com.orientechnologies.orient.core.metadata.security

Class OSecurityShared

java.lang.Object

com.orientechnologies.orient.core.metadata.security.OSecurityShared

All Implemented Interfaces:

OCloseable, OSecurity

Direct Known Subclasses:

OSecurityExternal

public class OSecurityShared
extends Object
implements OSecurity, OCloseable

Shared security class. It's shared by all the database instances that point to the same storage.

Author:

Luca Garulli (l.garulli--(at)--orientdb.com)

Field Summary

Fields

Modifier and Type	Field and Description
static String	ALLOW_ALL_FIELD Deprecated.
static String	ALLOW_DELETE_FIELD Deprecated.
static Set<String>	ALLOW_FIELDS
static String	ALLOW_READ_FIELD Deprecated.
static String	ALLOW_UPDATE_FIELD Deprecated.
static String	IDENTITY_CLASSNAME
static String	ONCREATE_FIELD
static String	ONCREATE_IDENTITY_TYPE
static String	RESTRICTED_CLASSNAME

Constructor Summary

Constructors

Constructor and Description
OSecurityShared()

Method Summary

Modifier and Type	Method and Description
OIdentifiable	allowIdentity(ODocument iDocument, String iAllowFieldName, OIdentifiable iId) Uses the version with ENUM instead.
OIdentifiable	allowRole(ODocument iDocument, ORestrictedOperation iOperation, String iRoleName) Record level security: allows a role to access to a record.
OIdentifiable	allowRole(ODocument iDocument, String iAllowFieldName, String iRoleName) Uses the version with ENUM instead.
OIdentifiable	allowUser(ODocument iDocument, ORestrictedOperation iOperation, String iUserName) Record level security: allows a user to access to a record.
OIdentifiable	allowUser(ODocument iDocument, String iAllowFieldName, String iUserName) Uses the version with ENUM instead.
OUser	authenticate(OToken authToken)
OUser	authenticate(String iUserName, String iUserPassword)
void	close() Closes resources inside of call of OStorage#close().
void	close(boolean onDelete)
OUser	create()
void	createClassTrigger()
OUser	createMetadata() Repairs the security structure if broken by creating the ADMIN role and user with default password.
ORole	createRole(String iRoleName, ORole iParent, OSecurityRole.ALLOW_MODES iAllowMode)
ORole	createRole(String iRoleName, OSecurityRole.ALLOW_MODES iAllowMode)
OUser	createUser(String userName, String userPassword, ORole... roles)
OUser	createUser(String iUserName, String iUserPassword, String... iRoles)
OIdentifiable	denyRole(ODocument iDocument, ORestrictedOperation iOperation, String iRoleName) Record level security: deny a role to access to a record.
OIdentifiable	denyUser(ODocument iDocument, ORestrictedOperation iOperation, String iUserName) Record level security: deny a user to access to a record.
OIdentifiable	disallowIdentity(ODocument iDocument, String iAllowFieldName, OIdentifiable iId) Uses the version with ENUM instead.
OIdentifiable	disallowRole(ODocument iDocument, String iAllowFieldName, String iRoleName) Uses the version with ENUM instead.
OIdentifiable	disallowUser(ODocument iDocument, String iAllowFieldName, String iUserName) Uses the version with ENUM instead.
boolean	dropRole(String iRoleName)
boolean	dropUser(String iUserName)
List<ODocument>	getAllRoles()
List<ODocument>	getAllUsers()
protected ODatabaseDocumentInternal	getDatabase()
ORole	getRole(OIdentifiable iRole)
ORole	getRole(String iRoleName)
ORID	getRoleRID(String iRoleName)
OSecurity	getUnderlying()
OUser	getUser(ORID iRecordId)
OUser	getUser(String iUserName)
ORID	getUserRID(String iUserName)
long	getVersion()
void	incrementVersion()
boolean	isAllowed(Set<OIdentifiable> iAllowAll, Set<OIdentifiable> iAllowOperation)
void	load()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RESTRICTED_CLASSNAME

public static final String RESTRICTED_CLASSNAME

See Also:

Constant Field Values

IDENTITY_CLASSNAME

public static final String IDENTITY_CLASSNAME

See Also:

Constant Field Values

ALLOW_ALL_FIELD

@Deprecated
public static final String ALLOW_ALL_FIELD

Deprecated.

