systems.dmx.accesscontrol

Interface AccessControlService

All Known Implementing Classes:

AccessControlPlugin

public interface AccessControlService

Field Summary

Fields

Modifier and Type	Field and Description
static String	ADMIN_INITIAL_PASSWORD
static String	ADMIN_USERNAME
static String	ADMIN_WORKSPACE_NAME
static systems.dmx.core.service.accesscontrol.SharingMode	ADMIN_WORKSPACE_SHARING_MODE
static String	ADMIN_WORKSPACE_URI
static String	DEFAULT_PRIVATE_WORKSPACE_NAME
static String	SYSTEM_WORKSPACE_NAME
static systems.dmx.core.service.accesscontrol.SharingMode	SYSTEM_WORKSPACE_SHARING_MODE
static String	SYSTEM_WORKSPACE_URI

Method Summary

Modifier and Type	Method and Description
systems.dmx.core.Topic	_createUserAccount(systems.dmx.core.service.accesscontrol.Credentials cred) Creates an user account.
List<systems.dmx.core.RelatedTopic>	bulkUpdateMemberships(long workspaceId, systems.dmx.core.util.IdList addUserIds, systems.dmx.core.util.IdList removeUserIds)
List<systems.dmx.core.RelatedTopic>	bulkUpdateMemberships(String username, systems.dmx.core.util.IdList addWorkspaceIds, systems.dmx.core.util.IdList removeWorkspaceIds)
void	checkAdmin() Checks if the current user is a DMX admin and throws AccessControlException if not.
void	createMembership(String username, long workspaceId) Makes the given user a member of the given workspace.
systems.dmx.core.Topic	createUserAccount(systems.dmx.core.service.accesscontrol.Credentials cred) Creates an user account.
systems.dmx.core.Topic	createUsername(String username) Creates a Username topic and a private workspace.
void	enrichWithOwnerInfo(systems.dmx.core.Topic workspace) Retrieves the OWNER and stores it in the given topic's model (under synthetic child type URI dmx.accesscontrol.owner).
void	enrichWithUserInfo(systems.dmx.core.DMXObject object) Retrieves the CREATOR/MODIFIER usernames and stores them in the given object's model (under synthetic child type URIs dmx.accesscontrol.creator and dmx.accesscontrol.modifier).
long	getAdminWorkspaceId()
Collection<systems.dmx.core.Assoc>	getAssocsByCreator(String username)
Collection<systems.dmx.core.Assoc>	getAssocsByOwner(String username)
Set<String>	getAuthorizationMethods() Returns the names of all authorization methods, as registered by registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod).
String	getCreator(long objectId) Returns the creator of a topic or an association.
systems.dmx.core.Assoc	getMembership(String username, long workspaceId)
List<systems.dmx.core.RelatedTopic>	getMemberships(long workspaceId) Returns the members of the given workspace.
List<systems.dmx.core.RelatedTopic>	getMemberships(String username) Returns the workspaces of the given user.
String	getModifier(long objectId) Returns the modifier of a topic or an association.
systems.dmx.core.service.accesscontrol.Permissions	getPermissions(long objectId)
systems.dmx.core.Topic	getPrivateWorkspace() Returns the private workspace of the logged in user.
Collection<systems.dmx.core.Topic>	getTopicsByCreator(String username)
Collection<systems.dmx.core.Topic>	getTopicsByOwner(String username)
String	getUsername() Returns the username of the logged in user.
systems.dmx.core.Topic	getUsernameTopic() Returns the "Username" topic of the logged in user.
systems.dmx.core.Topic	getUsernameTopic(String username) Returns the "Username" topic for the specified username (case-insensitive).
String	getWorkspaceOwner(long workspaceId) Returns the owner of a workspace.
boolean	isMember(String username, long workspaceId) Checks if a user is a member of the given workspace.
void	login() Checks whether the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session.
void	logout() Logs the user out.
void	registerAuthorizationMethod(String name, AuthorizationMethod am) Registers an authorization method under the given name, e.g.
void	setWorkspaceOwner(systems.dmx.core.Topic workspace, String username) Sets the owner of a workspace.
void	unregisterAuthorizationMethod(String name) Unregisters the authorization method that has been registered under the given name.

