oracle.ifs.server

Class AccessControlListResolver

java.lang.Object

oracle.ifs.server.AccessControlListResolver

All Implemented Interfaces:

LooselyBoundedCacheable

Direct Known Subclasses:

TieAccessControlListResolver

public class AccessControlListResolver
extends Object
implements LooselyBoundedCacheable

AccessControlListResolver is used to resolve access levels for an ACL server-side.

Version:

1.0

Author:

Dave Long

(Unpublished)

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	AccessControlListResolver.AccessControlEntryData Struct class that holds relevant ACE data.
protected class	AccessControlListResolver.AccessEntry Inner class for managing Access entries per user for non-conforming ACLs.
protected class	AccessControlListResolver.NonconformingResolution Models a non-conforming resolution.
protected class	AccessControlListResolver.Resolution
protected class	AccessControlListResolver.ResolutionAccessKey Models the resolution of an Access key.
protected class	AccessControlListResolver.ResolutionGranteeEntry Model the resolution of a grantee.

Field Summary

Fields

Modifier and Type	Field and Description
protected AccessControlListResolver.AccessControlEntryData[]	m_AceDatas The set of ACE info objects representing the AccessControlEntry objects for this ACL.
protected Long	m_AclId The ACL Id.
protected boolean	m_IsResolved Is the instance fully resolved?
protected AccessControlListResolver.Resolution	m_Resolution The resolution data struction for this instance.
protected S_LibraryService	m_Service The Service.
static long	MAX_ACCESS_COMBINATION_COUNT Max count for each recursion will be used to determine conformance.

Constructor Summary

Constructors

Constructor and Description
AccessControlListResolver(S_LibraryService service, Long id) Constructs a AccessControlListResolver

Method Summary

Modifier and Type	Method and Description
void	added(Object id) Called when an instance is added to the cache.
protected static AccessLevel	addLevels(AccessLevel level, AccessLevel grantedLevel, S_LibrarySession sess) Adds two access levels.
boolean	canPurge() Gets whether the item can be purged from the the BoundedCache.
protected static AccessLevel	checkForNullAccessLevel(AccessLevel level) Checks to see if the specified AccessLevel is equivalent to a null AccessLevel (i.e. has no permissions); if so, return null.
protected void	ensureAces(S_LibrarySession sess) Make sure we have the ACE data resolved.
void	forceResolution(S_LibrarySession session) Force resolution of this instance.
protected Long[]	getAccessControlEntryIds(S_LibrarySession session) Gets the S_LibraryObjectData vector that contains the AccessControlEntrys.
protected S_AccessControlEntry[]	getAccessControlEntrys(S_LibrarySession session) Gets the ACE objects.
protected AccessLevel	getAccessLevel(S_LibrarySession session, Long userid) Checks access that a specified user has.
protected AccessLevel	getAccessLevel(S_LibrarySession session, Long userid, boolean clone, boolean useAccessCheckMode) Checks access that a specified user has.
protected static AccessLevel	getAccessLevelFromAceSet(S_LibrarySession sess, AccessControlListResolver.AccessControlEntryData[] aceDatas, boolean[] aceIncluded) Compute the AccessLevel from a set of ACEs that are "included" in consideration.
protected S_AccessControlList	getAcl(S_LibrarySession sess) Gets the ACL.
protected Long[]	getComponentAclIds(S_LibrarySession sess) Gets the component ACL IDs.
protected S_AccessControlList[]	getComponentAcls(S_LibrarySession sess) Gets the component ACLs.
protected S_DirectoryObject	getGrantee(S_LibraryObjectData aceData, S_LibrarySession sess) Gets the DirectoryObject which is the grantee of the specified ACE data object.
protected Long	getId() Gets the ACL Id.
protected boolean	getIsGrant(S_LibraryObjectData aceData, S_LibrarySession sess) Checks whether the specified ACE represents a grant or a revoke
protected Object[]	getLevelInfoFromData(S_LibraryObjectData aceData, S_LibrarySession sess) Gets the information that represents the access associated with with the acedata.
protected AccessControlListResolver.NonconformingResolution	getNonconformingResolution(S_LibrarySession sess) Resolves this nonconforming instance for the purpose of being able to update the ACLD tables
protected boolean	hasDiscoverAccess(S_LibrarySession session, Long userid) Checks if a user has discover access for this ACL.
protected boolean	isDependentOnPermissionBundle(Long id) Returns indication as to whether the current resolution is dependent on the specified PermissionBundle ID.
protected void	processResolutionGranteeEntry(S_LibrarySession sess, AccessControlListResolver.AccessControlEntryData[] aceDatas, boolean[] aceIncluded, AccessControlListResolver.ResolutionGranteeEntry[] rges, boolean[] rgeIncluded, int rgeIndex, boolean userIncluded, String keyPrefix, ConcurrentHashMap ht) Recursively build up the set of ResolutionGranteeEntries and the associated access ConcurrentHashMap.
void	removed(Object id) Called when an instance is removed to the cache.
protected void	resolve(S_LibrarySession sess) Resolve this instance.
protected static AccessLevel	subtractLevels(AccessLevel level, AccessLevel grantedLevel, S_LibrarySession sess) Subtracts two access levels (standard permissions only).
protected void	updateAclDiscovererTable(S_LibrarySession sess) Update, insert, or delete rows from ACL DiscovererTable to reflect the list of discoverers.
protected void	updateAclDiscovererTableForComponentAcls(S_LibrarySession sess) Update, insert, or delete rows from ACL DiscovererTable to reflect the list of discoverers for this ACL's set of component ACLs (i.e. if this ACL is a composite ACL).
protected void	updateAclDiscovererTableForConformingAcl(S_LibrarySession sess) Update, insert, or delete rows from ACL DiscovererTable to reflect the list of discoverers for a conforming ACL.
protected void	updateAclDiscovererTableForNonconformingAcl(S_LibrarySession sess) Update, insert, or delete rows from ACL DiscovererTable to reflect the list of discoverers for a non-conforming ACL