Uses the ORestrictedOperation ENUM instead.

ALLOW_READ_FIELD

@Deprecated
public static final String ALLOW_READ_FIELD

Deprecated.

Uses the ORestrictedOperation ENUM instead.

ALLOW_UPDATE_FIELD

@Deprecated
public static final String ALLOW_UPDATE_FIELD

Deprecated.

Uses the ORestrictedOperation ENUM instead.

ALLOW_DELETE_FIELD

@Deprecated
public static final String ALLOW_DELETE_FIELD

Deprecated.

Uses the ORestrictedOperation ENUM instead.

ONCREATE_IDENTITY_TYPE

public static final String ONCREATE_IDENTITY_TYPE

See Also:

Constant Field Values

ONCREATE_FIELD

public static final String ONCREATE_FIELD

See Also:

Constant Field Values

ALLOW_FIELDS

public static final Set<String> ALLOW_FIELDS

Constructor Detail

OSecurityShared

public OSecurityShared()

Method Detail

allowRole

public OIdentifiable allowRole(ODocument iDocument,
                               ORestrictedOperation iOperation,
                               String iRoleName)

Description copied from interface: OSecurity

Record level security: allows a role to access to a record.

Specified by:

allowRole in interface OSecurity

Parameters:

iDocument - ODocument instance to give access

iOperation - Operation type to use based on the permission to allow:

• ALLOW_ALL, to provide full access (RUD)
• ALLOW_READ, to provide read access
• ALLOW_UPDATE, to provide update access
• ALLOW_DELETE, to provide delete access

iRoleName - Role name to provide the access

Returns:

The OIdentity instance allowed

allowUser

public OIdentifiable allowUser(ODocument iDocument,
                               ORestrictedOperation iOperation,
                               String iUserName)

Description copied from interface: OSecurity

Record level security: allows a user to access to a record.

Specified by:

allowUser in interface OSecurity

Parameters:

iDocument - ODocument instance to give access

iOperation - Operation type to use based on the permission to allow:

• ALLOW_ALL, to provide full access (RUD)
• ALLOW_READ, to provide read access
• ALLOW_UPDATE, to provide update access
• ALLOW_DELETE, to provide delete access

iUserName - User name to provide the access

Returns:

The OIdentity instance allowed

allowUser

public OIdentifiable allowUser(ODocument iDocument,
                               String iAllowFieldName,
                               String iUserName)

Description copied from interface: OSecurity

Uses the version with ENUM instead.

Specified by:

allowUser in interface OSecurity

allowRole

public OIdentifiable allowRole(ODocument iDocument,
                               String iAllowFieldName,
                               String iRoleName)

Description copied from interface: OSecurity

Uses the version with ENUM instead.

Specified by:

allowRole in interface OSecurity

allowIdentity

public OIdentifiable allowIdentity(ODocument iDocument,
                                   String iAllowFieldName,
                                   OIdentifiable iId)

Description copied from interface: OSecurity

Uses the version with ENUM instead.

Specified by:

allowIdentity in interface OSecurity

denyUser

public OIdentifiable denyUser(ODocument iDocument,
                              ORestrictedOperation iOperation,
                              String iUserName)

Description copied from interface: OSecurity

Record level security: deny a user to access to a record.

Specified by:

denyUser in interface OSecurity

Parameters:

iDocument - ODocument instance to give access

iOperation - Operation type to use based on the permission to deny:

• ALLOW_ALL, to provide full access (RUD)
• ALLOW_READ, to provide read access
• ALLOW_UPDATE, to provide update access
• ALLOW_DELETE, to provide delete access

iUserName - User name to deny the access

Returns:

The OIdentity instance denied

denyRole

public OIdentifiable denyRole(ODocument iDocument,
                              ORestrictedOperation iOperation,
                              String iRoleName)

Description copied from interface: OSecurity

Record level security: deny a role to access to a record.

