Package org.pentaho.platform.engine.security

Class SecurityHelper

  • All Implemented Interfaces:
    org.pentaho.platform.api.engine.ISecurityHelper
    public class SecurityHelper
extends Object
implements org.pentaho.platform.api.engine.ISecurityHelper
    A utility class with several methods that are used to either bind the Authentication to the IPentahoSession, retrieve the Authentication from the IPentahoSession, and other various helper functions.
    Author:
    mbatchel

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      protected SecurityHelper()
      Default constructor - protected so that it may be only constructed by a sub-class since this is a singleton

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      void becomeUser​(String principalName)
      Hi-jacks the system for the named user.
      void becomeUser​(String principalName, org.pentaho.platform.api.engine.IParameterProvider paramProvider)
      Hi-jacks the system for the named user.
      org.springframework.security.core.Authentication createAuthentication​(String principalName)
      Utility method for hydrating a Spring Authentication object (Principal) given just a user name.
      org.pentaho.platform.api.engine.IAclVoter getAclVoter()
      Deprecated.
      org.springframework.security.core.Authentication getAuthentication()  
      org.springframework.security.core.Authentication getAuthentication​(org.pentaho.platform.api.engine.IPentahoSession ignoredSession, boolean ignoredAllowAnonymous)
      Remove this method when data-access is JCR-branched
      org.pentaho.platform.api.engine.IAuthorizationPolicy getAuthorizationPolicy()  
      static org.pentaho.platform.api.engine.ISecurityHelper getInstance()
      Returns the default instance, if the test instance is not null return the test instance
      org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver getTenantedUserNameUtils()  
      org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()  
      org.pentaho.platform.api.engine.IUserRoleListService getUserRoleListService()  
      boolean hasAccess​(org.pentaho.platform.api.engine.IAclHolder aHolder, int actionOperation, org.pentaho.platform.api.engine.IPentahoSession session)
      Deprecated.
      boolean isGranted​(org.pentaho.platform.api.engine.IPentahoSession session, org.springframework.security.core.GrantedAuthority role)
      Utility method that communicates with the installed ACLVoter to determine whether a particular role is granted to the specified user.
      boolean isPentahoAdministrator​(org.pentaho.platform.api.engine.IPentahoSession session)
      Deprecated.
      use SystemUtils.canAdminister() instead
      <T> T runAsAnonymous​(Callable<T> callable)
      Utility method that allows you to run a block of code as the given user.
      <T> T runAsSystem​(Callable<T> callable)
      Runs code as system with full privileges.
      <T> T runAsUser​(String principalName, Callable<T> callable)
      Utility method that allows you to run a block of code as the given user.
      <T> T runAsUser​(String principalName, org.pentaho.platform.api.engine.IParameterProvider paramProvider, Callable<T> callable)  
      static void setMockInstance​(org.pentaho.platform.api.engine.ISecurityHelper mockInstanceValue)
      Set the mockInstance, this should only be used for testing

    • Constructor Detail

      • SecurityHelper

        protected SecurityHelper()
        Default constructor - protected so that it may be only constructed by a sub-class since this is a singleton

    • Method Detail

      • getInstance

        public static org.pentaho.platform.api.engine.ISecurityHelper getInstance()
        Returns the default instance, if the test instance is not null return the test instance

      • setMockInstance

        public static void setMockInstance​(org.pentaho.platform.api.engine.ISecurityHelper mockInstanceValue)
        Set the mockInstance, this should only be used for testing
        Parameters:
        mockInstanceValue - the test implementation of SecurityHelper

      • becomeUser

        public void becomeUser​(String principalName)
        Hi-jacks the system for the named user.

        This will essentially create a session for this user, make that session the current session, and add the Authentication objects to the session and Spring context holder. WARNING: this method is irreversible!!! If you want execute a block of code as a surrogate user and have the orignal user resume after it is complete, you want runAsUser(String, Callable).

        This is for unit tests only.

        Specified by:
        becomeUser in interface org.pentaho.platform.api.engine.ISecurityHelper
        Parameters:
        principalName - the user to become in the system

      • becomeUser

        public void becomeUser​(String principalName,
                       org.pentaho.platform.api.engine.IParameterProvider paramProvider)
        Hi-jacks the system for the named user.

        This is for unit tests only.