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MAX_ACCESS_COMBINATION_COUNT

public static long MAX_ACCESS_COMBINATION_COUNT

Max count for each recursion will be used to determine conformance.

m_AclId

protected Long m_AclId

The ACL Id.

m_Service

protected S_LibraryService m_Service

The Service.

m_IsResolved

protected boolean m_IsResolved

Is the instance fully resolved?

m_AceDatas

protected AccessControlListResolver.AccessControlEntryData[] m_AceDatas

The set of ACE info objects representing the AccessControlEntry objects for this ACL.

m_Resolution

protected AccessControlListResolver.Resolution m_Resolution

The resolution data struction for this instance. Not expected to be non-null if m_IsResolved is false.

Constructor Detail

AccessControlListResolver

public AccessControlListResolver(S_LibraryService service,
                                 Long id)
                          throws IfsException

Constructs a AccessControlListResolver

Parameters:

service - the service

id - the ACL Id

Throws:

IfsException - if the operation fails

Method Detail

canPurge

public boolean canPurge()
                 throws IfsException

Gets whether the item can be purged from the the BoundedCache.

The caller of this method indicates a desire to purge the object. The implementation should treat this as a purge request, but can return false if the item should not be purged.

Specified by:

canPurge in interface LooselyBoundedCacheable

Returns:

whether the item can be purged.

Throws:

IfsException - if operation fails.

added

public void added(Object id)

Called when an instance is added to the cache.

Specified by:

added in interface LooselyBoundedCacheable

Parameters:

id - the id used for this entry in the cache

removed

public void removed(Object id)

Called when an instance is removed to the cache.

Specified by:

removed in interface LooselyBoundedCacheable

Parameters:

id - the id used for this entry in the cache

getId

protected Long getId()
              throws IfsException

Gets the ACL Id.

Returns:

the object's Id.

Throws:

IfsException - if the operation fails

getAccessControlEntryIds

protected Long[] getAccessControlEntryIds(S_LibrarySession session)
                                   throws IfsException

Gets the S_LibraryObjectData vector that contains the AccessControlEntrys.