Specified by:

denyRole in interface OSecurity

Parameters:

iDocument - ODocument instance to give access

iOperation - Operation type to use based on the permission to deny:

• ALLOW_ALL, to provide full access (RUD)
• ALLOW_READ, to provide read access
• ALLOW_UPDATE, to provide update access
• ALLOW_DELETE, to provide delete access

iRoleName - Role name to deny the access

Returns:

The OIdentity instance denied

disallowUser

public OIdentifiable disallowUser(ODocument iDocument,
                                  String iAllowFieldName,
                                  String iUserName)

Description copied from interface: OSecurity

Uses the version with ENUM instead.

Specified by:

disallowUser in interface OSecurity

disallowRole

public OIdentifiable disallowRole(ODocument iDocument,
                                  String iAllowFieldName,
                                  String iRoleName)

Description copied from interface: OSecurity

Uses the version with ENUM instead.

Specified by:

disallowRole in interface OSecurity

disallowIdentity

public OIdentifiable disallowIdentity(ODocument iDocument,
                                      String iAllowFieldName,
                                      OIdentifiable iId)

Description copied from interface: OSecurity

Uses the version with ENUM instead.

Specified by:

disallowIdentity in interface OSecurity

isAllowed

public boolean isAllowed(Set<OIdentifiable> iAllowAll,
                         Set<OIdentifiable> iAllowOperation)

Specified by:

isAllowed in interface OSecurity

authenticate

public OUser authenticate(String iUserName,
                          String iUserPassword)

Specified by:

authenticate in interface OSecurity

authenticate

public OUser authenticate(OToken authToken)

Specified by:

authenticate in interface OSecurity

getUser

public OUser getUser(ORID iRecordId)

Specified by:

getUser in interface OSecurity

createUser

public OUser createUser(String iUserName,
                        String iUserPassword,
                        String... iRoles)

Specified by:

createUser in interface OSecurity

createUser

public OUser createUser(String userName,
                        String userPassword,
                        ORole... roles)

Specified by:

createUser in interface OSecurity

dropUser

public boolean dropUser(String iUserName)

Specified by:

dropUser in interface OSecurity

getRole

public ORole getRole(OIdentifiable iRole)

Specified by:

getRole in interface OSecurity

getRole

public ORole getRole(String iRoleName)

Specified by:

getRole in interface OSecurity

getRoleRID

public ORID getRoleRID(String iRoleName)

createRole

public ORole createRole(String iRoleName,
                        OSecurityRole.ALLOW_MODES iAllowMode)

Specified by:

createRole in interface OSecurity

createRole

public ORole createRole(String iRoleName,
                        ORole iParent,
                        OSecurityRole.ALLOW_MODES iAllowMode)

Specified by:

createRole in interface OSecurity

dropRole

public boolean dropRole(String iRoleName)

Specified by:

dropRole in interface OSecurity

getAllUsers

public List<ODocument> getAllUsers()

Specified by:

getAllUsers in interface OSecurity

getAllRoles

public List<ODocument> getAllRoles()

Specified by:

getAllRoles in interface OSecurity

create

public OUser create()

Specified by:

create in interface OSecurity

createMetadata

public OUser createMetadata()

Repairs the security structure if broken by creating the ADMIN role and user with default password.

Returns:

close

public void close()

Description copied from interface: OCloseable

Closes resources inside of call of OStorage#close(). So do not use locks when you call this method or you may have deadlock during storage close. This method is completely house keeping method and plays role of Object#finalize() in case of you need to clean up resources after storage is closed.

Specified by:

close in interface OCloseable

close

public void close(boolean onDelete)

Specified by:

close in interface OSecurity

load

public void load()

Specified by:

load in interface OSecurity

createClassTrigger

public void createClassTrigger()

Specified by:

createClassTrigger in interface OSecurity

getUnderlying

public OSecurity getUnderlying()

Specified by:

getUnderlying in interface OSecurity

getUser

public OUser getUser(String iUserName)

Specified by:

getUser in interface OSecurity

getUserRID

public ORID getUserRID(String iUserName)

getVersion

public long getVersion()

Specified by:

getVersion in interface OSecurity

incrementVersion

public void incrementVersion()

Specified by:

incrementVersion in interface OSecurity

getDatabase

protected ODatabaseDocumentInternal getDatabase()