Class OSecurityRemote
java.lang.Object
com.orientechnologies.orient.client.remote.metadata.security.OSecurityRemote
- All Implemented Interfaces:
OSecurityInternal
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionallowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId) allowRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperation, String iRoleName) allowUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperation, String iUserName) authenticate(ODatabaseSession session, OToken authToken) authenticate(ODatabaseSession session, String iUsername, String iUserPassword) booleancanCreate(ODatabaseSession session, ORecord record) booleancanDelete(ODatabaseSession session, ORecord record) booleancanExecute(ODatabaseSession session, OFunction function) booleancanRead(ODatabaseSession session, ORecord record) booleancanUpdate(ODatabaseSession session, ORecord record) voidclose()create(ODatabaseSession session) voidcreateClassTrigger(ODatabaseSession session) createRole(ODatabaseSession session, String iRoleName, ORole iParent, OSecurityRole.ALLOW_MODES iAllowMode) createRole(ODatabaseSession session, String iRoleName, OSecurityRole.ALLOW_MODES iAllowMode) createSecurityPolicy(ODatabaseSession session, String name) creates and saves an empty security policycreateUser(ODatabaseSession session, String userName, String userPassword, ORole[] roles) createUser(ODatabaseSession session, String iUserName, String iUserPassword, String[] iRoles) voiddeleteSecurityPolicy(ODatabaseSession session, String name) denyRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperation, String iRoleName) denyUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperation, String iUserName) disallowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId) booleandropRole(ODatabaseSession session, String iRoleName) booleandropUser(ODatabaseSession session, String iUserName) returns the list of all the filtered properties (for any role defined in the db)getAllRoles(ODatabaseSession session) getAllUsers(ODatabaseSession session) getFilteredProperties(ODatabaseSession session, ODocument document) For property-level security.getRole(ODatabaseSession session, OIdentifiable iRole) getRole(ODatabaseSession session, String iRoleName) getRoleRID(ODatabaseSession session, String iRoleName) getSecurityPolicies(ODatabaseSession session, OSecurityRole role) getSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource) Returns the security policy policy assigned to a role for a specific resource (not recursive on superclasses, nor on role hierarchy)getSecurityPolicy(ODatabaseSession session, String name) getUser(ODatabaseSession session, ORID iRecordId) getUser(ODatabaseSession session, String iUserName) getUserRID(ODatabaseSession session, String userName) longgetVersion(ODatabaseSession session) voidincrementVersion(ODatabaseSession session) booleanisAllowed(ODatabaseSession session, Set<OIdentifiable> iAllowAll, Set<OIdentifiable> iAllowOperation) booleanisAllowedWrite(ODatabaseSession session, ODocument document, String propertyName) For property-level securitybooleanisReadRestrictedBySecurityPolicy(ODatabaseSession session, String resource) checks if for current session a resource is restricted by security resources (ie.voidload(ODatabaseSession session) voidremoveSecurityPolicy(ODatabaseSession session, ORole role, String resource) Removes security policy bound to a role for a specific resourcevoidsaveSecurityPolicy(ODatabaseSession session, OSecurityPolicyImpl policy) securityAuthenticate(ODatabaseSession session, OAuthenticationInfo authenticationInfo) securityAuthenticate(ODatabaseSession session, String userName, String password) voidsetSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource, OSecurityPolicyImpl policy) Sets a security policy for a specific resource on a role
-
Constructor Details
-
OSecurityRemote
public OSecurityRemote()
-
-
Method Details
-
isAllowed
public boolean isAllowed(ODatabaseSession session, Set<OIdentifiable> iAllowAll, Set<OIdentifiable> iAllowOperation) - Specified by:
isAllowedin interfaceOSecurityInternal
-
allowRole
public OIdentifiable allowRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperation, String iRoleName) - Specified by:
allowRolein interfaceOSecurityInternal
-
allowUser
public OIdentifiable allowUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperation, String iUserName) - Specified by:
allowUserin interfaceOSecurityInternal
-
denyUser
public OIdentifiable denyUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperation, String iUserName) - Specified by:
denyUserin interfaceOSecurityInternal
-
denyRole
public OIdentifiable denyRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperation, String iRoleName) - Specified by:
denyRolein interfaceOSecurityInternal
-
allowIdentity
public OIdentifiable allowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId) - Specified by:
allowIdentityin interfaceOSecurityInternal
-
getRoleRID
-
getUserRID
-
disallowIdentity
public OIdentifiable disallowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId) - Specified by:
disallowIdentityin interfaceOSecurityInternal
-
authenticate
- Specified by:
authenticatein interfaceOSecurityInternal
-
createUser
public OUser createUser(ODatabaseSession session, String iUserName, String iUserPassword, String[] iRoles) - Specified by:
createUserin interfaceOSecurityInternal
-
createUser
public OUser createUser(ODatabaseSession session, String userName, String userPassword, ORole[] roles) - Specified by:
createUserin interfaceOSecurityInternal
-
authenticate
- Specified by:
authenticatein interfaceOSecurityInternal
-
createRole
