Package org.pentaho.platform.api.engine

Interface ISecurityHelper

  • public interface ISecurityHelper
    Interface for a utility class with several methods that are used to either bind the Authentication to the IPentahoSession, retrieve the Authentication from the IPentahoSession, and other various helper functions.
    Author:
    mbatchel

    • Method Detail

      • becomeUser

        void becomeUser​(String principalName)
        Hi-jacks the system for the named user.

        This will essentially create a session for this user, make that session the current session, and add the Authentication objects to the session and Spring context holder. WARNING: this method is irreversible!!! If you want execute a block of code as a surrogate user and have the orignal user resume after it is complete, you want runAsUser(String, java.util.concurrent.Callable).

        This is for unit tests only.

        Parameters:
        principalName - the user to become in the system

      • becomeUser

        void becomeUser​(String principalName,
                IParameterProvider paramProvider)
        Hi-jacks the system for the named user.

        This is for unit tests only.

      • runAsUser

        <T> T runAsUser​(String principalName,
                Callable<T> callable)
         throws Exception
        Utility method that allows you to run a block of code as the given user. Regardless of success or exception situation, the original session and authentication will be restored once your block of code is finished executing, i.e. the given user will apply only to your Callable, then the system environment will return to the user present prior to you calling this method.
        Type Parameters:
        T - the return type of your operation, specify this type as T
        Parameters:
        principalName - the user under whom you wish to run a section of code
        callable - Callable.call() contains the code you wish to run as the given user
        Returns:
        the value returned by your implementation of Callable.call()
        Throws:
        Exception

      • runAsAnonymous

        <T> T runAsAnonymous​(Callable<T> callable)
              throws Exception
        Utility method that allows you to run a block of code as the given user. Regardless of success or exception situation, the original session and authentication will be restored once your block of code is finished executing, i.e. the given user will apply only to your Callable, then the system environment will return to the user present prior to you calling this method.
        Type Parameters:
        T - the return type of your operation, specify this type as T
        Parameters:
        principalName - the user under whom you wish to run a section of code
        callable - Callable.call() contains the code you wish to run as the given user
        Returns:
        the value returned by your implementation of Callable.call()
        Throws:
        Exception

      • isPentahoAdministrator

        @Deprecated
boolean isPentahoAdministrator​(IPentahoSession session)
        Deprecated.
        use SystemUtils.canAdminister() instead
        Utility method that communicates with the installed ACLVoter to determine administrator status
        Parameters:
        session - The users IPentahoSession object
        Returns:
        true if the user is considered a Pentaho administrator

      • isGranted

        boolean isGranted​(IPentahoSession session,
                  org.springframework.security.core.GrantedAuthority role)
        Utility method that communicates with the installed ACLVoter to determine whether a particular role is granted to the specified user.
        Parameters:
        session - The users' IPentahoSession
        role - The role to look for
        Returns:
        true if the user is granted the specified role.

      • createAuthentication

        org.springframework.security.core.Authentication createAuthentication​(String principalName)
        Utility method for hydrating a Spring Authentication object (Principal) given just a user name. Note: The IUserRoleListService will be consulted for the roles associated with this user.
        Parameters:
        principalName - the subject of this Authentication object
        Returns:
        a Spring Authentication for the given user

      • getAuthentication

        org.springframework.security.core.Authentication getAuthentication()

      • getAuthentication

        org.springframework.security.core.Authentication getAuthentication​(IPentahoSession ignoredSession,
                                                                   boolean ignoredAllowAnonymous)
        Remove this method when data-access is JCR-branched
        Parameters:
        ignoredSession -
        ignoredAllowAnonymous -
        Returns:

      • runAsSystem

        <T> T runAsSystem​(Callable<T> callable)
           throws Exception
        Runs code as system with full privileges.
        Throws:
        Exception