org.pentaho.platform.engine.security
Class SecurityHelper

java.lang.Object
  extended by org.pentaho.platform.engine.security.SecurityHelper

public class SecurityHelper
extends Object

A utility class with several static methods that are used to either bind the Authentication to the IPentahoSession, retrieve the Authentication from the IPentahoSession, and other various helper functions.

Author:
mbatchel

Field Summary
static String DefaultAnonymousRole
           
static String DefaultAnonymousUser
           
static String SESSION_PRINCIPAL
           
 
Constructor Summary
SecurityHelper()
           
 
Method Summary
static boolean canHaveACLS(ISolutionFile aFile)
           
static org.springframework.security.Authentication getAuthentication(IPentahoSession session, boolean allowAnonymous)
          Looks in the provided session to get the Spring Security Authentication object out.
static Principal getPrincipal(IPentahoSession session)
          Gets the java.security.principal object from the IPentahoSession object
static boolean hasAccess(IAclHolder aHolder, int actionOperation, IPentahoSession session)
           
static boolean hasAccess(IAclSolutionFile aFile, int actionOperation, IPentahoSession session)
          Utility method for access negotiation.
static boolean isGranted(IPentahoSession session, org.springframework.security.GrantedAuthority role)
          Utility method that communicates with the installed ACLVoter to determine whether a particular role is granted to the specified user.
static boolean isPentahoAdministrator(IPentahoSession session)
          Utility method that communicates with the installed ACLVoter to determine administrator status
static void setPrincipal(Principal principal, IPentahoSession session)
          Sets the java.security.principal object into the IPentahoSession object.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SESSION_PRINCIPAL

public static final String SESSION_PRINCIPAL
See Also:
Constant Field Values

DefaultAnonymousRole

public static final String DefaultAnonymousRole

DefaultAnonymousUser

public static final String DefaultAnonymousUser
Constructor Detail

SecurityHelper

public SecurityHelper()
Method Detail

getAuthentication

public static org.springframework.security.Authentication getAuthentication(IPentahoSession session,
                                                                            boolean allowAnonymous)
Looks in the provided session to get the Spring Security Authentication object out. Optionally returns an "anonymous" Authentication if desired.

Parameters:
session - Users' IPentahoSession object
allowAnonymous - If true, will return an anonymous Authentication object.
Returns:
the Authentication object from the session

getPrincipal

public static Principal getPrincipal(IPentahoSession session)
Gets the java.security.principal object from the IPentahoSession object

Parameters:
session - The users' session
Returns:
The bound Principal

setPrincipal

public static void setPrincipal(Principal principal,
                                IPentahoSession session)
Sets the java.security.principal object into the IPentahoSession object.

Parameters:
principal - The principal from the servlet context
session - The users' IPentahoSession object

isPentahoAdministrator

public static boolean isPentahoAdministrator(IPentahoSession session)
Utility method that communicates with the installed ACLVoter to determine administrator status

Parameters:
session - The users IPentahoSession object
Returns:
true if the user is considered a Pentaho administrator

isGranted

public static boolean isGranted(IPentahoSession session,
                                org.springframework.security.GrantedAuthority role)
Utility method that communicates with the installed ACLVoter to determine whether a particular role is granted to the specified user.

Parameters:
session - The users' IPentahoSession
role - The role to look for
Returns:
true if the user is granted the specified role.

canHaveACLS

public static boolean canHaveACLS(ISolutionFile aFile)
Parameters:
aFile -
Returns:
a boolean that indicates if this file can have ACLS placed on it.

hasAccess

public static boolean hasAccess(IAclHolder aHolder,
                                int actionOperation,
                                IPentahoSession session)

hasAccess

public static boolean hasAccess(IAclSolutionFile aFile,
                                int actionOperation,
                                IPentahoSession session)
Utility method for access negotiation. For performance, not all files will be checked against the supplied voter.

Parameters:
aFile -
actionOperation -
session -
Returns: