systems.dmx.accesscontrol

Interface AccessControlService

All Known Implementing Classes:

AccessControlPlugin

public interface AccessControlService

Field Summary

Fields

Modifier and Type	Field and Description
static String	ADMIN_INITIAL_PASSWORD
static String	ADMIN_USERNAME
static String	ADMIN_WORKSPACE_NAME
static systems.dmx.core.service.accesscontrol.SharingMode	ADMIN_WORKSPACE_SHARING_MODE
static String	ADMIN_WORKSPACE_URI
static String	DEFAULT_PRIVATE_WORKSPACE_NAME
static String	SYSTEM_WORKSPACE_NAME
static systems.dmx.core.service.accesscontrol.SharingMode	SYSTEM_WORKSPACE_SHARING_MODE
static String	SYSTEM_WORKSPACE_URI

Method Summary

Modifier and Type	Method and Description
systems.dmx.core.Topic	_createUserAccount(systems.dmx.core.service.accesscontrol.Credentials cred) Creates an user account.
void	checkAdmin() Checks if the current user is a DMX admin and throws AccessControlException if not.
void	createMembership(String username, long workspaceId)
systems.dmx.core.Topic	createUserAccount(systems.dmx.core.service.accesscontrol.Credentials cred) Creates an user account.
systems.dmx.core.Topic	createUsername(String username) Creates a Username topic and a private workspace.
long	getAdminWorkspaceId()
Collection<systems.dmx.core.Assoc>	getAssocsByCreator(String username)
Collection<systems.dmx.core.Assoc>	getAssocsByOwner(String username)
Set<String>	getAuthorizationMethods()
String	getCreator(long objectId) Returns the creator of a topic or an association.
String	getModifier(long objectId) Returns the modifier of a topic or an association.
systems.dmx.core.service.accesscontrol.Permissions	getPermissions(long objectId)
systems.dmx.core.Topic	getPrivateWorkspace() Returns the private workspace of the logged in user.
Collection<systems.dmx.core.Topic>	getTopicsByCreator(String username)
Collection<systems.dmx.core.Topic>	getTopicsByOwner(String username)
String	getUsername() Returns the username of the logged in user.
systems.dmx.core.Topic	getUsernameTopic() Returns the "Username" topic of the logged in user.
systems.dmx.core.Topic	getUsernameTopic(String username) Returns the "Username" topic for the specified username.
String	getWorkspaceOwner(long workspaceId) Returns the owner of a workspace.
boolean	isMember(String username, long workspaceId) Checks if a user is a member of the given workspace.
void	login() Checks whether the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session.
void	logout() Logs the user out.
void	registerAuthorizationMethod(String name, AuthorizationMethod am)
void	setWorkspaceOwner(systems.dmx.core.Topic workspace, String username) Sets the owner of a workspace.
void	unregisterAuthorizationMethod(String name)

Field Detail

ADMIN_USERNAME

static final String ADMIN_USERNAME

See Also:

Constant Field Values

ADMIN_INITIAL_PASSWORD

static final String ADMIN_INITIAL_PASSWORD

ADMIN_WORKSPACE_NAME

static final String ADMIN_WORKSPACE_NAME

See Also:

Constant Field Values

ADMIN_WORKSPACE_URI

static final String ADMIN_WORKSPACE_URI

See Also:

Constant Field Values

ADMIN_WORKSPACE_SHARING_MODE

static final systems.dmx.core.service.accesscontrol.SharingMode ADMIN_WORKSPACE_SHARING_MODE

SYSTEM_WORKSPACE_NAME

static final String SYSTEM_WORKSPACE_NAME

See Also:

Constant Field Values

SYSTEM_WORKSPACE_URI

static final String SYSTEM_WORKSPACE_URI

See Also:

Constant Field Values

SYSTEM_WORKSPACE_SHARING_MODE

static final systems.dmx.core.service.accesscontrol.SharingMode SYSTEM_WORKSPACE_SHARING_MODE

DEFAULT_PRIVATE_WORKSPACE_NAME

static final String DEFAULT_PRIVATE_WORKSPACE_NAME

See Also:

Constant Field Values

Method Detail

login

void login()

Checks whether the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session. ### FIXDOC

Parameters:

authHeader - the authorization string containing the credentials. ### FIXDOC Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the Base64 encoded form of "{username}:{password}".

logout

void logout()

Logs the user out. That is invalidating the session associated with the JSESSION ID cookie. For a "non-private" DM installation the response is 204 No Content. For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable when logged in.

getUsername

String getUsername()

Returns the username of the logged in user.

