Class SecurityHelper
- java.lang.Object
-
- org.pentaho.platform.engine.security.SecurityHelper
-
- All Implemented Interfaces:
org.pentaho.platform.api.engine.ISecurityHelper
public class SecurityHelper extends Object implements org.pentaho.platform.api.engine.ISecurityHelper
A utility class with several methods that are used to either bind the Authentication to the IPentahoSession, retrieve the Authentication from the IPentahoSession, and other various helper functions.- Author:
- mbatchel
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
SecurityHelper()
Default constructor - protected so that it may be only constructed by a sub-class since this is a singleton
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
becomeUser(String principalName)
Hi-jacks the system for the named user.void
becomeUser(String principalName, org.pentaho.platform.api.engine.IParameterProvider paramProvider)
Hi-jacks the system for the named user.org.springframework.security.core.Authentication
createAuthentication(String principalName)
Utility method for hydrating a Spring Authentication object (Principal) given just a user name.org.pentaho.platform.api.engine.IAclVoter
getAclVoter()
Deprecated.org.springframework.security.core.Authentication
getAuthentication()
org.springframework.security.core.Authentication
getAuthentication(org.pentaho.platform.api.engine.IPentahoSession ignoredSession, boolean ignoredAllowAnonymous)
Remove this method when data-access is JCR-branchedorg.pentaho.platform.api.engine.IAuthorizationPolicy
getAuthorizationPolicy()
static org.pentaho.platform.api.engine.ISecurityHelper
getInstance()
Returns the default instance, if the test instance is not null return the test instanceorg.pentaho.platform.api.mt.ITenantedPrincipleNameResolver
getTenantedUserNameUtils()
org.springframework.security.core.userdetails.UserDetailsService
getUserDetailsService()
org.pentaho.platform.api.engine.IUserRoleListService
getUserRoleListService()
boolean
hasAccess(org.pentaho.platform.api.engine.IAclHolder aHolder, int actionOperation, org.pentaho.platform.api.engine.IPentahoSession session)
Deprecated.boolean
isGranted(org.pentaho.platform.api.engine.IPentahoSession session, org.springframework.security.core.GrantedAuthority role)
Utility method that communicates with the installed ACLVoter to determine whether a particular role is granted to the specified user.boolean
isPentahoAdministrator(org.pentaho.platform.api.engine.IPentahoSession session)
Deprecated.use SystemUtils.canAdminister() instead<T> T
runAsAnonymous(Callable<T> callable)
Utility method that allows you to run a block of code as the given user.<T> T
runAsSystem(Callable<T> callable)
Runs code as system with full privileges.<T> T
runAsUser(String principalName, Callable<T> callable)
Utility method that allows you to run a block of code as the given user.<T> T
runAsUser(String principalName, org.pentaho.platform.api.engine.IParameterProvider paramProvider, Callable<T> callable)
static void
setMockInstance(org.pentaho.platform.api.engine.ISecurityHelper mockInstanceValue)
Set the mockInstance, this should only be used for testing
-
-
-
Method Detail
-
getInstance
public static org.pentaho.platform.api.engine.ISecurityHelper getInstance()
Returns the default instance, if the test instance is not null return the test instance
-
setMockInstance
public static void setMockInstance(org.pentaho.platform.api.engine.ISecurityHelper mockInstanceValue)
Set the mockInstance, this should only be used for testing- Parameters:
mockInstanceValue
- the test implementation of SecurityHelper
-
becomeUser
public void becomeUser(String principalName)
Hi-jacks the system for the named user.This will essentially create a session for this user, make that session the current session, and add the Authentication objects to the session and Spring context holder. WARNING: this method is irreversible!!! If you want execute a block of code as a surrogate user and have the orignal user resume after it is complete, you want
runAsUser(String, Callable)
.This is for unit tests only.
- Specified by:
becomeUser
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
- Parameters:
principalName
- the user to become in the system
-
becomeUser
public void becomeUser(String principalName, org.pentaho.platform.api.engine.IParameterProvider paramProvider)
Hi-jacks the system for the named user.This is for unit tests only.
