org.pentaho.platform.security.policy.rolebased
Class JcrRoleAuthorizationPolicyRoleBindingDao

java.lang.Object
  org.pentaho.platform.security.policy.rolebased.JcrRoleAuthorizationPolicyRoleBindingDao

All Implemented Interfaces:

IRoleAuthorizationPolicyRoleBindingDao

public class JcrRoleAuthorizationPolicyRoleBindingDao
extends Object
implements IRoleAuthorizationPolicyRoleBindingDao

An IRoleAuthorizationPolicyRoleBindingDao implementation that uses JCR. Storage is done using nodes and properties, not XML. Storage looks like this:

- acme
   - .authz
     - roleBased
       - runtimeRoles
         - runtimeRole1
           - logicalRole1,logicalRole2 (multi-valued property)
         - runtimeRole2
           - logicalRole2 (multi-valued property)
 

Note: All multi-valued properties are ordered.

Note: This code runs as the repository superuser. Ideally this would run as the tenant admin but such a named user doesn't exist for us to run as. Now that the repo uses IAuthorizationPolicy for access control, this code MUST continue to run as the repository superuser. This is one reason not to implement this on top of PUR.

Author:

mlowery

Constructor Summary

JcrRoleAuthorizationPolicyRoleBindingDao(org.springframework.transaction.support.TransactionTemplate txnTemplate, org.springframework.extensions.jcr.JcrTemplate jcrTemplate, List<String> logicalRoleNames, Map<String,Properties> logicalRoleLocaleMap, Map<String,List<String>> immutableRoleBindings, Map<String,List<String>> bootstrapRoleBindings, String repositoryAdminUsername)

Method Summary

List<String>	getBoundLogicalRoleNames(List<String> runtimeRoleNames) Gets the logical roles bound to the given runtime roles.
RoleBindingStruct	getRoleBindingStruct(String locale) Gets a struct-like object that contains everything known by this DAO.
void	setRoleBindings(String runtimeRoleName, List<String> logicalRoleNames) Sets the bindings for the given runtime role.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JcrRoleAuthorizationPolicyRoleBindingDao

public JcrRoleAuthorizationPolicyRoleBindingDao(org.springframework.transaction.support.TransactionTemplate txnTemplate,
                                                org.springframework.extensions.jcr.JcrTemplate jcrTemplate,
                                                List<String> logicalRoleNames,
                                                Map<String,Properties> logicalRoleLocaleMap,
                                                Map<String,List<String>> immutableRoleBindings,
                                                Map<String,List<String>> bootstrapRoleBindings,
                                                String repositoryAdminUsername)

Method Detail

getRoleBindingStruct

public RoleBindingStruct getRoleBindingStruct(String locale)

Gets a struct-like object that contains everything known by this DAO. This is a batch operation provided for UIs.

Specified by:

getRoleBindingStruct in interface IRoleAuthorizationPolicyRoleBindingDao

Parameters:

locale - locale, possibly null

Returns:

role binding struct

setRoleBindings

public void setRoleBindings(String runtimeRoleName,
                            List<String> logicalRoleNames)

Sets the bindings for the given runtime role. All other bindings for this runtime role are removed.

Specified by:

setRoleBindings in interface IRoleAuthorizationPolicyRoleBindingDao

Parameters:

runtimeRoleName - runtime role name

getBoundLogicalRoleNames

public List<String> getBoundLogicalRoleNames(List<String> runtimeRoleNames)

Gets the logical roles bound to the given runtime roles. Note that the size of the incoming list might not match the size of the returned list. This is a convenience method. The same result could be obtained from #getRoleBindingStruct().

Specified by:

getBoundLogicalRoleNames in interface IRoleAuthorizationPolicyRoleBindingDao

Parameters:

runtimeRoleNames - list of runtime role names

Returns:

list of logical role names, never null