        Specified by:
        becomeUser in interface org.pentaho.platform.api.engine.ISecurityHelper

      • runAsUser

        public <T> T runAsUser​(String principalName,
                       Callable<T> callable)
                throws Exception
        Utility method that allows you to run a block of code as the given user. Regardless of success or exception situation, the original session and authentication will be restored once your block of code is finished executing, i.e. the given user will apply only to your Callable, then the system environment will return to the user present prior to you calling this method.
        Specified by:
        runAsUser in interface org.pentaho.platform.api.engine.ISecurityHelper
        Type Parameters:
        T - the return type of your operation, specify this type as T
        Parameters:
        principalName - the user under whom you wish to run a section of code
        callable - Callable.call() contains the code you wish to run as the given user
        Returns:
        the value returned by your implementation of Callable.call()
        Throws:
        Exception

      • runAsUser

        public <T> T runAsUser​(String principalName,
                       org.pentaho.platform.api.engine.IParameterProvider paramProvider,
                       Callable<T> callable)
                throws Exception
        Specified by:
        runAsUser in interface org.pentaho.platform.api.engine.ISecurityHelper
        Throws:
        Exception

      • runAsAnonymous

        public <T> T runAsAnonymous​(Callable<T> callable)
                     throws Exception
        Utility method that allows you to run a block of code as the given user. Regardless of success or exception situation, the original session and authentication will be restored once your block of code is finished executing, i.e. the given user will apply only to your Callable, then the system environment will return to the user present prior to you calling this method.
        Specified by:
        runAsAnonymous in interface org.pentaho.platform.api.engine.ISecurityHelper
        Type Parameters:
        T - the return type of your operation, specify this type as T
        Parameters:
        callable - Callable.call() contains the code you wish to run as the given user
        Returns:
        the value returned by your implementation of Callable.call()
        Throws:
        Exception

      • isPentahoAdministrator

        @Deprecated
public boolean isPentahoAdministrator​(org.pentaho.platform.api.engine.IPentahoSession session)
        Deprecated.
        use SystemUtils.canAdminister() instead
        Utility method that communicates with the installed ACLVoter to determine administrator status
        Specified by:
        isPentahoAdministrator in interface org.pentaho.platform.api.engine.ISecurityHelper
        Parameters:
        session - The users IPentahoSession object
        Returns:
        true if the user is considered a Pentaho administrator

      • isGranted

        public boolean isGranted​(org.pentaho.platform.api.engine.IPentahoSession session,
                         org.springframework.security.core.GrantedAuthority role)
        Utility method that communicates with the installed ACLVoter to determine whether a particular role is granted to the specified user.
        Specified by:
        isGranted in interface org.pentaho.platform.api.engine.ISecurityHelper
        Parameters:
        session - The users' IPentahoSession
        role - The role to look for
        Returns:
        true if the user is granted the specified role.

      • hasAccess

        @Deprecated
public boolean hasAccess​(org.pentaho.platform.api.engine.IAclHolder aHolder,
                         int actionOperation,
                         org.pentaho.platform.api.engine.IPentahoSession session)
        Deprecated.
        Specified by:
        hasAccess in interface org.pentaho.platform.api.engine.ISecurityHelper

      • getAclVoter

        @Deprecated
public org.pentaho.platform.api.engine.IAclVoter getAclVoter()
        Deprecated.

      • createAuthentication

        public org.springframework.security.core.Authentication createAuthentication​(String principalName)
        Utility method for hydrating a Spring Authentication object (Principal) given just a user name. Note: The IUserRoleListService will be consulted for the roles associated with this user.
        Specified by:
        createAuthentication in interface org.pentaho.platform.api.engine.ISecurityHelper
        Parameters:
        principalName - the subject of this Authentication object
        Returns:
        a Spring Authentication for the given user

      • getAuthentication

        public org.springframework.security.core.Authentication getAuthentication()
        Specified by:
        getAuthentication in interface org.pentaho.platform.api.engine.ISecurityHelper

      • getAuthentication

        public org.springframework.security.core.Authentication getAuthentication​(org.pentaho.platform.api.engine.IPentahoSession ignoredSession,
                                                                          boolean ignoredAllowAnonymous)
        Remove this method when data-access is JCR-branched
        Specified by:
        getAuthentication in interface org.pentaho.platform.api.engine.ISecurityHelper
        Parameters:
        ignoredSession -
        ignoredAllowAnonymous -
        Returns:

      • runAsSystem

        public <T> T runAsSystem​(Callable<T> callable)
                  throws Exception
        Runs code as system with full privileges.
        Specified by:
        runAsSystem in interface org.pentaho.platform.api.engine.ISecurityHelper
        Throws:
        Exception

      • getAuthorizationPolicy

        public org.pentaho.platform.api.engine.IAuthorizationPolicy getAuthorizationPolicy()

      • getTenantedUserNameUtils

        public org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver getTenantedUserNameUtils()

      • getUserDetailsService

        public org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()

      • getUserRoleListService

        public org.pentaho.platform.api.engine.IUserRoleListService getUserRoleListService()