Returns:

The username, or null if no user is logged in.

getUsernameTopic

systems.dmx.core.Topic getUsernameTopic()

Returns the "Username" topic of the logged in user.

Returns:

The "Username" topic (type dmx.accesscontrol.username), or null if no user is logged in.

getPrivateWorkspace

systems.dmx.core.Topic getPrivateWorkspace()

Returns the private workspace of the logged in user.

Note: a user can have more than one private workspace. This method returns only the first one.

Returns:

The logged in user's private workspace (a topic of type "Workspace").

Throws:

IllegalStateException - if no user is logged in.

RuntimeException - if the logged in user has no private workspace.

checkAdmin

void checkAdmin()

Checks if the current user is a DMX admin and throws AccessControlException if not. Note: if invoked as "System" no AccessControlException is thrown.

Throws:

AccessControlException - if the current user is not a DMX admin.

createUserAccount

systems.dmx.core.Topic createUserAccount(systems.dmx.core.service.accesscontrol.Credentials cred)

Creates an user account. Only DMX admins are allowed to create user accounts.

Returns:

The "Username" topic of the created user account.

Throws:

RuntimeException - if the requesting user is not a DMX admin.

_createUserAccount

systems.dmx.core.Topic _createUserAccount(systems.dmx.core.service.accesscontrol.Credentials cred)
                                   throws Exception

Creates an user account. This is a privileged method: no permissions are checked.

Security: this method is not callable from outside as it has no REST interface. So the DMX platform is still secure. On the other hand, a 3rd-party plugin which provides a RESTful interface to this method is required to apply an additional authorization measure, e.g. a short-living access token sent via email.

Returns:

The "Username" topic of the created user account.

Throws:

Exception

createUsername

systems.dmx.core.Topic createUsername(String username)

Creates a Username topic and a private workspace. TODO: rename to createUsernameAndPrivateWorkspace?

Returns:

The created "Username" topic.

getUsernameTopic

systems.dmx.core.Topic getUsernameTopic(String username)

Returns the "Username" topic for the specified username.

Parameters:

username - a username. Must not be null.

Returns:

The "Username" topic (type dmx.accesscontrol.username), or null if no such username exists.

getWorkspaceOwner

String getWorkspaceOwner(long workspaceId)

Returns the owner of a workspace.

Returns:

The username of the owner, or null if no owner is set. ### TODO: should throw an exception instead of returning null

setWorkspaceOwner

void setWorkspaceOwner(systems.dmx.core.Topic workspace,
                       String username)

Sets the owner of a workspace. ### TODO: should take an ID instead a topic. ### Core service must be extended with a property setter.

createMembership

void createMembership(String username,
                      long workspaceId)

isMember

boolean isMember(String username,
                 long workspaceId)

Checks if a user is a member of the given workspace.

Parameters:

username - the user. If null is passed, false is returned. If an unknown username is passed an exception is thrown.

workspaceId - the workspace.

Returns:

true if the user is a member, false otherwise.

getAdminWorkspaceId

long getAdminWorkspaceId()

getPermissions

systems.dmx.core.service.accesscontrol.Permissions getPermissions(long objectId)

Parameters:

objectId - a topic ID, or an association ID.

Returns:

A Permissions object with one entry: dmx.accesscontrol.operation.write.

getCreator

String getCreator(long objectId)

Returns the creator of a topic or an association.

Returns:

The username of the creator, or null if no creator is set.

getModifier

String getModifier(long objectId)

Returns the modifier of a topic or an association.

Returns:

The username of the modifier, or null if no modifier is set.

getTopicsByCreator

Collection<systems.dmx.core.Topic> getTopicsByCreator(String username)

getTopicsByOwner

Collection<systems.dmx.core.Topic> getTopicsByOwner(String username)

getAssocsByCreator

Collection<systems.dmx.core.Assoc> getAssocsByCreator(String username)

getAssocsByOwner

Collection<systems.dmx.core.Assoc> getAssocsByOwner(String username)

getAuthorizationMethods

Set<String> getAuthorizationMethods()

registerAuthorizationMethod

void registerAuthorizationMethod(String name,
                                 AuthorizationMethod am)

unregisterAuthorizationMethod

void unregisterAuthorizationMethod(String name)