public ORole createRole(ODatabaseSession session, String iRoleName, OSecurityRole.ALLOW_MODES iAllowMode) - Specified by:
createRolein interfaceOSecurityInternal
-
createRole
public ORole createRole(ODatabaseSession session, String iRoleName, ORole iParent, OSecurityRole.ALLOW_MODES iAllowMode) - Specified by:
createRolein interfaceOSecurityInternal
-
getUser
- Specified by:
getUserin interfaceOSecurityInternal
-
getUser
- Specified by:
getUserin interfaceOSecurityInternal
-
getRole
- Specified by:
getRolein interfaceOSecurityInternal
-
getRole
- Specified by:
getRolein interfaceOSecurityInternal
-
getAllUsers
- Specified by:
getAllUsersin interfaceOSecurityInternal
-
getAllRoles
- Specified by:
getAllRolesin interfaceOSecurityInternal
-
getSecurityPolicies
public Map<String,OSecurityPolicy> getSecurityPolicies(ODatabaseSession session, OSecurityRole role) - Specified by:
getSecurityPoliciesin interfaceOSecurityInternal
-
getSecurityPolicy
public OSecurityPolicy getSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource) Description copied from interface:OSecurityInternalReturns the security policy policy assigned to a role for a specific resource (not recursive on superclasses, nor on role hierarchy)- Specified by:
getSecurityPolicyin interfaceOSecurityInternal- Parameters:
session- an active DB sessionrole- the roleresource- the string representation of the security resource, eg. "database.class.Person"- Returns:
-
setSecurityPolicy
public void setSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource, OSecurityPolicyImpl policy) Description copied from interface:OSecurityInternalSets a security policy for a specific resource on a role- Specified by:
setSecurityPolicyin interfaceOSecurityInternal- Parameters:
session- a valid db session to perform the operation (that has permissions to do it)role- The roleresource- the string representation of the security resource, eg. "database.class.Person"policy- The security policy
-
createSecurityPolicy
Description copied from interface:OSecurityInternalcreates and saves an empty security policy- Specified by:
createSecurityPolicyin interfaceOSecurityInternal- Parameters:
session- the session to a DB where the policy has to be createdname- the policy name- Returns:
-
getSecurityPolicy
- Specified by:
getSecurityPolicyin interfaceOSecurityInternal
-
saveSecurityPolicy
- Specified by:
saveSecurityPolicyin interfaceOSecurityInternal
-
deleteSecurityPolicy
- Specified by:
deleteSecurityPolicyin interfaceOSecurityInternal
-
removeSecurityPolicy
Description copied from interface:OSecurityInternalRemoves security policy bound to a role for a specific resource- Specified by:
removeSecurityPolicyin interfaceOSecurityInternal- Parameters:
session- A valid db session to perform the operationrole- the roleresource- the string representation of the security resource, eg. "database.class.Person"
-
dropUser
- Specified by:
dropUserin interfaceOSecurityInternal
-
dropRole
- Specified by:
dropRolein interfaceOSecurityInternal
-
createClassTrigger
- Specified by:
createClassTriggerin interfaceOSecurityInternal
-
getVersion
- Specified by:
getVersionin interfaceOSecurityInternal
-
incrementVersion
- Specified by:
incrementVersionin interfaceOSecurityInternal
-
create
- Specified by:
createin interfaceOSecurityInternal
-
load
- Specified by:
loadin interfaceOSecurityInternal
-
close
public void close()- Specified by:
closein interfaceOSecurityInternal
-
getFilteredProperties
Description copied from interface:OSecurityInternalFor property-level security. Returns the list of the properties that are hidden (ie. not allowed to be read) for current session, regarding a specific document- Specified by:
getFilteredPropertiesin interfaceOSecurityInternal- Parameters:
session- the db sessiondocument- the document to filter- Returns:
- the list of the properties that are hidden (ie. not allowed to be read) on current document for current session
-
isAllowedWrite
Description copied from interface:OSecurityInternalFor property-level security- Specified by:
isAllowedWritein interfaceOSecurityInternaldocument- current document to check for proeprty-level securitypropertyName- the property to check for write access- Returns:
-
canCreate
- Specified by:
canCreatein interfaceOSecurityInternal
-
canRead
- Specified by:
canReadin interfaceOSecurityInternal
-
canUpdate
- Specified by:
canUpdatein interfaceOSecurityInternal
-
canDelete
- Specified by:
canDeletein interfaceOSecurityInternal
-
canExecute
- Specified by:
canExecutein interfaceOSecurityInternal
-
isReadRestrictedBySecurityPolicy
Description copied from interface:OSecurityInternalchecks if for current session a resource is restricted by security resources (ie. READ policies exist, with predicate different from "TRUE", to access the given resource- Specified by:
isReadRestrictedBySecurityPolicyin interfaceOSecurityInternal- Parameters:
session- The session to check for the existece of policiesresource- a resource string, eg. "database.class.Person"- Returns:
- true if a restriction of any type exists for this session and this resource. False otherwise
-
getAllFilteredProperties
Description copied from interface:OSecurityInternalreturns the list of all the filtered properties (for any role defined in the db)- Specified by:
getAllFilteredPropertiesin interfaceOSecurityInternal- Returns:
-
securityAuthenticate
public OSecurityUser securityAuthenticate(ODatabaseSession session, String userName, String password) - Specified by:
securityAuthenticatein interfaceOSecurityInternal
-
securityAuthenticate
public OSecurityUser securityAuthenticate(ODatabaseSession session, OAuthenticationInfo authenticationInfo) - Specified by:
securityAuthenticatein interfaceOSecurityInternal
-