- Specified by:
becomeUser
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
-
runAsUser
public <T> T runAsUser(String principalName, Callable<T> callable) throws Exception
Utility method that allows you to run a block of code as the given user. Regardless of success or exception situation, the original session and authentication will be restored once your block of code is finished executing, i.e. the given user will apply only to yourCallable
, then the system environment will return to the user present prior to you calling this method.- Specified by:
runAsUser
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
- Type Parameters:
T
- the return type of your operation, specify this type asT
- Parameters:
principalName
- the user under whom you wish to run a section of codecallable
-Callable.call()
contains the code you wish to run as the given user- Returns:
- the value returned by your implementation of
Callable.call()
- Throws:
Exception
-
runAsUser
public <T> T runAsUser(String principalName, org.pentaho.platform.api.engine.IParameterProvider paramProvider, Callable<T> callable) throws Exception
- Specified by:
runAsUser
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
- Throws:
Exception
-
runAsAnonymous
public <T> T runAsAnonymous(Callable<T> callable) throws Exception
Utility method that allows you to run a block of code as the given user. Regardless of success or exception situation, the original session and authentication will be restored once your block of code is finished executing, i.e. the given user will apply only to yourCallable
, then the system environment will return to the user present prior to you calling this method.- Specified by:
runAsAnonymous
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
- Type Parameters:
T
- the return type of your operation, specify this type asT
- Parameters:
callable
-Callable.call()
contains the code you wish to run as the given user- Returns:
- the value returned by your implementation of
Callable.call()
- Throws:
Exception
-
isPentahoAdministrator
@Deprecated public boolean isPentahoAdministrator(org.pentaho.platform.api.engine.IPentahoSession session)
Deprecated.use SystemUtils.canAdminister() insteadUtility method that communicates with the installed ACLVoter to determine administrator status- Specified by:
isPentahoAdministrator
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
- Parameters:
session
- The users IPentahoSession object- Returns:
- true if the user is considered a Pentaho administrator
-
isGranted
public boolean isGranted(org.pentaho.platform.api.engine.IPentahoSession session, org.springframework.security.core.GrantedAuthority role)
Utility method that communicates with the installed ACLVoter to determine whether a particular role is granted to the specified user.- Specified by:
isGranted
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
- Parameters:
session
- The users' IPentahoSessionrole
- The role to look for- Returns:
- true if the user is granted the specified role.
-
hasAccess
@Deprecated public boolean hasAccess(org.pentaho.platform.api.engine.IAclHolder aHolder, int actionOperation, org.pentaho.platform.api.engine.IPentahoSession session)
Deprecated.- Specified by:
hasAccess
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
-
getAclVoter
@Deprecated public org.pentaho.platform.api.engine.IAclVoter getAclVoter()
Deprecated.
-
createAuthentication
public org.springframework.security.core.Authentication createAuthentication(String principalName)
Utility method for hydrating a Spring Authentication object (Principal) given just a user name. Note: TheIUserRoleListService
will be consulted for the roles associated with this user.- Specified by:
createAuthentication
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
- Parameters:
principalName
- the subject of this Authentication object- Returns:
- a Spring Authentication for the given user
-
getAuthentication
public org.springframework.security.core.Authentication getAuthentication()
- Specified by:
getAuthentication
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
-
getAuthentication
public org.springframework.security.core.Authentication getAuthentication(org.pentaho.platform.api.engine.IPentahoSession ignoredSession, boolean ignoredAllowAnonymous)
Remove this method when data-access is JCR-branched- Specified by:
getAuthentication
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
- Parameters:
ignoredSession
-ignoredAllowAnonymous
-- Returns:
-
runAsSystem
public <T> T runAsSystem(Callable<T> callable) throws Exception
Runs code as system with full privileges.- Specified by:
runAsSystem
in interfaceorg.pentaho.platform.api.engine.ISecurityHelper
- Throws:
Exception
-
getAuthorizationPolicy
public org.pentaho.platform.api.engine.IAuthorizationPolicy getAuthorizationPolicy()
-
getTenantedUserNameUtils
public org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver getTenantedUserNameUtils()
-
getUserDetailsService
public org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()
-
getUserRoleListService
public org.pentaho.platform.api.engine.IUserRoleListService getUserRoleListService()
-
-