUser

public boolean dropUser(ODatabaseSession session,
                        String iUserName)

Specified by:

dropUser in interface OSecurityInternal

dropRole

public boolean dropRole(ODatabaseSession session,
                        String iRoleName)

Specified by:

dropRole in interface OSecurityInternal

createClassTrigger

public void createClassTrigger(ODatabaseSession session)

Specified by:

createClassTrigger in interface OSecurityInternal

getVersion

public long getVersion(ODatabaseSession session)

Specified by:

getVersion in interface OSecurityInternal

incrementVersion

public void incrementVersion(ODatabaseSession session)

Specified by:

incrementVersion in interface OSecurityInternal

getFilteredProperties

public Set<String> getFilteredProperties(ODatabaseSession session,
                                         ODocument document)

Description copied from interface: OSecurityInternal

For property-level security. Returns the list of the properties that are hidden (ie. not allowed to be read) for current session, regarding a specific document

Specified by:

getFilteredProperties in interface OSecurityInternal

Parameters:

session - the db session

document - the document to filter

Returns:

the list of the properties that are hidden (ie. not allowed to be read) on current document for current session

isAllowedWrite

public boolean isAllowedWrite(ODatabaseSession session,
                              ODocument document,
                              String propertyName)

Description copied from interface: OSecurityInternal

For property-level security

Specified by:

isAllowedWrite in interface OSecurityInternal

document - current document to check for proeprty-level security

propertyName - the property to check for write access

Returns:

canCreate

public boolean canCreate(ODatabaseSession session,
                         ORecord record)

Specified by:

canCreate in interface OSecurityInternal

canRead

public boolean canRead(ODatabaseSession session,
                       ORecord record)

Specified by:

canRead in interface OSecurityInternal

canUpdate

public boolean canUpdate(ODatabaseSession session,
                         ORecord record)

Specified by:

canUpdate in interface OSecurityInternal

canDelete

public boolean canDelete(ODatabaseSession session,
                         ORecord record)

Specified by:

canDelete in interface OSecurityInternal

canExecute

public boolean canExecute(ODatabaseSession session,
                          OFunction function)

Specified by:

canExecute in interface OSecurityInternal

isReadRestrictedBySecurityPolicy

public boolean isReadRestrictedBySecurityPolicy(ODatabaseSession session,
                                                String resource)

Description copied from interface: OSecurityInternal

checks if for current session a resource is restricted by security resources (ie. READ policies exist, with predicate different from "TRUE", to access the given resource

Specified by:

isReadRestrictedBySecurityPolicy in interface OSecurityInternal

Parameters:

session - The session to check for the existece of policies

resource - a resource string, eg. "database.class.Person"

Returns:

true if a restriction of any type exists for this session and this resource. False otherwise

getAllFilteredProperties

public Set<OSecurityResourceProperty> getAllFilteredProperties(ODatabaseDocumentInternal database)

Description copied from interface: OSecurityInternal

returns the list of all the filtered properties (for any role defined in the db)

Specified by:

getAllFilteredProperties in interface OSecurityInternal

Returns:

close

public void close()

Specified by:

close in interface OSecurityInternal