Field Detail

ADMIN_USERNAME

static final String ADMIN_USERNAME

See Also:

Constant Field Values

ADMIN_INITIAL_PASSWORD

static final String ADMIN_INITIAL_PASSWORD

ADMIN_WORKSPACE_NAME

static final String ADMIN_WORKSPACE_NAME

See Also:

Constant Field Values

ADMIN_WORKSPACE_URI

static final String ADMIN_WORKSPACE_URI

See Also:

Constant Field Values

ADMIN_WORKSPACE_SHARING_MODE

static final systems.dmx.core.service.accesscontrol.SharingMode ADMIN_WORKSPACE_SHARING_MODE

SYSTEM_WORKSPACE_NAME

static final String SYSTEM_WORKSPACE_NAME

See Also:

Constant Field Values

SYSTEM_WORKSPACE_URI

static final String SYSTEM_WORKSPACE_URI

See Also:

Constant Field Values

SYSTEM_WORKSPACE_SHARING_MODE

static final systems.dmx.core.service.accesscontrol.SharingMode SYSTEM_WORKSPACE_SHARING_MODE

DEFAULT_PRIVATE_WORKSPACE_NAME

static final String DEFAULT_PRIVATE_WORKSPACE_NAME

See Also:

Constant Field Values

Method Detail

login

void login()

Checks whether the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session. ### FIXDOC

Parameters:

authHeader - the authorization string containing the credentials. ### FIXDOC Formatted like a "Authorization" HTTP header value. That is, "Basic " appended by the Base64 encoded form of "{username}:{password}".

logout

void logout()

Logs the user out. That is invalidating the session associated with the JSESSION ID cookie. For a "non-private" DM installation the response is 204 No Content. For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable when logged in.

getUsername

String getUsername()

Returns the username of the logged in user.

Returns:

The username, or null if no user is logged in.

getUsernameTopic

systems.dmx.core.Topic getUsernameTopic()

Returns the "Username" topic of the logged in user.

Returns:

The "Username" topic (type dmx.accesscontrol.username), or null if no user is logged in.

getPrivateWorkspace

systems.dmx.core.Topic getPrivateWorkspace()

Returns the private workspace of the logged in user.

Note: a user can have more than one private workspace. This method returns only the first one.

Returns:

The logged in user's private workspace (a topic of type "Workspace").

Throws:

IllegalStateException - if no user is logged in.

RuntimeException - if the logged in user has no private workspace.

checkAdmin

void checkAdmin()

Checks if the current user is a DMX admin and throws AccessControlException if not. Note: if invoked as "System" no AccessControlException is thrown.

Throws:

AccessControlException - if the current user is not a DMX admin.

createUserAccount

systems.dmx.core.Topic createUserAccount(systems.dmx.core.service.accesscontrol.Credentials cred)

Creates an user account. Only DMX admins are allowed to create user accounts.

Returns:

The "Username" topic of the created user account.

Throws:

RuntimeException - if the requesting user is not a DMX admin.

_createUserAccount

systems.dmx.core.Topic _createUserAccount(systems.dmx.core.service.accesscontrol.Credentials cred)
                                   throws Exception

Creates an user account. This is a privileged method: no permissions are checked.

Security: this method is not callable from outside as it has no REST interface. So the DMX platform is still secure. On the other hand, a 3rd-party plugin which provides a RESTful interface to this method is required to apply an additional authorization measure, e.g. a short-living access token sent via email.

Returns:

The "Username" topic of the created user account.

Throws:

Exception

createUsername

systems.dmx.core.Topic createUsername(String username)

Creates a Username topic and a private workspace. TODO: rename to createUsernameAndPrivateWorkspace?

Returns:

The created "Username" topic.

getUsernameTopic

systems.dmx.core.Topic getUsernameTopic(String username)

Returns the "Username" topic for the specified username (case-insensitive).

Parameters:

username - a username. Must not be null.

Returns:

The "Username" topic (type dmx.accesscontrol.username), or null if no such username exists.

getWorkspaceOwner

String getWorkspaceOwner(long workspaceId)

Returns the owner of a workspace.

