Class OSymmetricKeySecurity
java.lang.Object
com.orientechnologies.orient.core.security.symmetrickey.OSymmetricKeySecurity
- All Implemented Interfaces:
OSecurityInternal
Provides a symmetric key specific authentication. Implements an OSecurity interface that
delegates to the specified OSecurity object.
This is used with embedded (non-server) databases, like so: db.setProperty(ODatabase.OPTIONS.SECURITY.toString(), OSymmetricKeySecurity.class);
- Author:
- S. Colin Leister
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionallowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId) allowRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iRoleName) allowUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iUserName) authenticate(ODatabaseSession session, OToken authToken) authenticate(ODatabaseSession session, String username, String password) booleancanCreate(ODatabaseSession session, ORecord record) booleancanDelete(ODatabaseSession session, ORecord record) booleancanExecute(ODatabaseSession session, OFunction function) booleancanRead(ODatabaseSession session, ORecord record) booleancanUpdate(ODatabaseSession session, ORecord record) voidclose()create(ODatabaseSession session) voidcreateClassTrigger(ODatabaseSession session) createRole(ODatabaseSession session, String iRoleName, ORole iParent, OSecurityRole.ALLOW_MODES iAllowMode) createRole(ODatabaseSession session, String iRoleName, OSecurityRole.ALLOW_MODES iAllowMode) createSecurityPolicy(ODatabaseSession session, String name) creates and saves an empty security policycreateUser(ODatabaseSession session, String iUserName, String iUserPassword, ORole... iRoles) createUser(ODatabaseSession session, String iUserName, String iUserPassword, String... iRoles) voiddeleteSecurityPolicy(ODatabaseSession session, String name) denyRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iRoleName) denyUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iUserName) disallowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId) booleandropRole(ODatabaseSession session, String iRoleName) booleandropUser(ODatabaseSession session, String iUserName) returns the list of all the filtered properties (for any role defined in the db)getAllRoles(ODatabaseSession session) getAllUsers(ODatabaseSession session) getFilteredProperties(ODatabaseSession session, ODocument document) For property-level security.getRole(ODatabaseSession session, OIdentifiable iRole) getRole(ODatabaseSession session, String iRoleName) getSecurityPolicies(ODatabaseSession session, OSecurityRole role) getSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource) Returns the security policy policy assigned to a role for a specific resource (not recursive on superclasses, nor on role hierarchy)getSecurityPolicy(ODatabaseSession session, String name) getUser(ODatabaseSession session, ORID iUserId) getUser(ODatabaseSession session, String iUserName) longgetVersion(ODatabaseSession session) voidincrementVersion(ODatabaseSession session) booleanisAllowed(ODatabaseSession session, Set<OIdentifiable> iAllowAll, Set<OIdentifiable> iAllowOperation) booleanisAllowedWrite(ODatabaseSession session, ODocument document, String propertyName) For property-level securitybooleanisReadRestrictedBySecurityPolicy(ODatabaseSession session, String resource) checks if for current session a resource is restricted by security resources (ie.voidload(ODatabaseSession session) voidremoveSecurityPolicy(ODatabaseSession session, ORole role, String resource) Removes security policy bound to a role for a specific resourcevoidsaveSecurityPolicy(ODatabaseSession session, OSecurityPolicyImpl policy) securityAuthenticate(ODatabaseSession session, OAuthenticationInfo authenticationInfo) securityAuthenticate(ODatabaseSession session, String userName, String password) voidsetSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource, OSecurityPolicyImpl policy) Sets a security policy for a specific resource on a roletoString()
-
Constructor Details
-
OSymmetricKeySecurity
-
-
Method Details
-
securityAuthenticate
public OSecurityUser securityAuthenticate(ODatabaseSession session, String userName, String password) - Specified by:
securityAuthenticatein interfaceOSecurityInternal
-
authenticate
- Specified by:
authenticatein interfaceOSecurityInternal
-
isAllowed
public boolean isAllowed(ODatabaseSession session, Set<OIdentifiable> iAllowAll, Set<OIdentifiable> iAllowOperation) - Specified by:
isAllowedin interfaceOSecurityInternal
-
allowUser
public OIdentifiable allowUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iUserName) - Specified by:
allowUserin interfaceOSecurityInternal
-
allowRole
public OIdentifiable allowRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iRoleName) - Specified by:
allowRolein interfaceOSecurityInternal
-
denyUser
public OIdentifiable denyUser(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iUserName) - Specified by:
denyUserin interfaceOSecurityInternal
-
denyRole
public OIdentifiable denyRole(ODatabaseSession session, ODocument iDocument, ORestrictedOperation iOperationType, String iRoleName) - Specified by:
denyRolein interfaceOSecurityInternal
-
allowIdentity
public OIdentifiable allowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId) - Specified by:
allowIdentityin interfaceOSecurityInternal
-
disallowIdentity
public OIdentifiable disallowIdentity(ODatabaseSession session, ODocument iDocument, String iAllowFieldName, OIdentifiable iId) - Specified by:
disallowIdentityin interfaceOSecurityInternal
-
create
- Specified by:
createin interfaceOSecurityInternal
-
load
- Specified by:
loadin interfaceOSecurityInternal
-
authenticate
- Specified by:
authenticatein interfaceOSecurityInternal
-
getUser
- Specified by:
getUserin interfaceOSecurityInternal
