Package org.pentaho.platform.api.engine
Interface ISecurityHelper
public interface ISecurityHelper
Interface for a utility class with several methods that are used to either bind the Authentication to
the IPentahoSession, retrieve the Authentication from the IPentahoSession, and other
various helper functions.
- Author:
- mbatchel
-
Method Summary
Modifier and TypeMethodDescriptionvoidbecomeUser(String principalName) Hi-jacks the system for the named user.voidbecomeUser(String principalName, IParameterProvider paramProvider) Hi-jacks the system for the named user.org.springframework.security.core.AuthenticationcreateAuthentication(String principalName) Utility method for hydrating a Spring Authentication object (Principal) given just a user name.org.springframework.security.core.Authenticationorg.springframework.security.core.AuthenticationgetAuthentication(IPentahoSession ignoredSession, boolean ignoredAllowAnonymous) Remove this method when data-access is JCR-branchedbooleanhasAccess(IAclHolder aHolder, int actionOperation, IPentahoSession session) Deprecated.booleanisGranted(IPentahoSession session, org.springframework.security.core.GrantedAuthority role) Utility method that communicates with the installed ACLVoter to determine whether a particular role is granted to the specified user.booleanisPentahoAdministrator(IPentahoSession session) Deprecated.use SystemUtils.canAdminister() instead<T> TrunAsAnonymous(Callable<T> callable) Utility method that allows you to run a block of code as the given user.<T> TrunAsSystem(Callable<T> callable) Runs code as system with full privileges.<T> TUtility method that allows you to run a block of code as the given user.<T> TrunAsUser(String principalName, IParameterProvider paramProvider, Callable<T> callable)
-
Method Details
-
becomeUser
Hi-jacks the system for the named user.This will essentially create a session for this user, make that session the current session, and add the Authentication objects to the session and Spring context holder. WARNING: this method is irreversible!!! If you want execute a block of code as a surrogate user and have the orignal user resume after it is complete, you want
runAsUser(String, java.util.concurrent.Callable).This is for unit tests only.
- Parameters:
principalName- the user to become in the system
-
becomeUser
Hi-jacks the system for the named user.This is for unit tests only.
-
runAsUser
Utility method that allows you to run a block of code as the given user. Regardless of success or exception situation, the original session and authentication will be restored once your block of code is finished executing, i.e. the given user will apply only to yourCallable, then the system environment will return to the user present prior to you calling this method.- Type Parameters:
T- the return type of your operation, specify this type asT- Parameters:
principalName- the user under whom you wish to run a section of codecallable-Callable.call()contains the code you wish to run as the given user- Returns:
- the value returned by your implementation of
Callable.call() - Throws:
Exception
-
runAsUser
<T> T runAsUser(String principalName, IParameterProvider paramProvider, Callable<T> callable) throws Exception - Throws:
Exception
-
runAsAnonymous
Utility method that allows you to run a block of code as the given user. Regardless of success or exception situation, the original session and authentication will be restored once your block of code is finished executing, i.e. the given user will apply only to yourCallable, then the system environment will return to the user present prior to you calling this method.- Type Parameters:
T- the return type of your operation, specify this type asT- Parameters:
principalName- the user under whom you wish to run a section of codecallable-Callable.call()contains the code you wish to run as the given user- Returns:
- the value returned by your implementation of
Callable.call() - Throws:
Exception
-
isPentahoAdministrator
Deprecated.use SystemUtils.canAdminister() insteadUtility method that communicates with the installed ACLVoter to determine administrator status- Parameters:
session- The users IPentahoSession object- Returns:
- true if the user is considered a Pentaho administrator
-
isGranted
Utility method that communicates with the installed ACLVoter to determine whether a particular role is granted to the specified user.- Parameters:
session- The users' IPentahoSessionrole- The role to look for- Returns:
- true if the user is granted the specified role.
-
hasAccess
Deprecated. -
createAuthentication
Utility method for hydrating a Spring Authentication object (Principal) given just a user name. Note: TheIUserRoleListServicewill be consulted for the roles associated with this user.- Parameters:
principalName- the subject of this Authentication object- Returns:
- a Spring Authentication for the given user
-
getAuthentication
org.springframework.security.core.Authentication getAuthentication() -
getAuthentication
org.springframework.security.core.Authentication getAuthentication(IPentahoSession ignoredSession, boolean ignoredAllowAnonymous) Remove this method when data-access is JCR-branched- Parameters:
ignoredSession-ignoredAllowAnonymous-- Returns:
-
runAsSystem
Runs code as system with full privileges.- Throws:
Exception
-