Returns:

The username of the owner, or null if no owner is set.

setWorkspaceOwner

void setWorkspaceOwner(systems.dmx.core.Topic workspace,
                       String username)

Sets the owner of a workspace. ### TODO: should take an ID instead a topic. ### Core service must be extended with a property setter.

enrichWithOwnerInfo

void enrichWithOwnerInfo(systems.dmx.core.Topic workspace)

Retrieves the OWNER and stores it in the given topic's model (under synthetic child type URI dmx.accesscontrol.owner).

getMemberships

List<systems.dmx.core.RelatedTopic> getMemberships(String username)

Returns the workspaces of the given user.

Returns:

a list of Workspace topics. The "relating" part is the Membership association.

getMemberships

List<systems.dmx.core.RelatedTopic> getMemberships(long workspaceId)

Returns the members of the given workspace.

Returns:

a list of Username topics. The "relating" part is the Membership association.

isMember

boolean isMember(String username,
                 long workspaceId)

Checks if a user is a member of the given workspace.

Parameters:

username - the user. If null is passed, false is returned. If an unknown username is passed an exception is thrown.

workspaceId - the workspace.

Returns:

true if the user is a member, false otherwise.

getMembership

systems.dmx.core.Assoc getMembership(String username,
                                     long workspaceId)

Returns:

the Membership assoc between the given username and workspace, or null if the user is not a member.

createMembership

void createMembership(String username,
                      long workspaceId)

Makes the given user a member of the given workspace.

bulkUpdateMemberships

List<systems.dmx.core.RelatedTopic> bulkUpdateMemberships(String username,
                                                          systems.dmx.core.util.IdList addWorkspaceIds,
                                                          systems.dmx.core.util.IdList removeWorkspaceIds)

Returns:

a list of Workspace topics. The "relating" part is the Membership association.

bulkUpdateMemberships

List<systems.dmx.core.RelatedTopic> bulkUpdateMemberships(long workspaceId,
                                                          systems.dmx.core.util.IdList addUserIds,
                                                          systems.dmx.core.util.IdList removeUserIds)

Returns:

a list of Username topics. The "relating" part is the Membership association.

getAdminWorkspaceId

long getAdminWorkspaceId()

getPermissions

systems.dmx.core.service.accesscontrol.Permissions getPermissions(long objectId)

Parameters:

objectId - a topic ID, or an association ID.

Returns:

A Permissions object with one entry: dmx.accesscontrol.operation.write.

getCreator

String getCreator(long objectId)

Returns the creator of a topic or an association.

Returns:

The username of the creator, or null if no creator is set.

getModifier

String getModifier(long objectId)

Returns the modifier of a topic or an association.

Returns:

The username of the modifier, or null if no modifier is set.

enrichWithUserInfo

void enrichWithUserInfo(systems.dmx.core.DMXObject object)

Retrieves the CREATOR/MODIFIER usernames and stores them in the given object's model (under synthetic child type URIs dmx.accesscontrol.creator and dmx.accesscontrol.modifier).

getTopicsByCreator

Collection<systems.dmx.core.Topic> getTopicsByCreator(String username)

getTopicsByOwner

Collection<systems.dmx.core.Topic> getTopicsByOwner(String username)

getAssocsByCreator

Collection<systems.dmx.core.Assoc> getAssocsByCreator(String username)

getAssocsByOwner

Collection<systems.dmx.core.Assoc> getAssocsByOwner(String username)

getAuthorizationMethods

Set<String> getAuthorizationMethods()

Returns the names of all authorization methods, as registered by registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod).

Returns:

the names of all registered authorization methods. Might be empty. Note: authorization method "BASIC" is not included. This one is not registered by registerAuthorizationMethod(java.lang.String, systems.dmx.accesscontrol.AuthorizationMethod), but is an integral part of the DMX platform.

registerAuthorizationMethod

void registerAuthorizationMethod(String name,
                                 AuthorizationMethod am)

Registers an authorization method under the given name, e.g. "LDAP".

Throws:

RuntimeException - if an authorization method is already registered under the given name.

unregisterAuthorizationMethod

void unregisterAuthorizationMethod(String name)

Unregisters the authorization method that has been registered under the given name. If no authorization method is registered under that name, nothing happens.