-
getUser
- Specified by:
getUserin interfaceOSecurityInternal
-
createUser
public OUser createUser(ODatabaseSession session, String iUserName, String iUserPassword, String... iRoles) - Specified by:
createUserin interfaceOSecurityInternal
-
createUser
public OUser createUser(ODatabaseSession session, String iUserName, String iUserPassword, ORole... iRoles) - Specified by:
createUserin interfaceOSecurityInternal
-
getRole
- Specified by:
getRolein interfaceOSecurityInternal
-
getRole
- Specified by:
getRolein interfaceOSecurityInternal
-
createRole
public ORole createRole(ODatabaseSession session, String iRoleName, OSecurityRole.ALLOW_MODES iAllowMode) - Specified by:
createRolein interfaceOSecurityInternal
-
createRole
public ORole createRole(ODatabaseSession session, String iRoleName, ORole iParent, OSecurityRole.ALLOW_MODES iAllowMode) - Specified by:
createRolein interfaceOSecurityInternal
-
getAllUsers
- Specified by:
getAllUsersin interfaceOSecurityInternal
-
getAllRoles
- Specified by:
getAllRolesin interfaceOSecurityInternal
-
getSecurityPolicies
public Map<String,OSecurityPolicy> getSecurityPolicies(ODatabaseSession session, OSecurityRole role) - Specified by:
getSecurityPoliciesin interfaceOSecurityInternal
-
getSecurityPolicy
public OSecurityPolicy getSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource) Description copied from interface:OSecurityInternalReturns the security policy policy assigned to a role for a specific resource (not recursive on superclasses, nor on role hierarchy)- Specified by:
getSecurityPolicyin interfaceOSecurityInternal- Parameters:
session- an active DB sessionrole- the roleresource- the string representation of the security resource, eg. "database.class.Person"- Returns:
-
setSecurityPolicy
public void setSecurityPolicy(ODatabaseSession session, OSecurityRole role, String resource, OSecurityPolicyImpl policy) Description copied from interface:OSecurityInternalSets a security policy for a specific resource on a role- Specified by:
setSecurityPolicyin interfaceOSecurityInternal- Parameters:
session- a valid db session to perform the operation (that has permissions to do it)role- The roleresource- the string representation of the security resource, eg. "database.class.Person"policy- The security policy
-
createSecurityPolicy
Description copied from interface:OSecurityInternalcreates and saves an empty security policy- Specified by:
createSecurityPolicyin interfaceOSecurityInternal- Parameters:
session- the session to a DB where the policy has to be createdname- the policy name- Returns:
-
getSecurityPolicy
- Specified by:
getSecurityPolicyin interfaceOSecurityInternal
-
saveSecurityPolicy
- Specified by:
saveSecurityPolicyin interfaceOSecurityInternal
-
deleteSecurityPolicy
- Specified by:
deleteSecurityPolicyin interfaceOSecurityInternal
-
removeSecurityPolicy
Description copied from interface:OSecurityInternalRemoves security policy bound to a role for a specific resource- Specified by:
removeSecurityPolicyin interfaceOSecurityInternal- Parameters:
session- A valid db session to perform the operationrole- the roleresource- the string representation of the security resource, eg. "database.class.Person"
-
toString
-
dropUser
- Specified by:
dropUserin interfaceOSecurityInternal
-
dropRole
- Specified by:
dropRolein interfaceOSecurityInternal
-
createClassTrigger
- Specified by:
createClassTriggerin interfaceOSecurityInternal
-
getVersion
- Specified by:
getVersionin interfaceOSecurityInternal
-
incrementVersion
- Specified by:
incrementVersionin interfaceOSecurityInternal
-
getFilteredProperties
Description copied from interface:OSecurityInternalFor property-level security. Returns the list of the properties that are hidden (ie. not allowed to be read) for current session, regarding a specific document- Specified by:
getFilteredPropertiesin interfaceOSecurityInternal- Parameters:
session- the db sessiondocument- the document to filter- Returns:
- the list of the properties that are hidden (ie. not allowed to be read) on current document for current session
-
isAllowedWrite
Description copied from interface:OSecurityInternalFor property-level security- Specified by:
isAllowedWritein interfaceOSecurityInternaldocument- current document to check for proeprty-level securitypropertyName- the property to check for write access- Returns:
-
canCreate
- Specified by:
canCreatein interfaceOSecurityInternal
-
canRead
- Specified by:
canReadin interfaceOSecurityInternal
-
canUpdate
- Specified by:
canUpdatein interfaceOSecurityInternal
-
canDelete
- Specified by:
canDeletein interfaceOSecurityInternal
-
canExecute
- Specified by:
canExecutein interfaceOSecurityInternal
-
isReadRestrictedBySecurityPolicy
Description copied from interface:OSecurityInternalchecks if for current session a resource is restricted by security resources (ie. READ policies exist, with predicate different from "TRUE", to access the given resource- Specified by:
isReadRestrictedBySecurityPolicyin interfaceOSecurityInternal- Parameters:
session- The session to check for the existece of policiesresource- a resource string, eg. "database.class.Person"- Returns:
- true if a restriction of any type exists for this session and this resource. False otherwise
-
getAllFilteredProperties
Description copied from interface:OSecurityInternalreturns the list of all the filtered properties (for any role defined in the db)- Specified by:
getAllFilteredPropertiesin interfaceOSecurityInternal- Returns:
-
securityAuthenticate
public OSecurityUser securityAuthenticate(ODatabaseSession session, OAuthenticationInfo authenticationInfo) - Specified by:
securityAuthenticatein interfaceOSecurityInternal
-
close
public void close()- Specified by:
closein interfaceOSecurityInternal
-