org.pentaho.platform.security.policy.rolebased
Class JcrRoleAuthorizationPolicyRoleBindingDao

java.lang.Object
  extended by org.pentaho.platform.security.policy.rolebased.JcrRoleAuthorizationPolicyRoleBindingDao
All Implemented Interfaces:
IRoleAuthorizationPolicyRoleBindingDao

public class JcrRoleAuthorizationPolicyRoleBindingDao
extends Object
implements IRoleAuthorizationPolicyRoleBindingDao

An IRoleAuthorizationPolicyRoleBindingDao implementation that uses JCR. Storage is done using nodes and properties, not XML. Storage looks like this:

- acme
   - .authz
     - roleBased
       - runtimeRoles
         - runtimeRole1
           - logicalRole1,logicalRole2 (multi-valued property)
         - runtimeRole2
           - logicalRole2 (multi-valued property)
 

Note: All multi-valued properties are ordered.

Note: This code runs as the repository superuser. Ideally this would run as the tenant admin but such a named user doesn't exist for us to run as. Now that the repo uses IAuthorizationPolicy for access control, this code MUST continue to run as the repository superuser. This is one reason not to implement this on top of PUR.

Author:
mlowery

Constructor Summary
JcrRoleAuthorizationPolicyRoleBindingDao(org.springframework.transaction.support.TransactionTemplate txnTemplate, org.springframework.extensions.jcr.JcrTemplate jcrTemplate, List<String> logicalRoleNames, Map<String,Properties> logicalRoleLocaleMap, Map<String,List<String>> immutableRoleBindings, Map<String,List<String>> bootstrapRoleBindings, String repositoryAdminUsername)
           
 
Method Summary
 List<String> getBoundLogicalRoleNames(List<String> runtimeRoleNames)
          Gets the logical roles bound to the given runtime roles.
 RoleBindingStruct getRoleBindingStruct(String locale)
          Gets a struct-like object that contains everything known by this DAO.
 void setRoleBindings(String runtimeRoleName, List<String> logicalRoleNames)
          Sets the bindings for the given runtime role.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JcrRoleAuthorizationPolicyRoleBindingDao

public JcrRoleAuthorizationPolicyRoleBindingDao(org.springframework.transaction.support.TransactionTemplate txnTemplate,
                                                org.springframework.extensions.jcr.JcrTemplate jcrTemplate,
                                                List<String> logicalRoleNames,
                                                Map<String,Properties> logicalRoleLocaleMap,
                                                Map<String,List<String>> immutableRoleBindings,
                                                Map<String,List<String>> bootstrapRoleBindings,
                                                String repositoryAdminUsername)
Method Detail

getRoleBindingStruct

public RoleBindingStruct getRoleBindingStruct(String locale)
Gets a struct-like object that contains everything known by this DAO. This is a batch operation provided for UIs.

Specified by:
getRoleBindingStruct in interface IRoleAuthorizationPolicyRoleBindingDao
Parameters:
locale - locale, possibly null
Returns:
role binding struct

setRoleBindings

public void setRoleBindings(String runtimeRoleName,
                            List<String> logicalRoleNames)
Sets the bindings for the given runtime role. All other bindings for this runtime role are removed.

Specified by:
setRoleBindings in interface IRoleAuthorizationPolicyRoleBindingDao
Parameters:
runtimeRoleName - runtime role name

getBoundLogicalRoleNames

public List<String> getBoundLogicalRoleNames(List<String> runtimeRoleNames)
Gets the logical roles bound to the given runtime roles. Note that the size of the incoming list might not match the size of the returned list. This is a convenience method. The same result could be obtained from #getRoleBindingStruct().

Specified by:
getBoundLogicalRoleNames in interface IRoleAuthorizationPolicyRoleBindingDao
Parameters:
runtimeRoleNames - list of runtime role names
Returns:
list of logical role names, never null