Parameters:

session - the session

Returns:

vector of S_LibraryObjectData

Throws:

IfsException - if the operation fails

getAccessControlEntrys

protected S_AccessControlEntry[] getAccessControlEntrys(S_LibrarySession session)
                                                 throws IfsException

Gets the ACE objects.

Parameters:

session - the session

Returns:

array of ACE objects

Throws:

IfsException - if the operation fails

isDependentOnPermissionBundle

protected boolean isDependentOnPermissionBundle(Long id)
                                         throws IfsException

Returns indication as to whether the current resolution is dependent on the specified PermissionBundle ID.

Returns false if not already resolved.

Parameters:

id - the PermissionBundle ID

Returns:

true if the ACL depends on the specified PermissionBundle ID; false otherwise

Throws:

IfsException - if the operation fails

forceResolution

public void forceResolution(S_LibrarySession session)
                     throws IfsException

Force resolution of this instance.

Parameters:

session - the session

Throws:

IfsException - if the operation fails

ensureAces

protected void ensureAces(S_LibrarySession sess)
                   throws IfsException

Make sure we have the ACE data resolved.

Parameters:

sess - the session

Throws:

IfsException - if the operation fails

resolve

protected void resolve(S_LibrarySession sess)
                throws IfsException

Resolve this instance.

Parameters:

sess - the session

Throws:

IfsException - if the operation fails

processResolutionGranteeEntry

protected void processResolutionGranteeEntry(S_LibrarySession sess,
                                             AccessControlListResolver.AccessControlEntryData[] aceDatas,
                                             boolean[] aceIncluded,
                                             AccessControlListResolver.ResolutionGranteeEntry[] rges,
                                             boolean[] rgeIncluded,
                                             int rgeIndex,
                                             boolean userIncluded,
                                             String keyPrefix,
                                             ConcurrentHashMap ht)
                                      throws IfsException

Recursively build up the set of ResolutionGranteeEntries and the associated access ConcurrentHashMap.

Parameters:

sess - the session

aceDatas - the set of ACEdatas

aceIncluded - a boolean array indicating which ace's are being included at this spot in the recursion

rges - the set of ResolutionGranteeEntry objects

rgeIndex - the index into the set of RGEs at this spot in the recursion

userIncluded - is a user incluided at this spot in the recursion?

keyPrefix - prefix for the key into the access table

ht - the access table

Throws:

IfsException - if the operation fails

getAccessLevelFromAceSet

protected static AccessLevel getAccessLevelFromAceSet(S_LibrarySession sess,
                                                      AccessControlListResolver.AccessControlEntryData[] aceDatas,
                                                      boolean[] aceIncluded)
                                               throws IfsException

Compute the AccessLevel from a set of ACEs that are "included" in consideration.

Parameters:

sess - the session

aceDatas - the set of ACEdatas

aceIncluded - a boolean array indicating which ace's are being included at this spot in the recursion

Returns:

the AccessLevel which corresponds to the set of ACEs specified

Throws:

IfsException - if the operation fails

hasDiscoverAccess

protected boolean hasDiscoverAccess(S_LibrarySession session,
                                    Long userid)
                             throws IfsException

Checks if a user has discover access for this ACL.

Parameters:

session - the requesting session

userid - the user

Returns:

true if the specified user has access

Throws:

IfsException - if the operation fails

getAccessLevel

protected AccessLevel getAccessLevel(S_LibrarySession session,
                                     Long userid)
                              throws IfsException

Checks access that a specified user has. A value of null means no access.

Parameters:

session - the requesting session

userid - the user

Throws:

IfsException - if the operation fails

getAccessLevel

protected AccessLevel getAccessLevel(S_LibrarySession session,
                                     Long userid,
                                     boolean clone,
                                     boolean useAccessCheckMode)
                              throws IfsException

Checks access that a specified user has. A value of zero means no access.

Parameters:

session - the requesting session

userid - the user

clone - should the result be cloned?

useAccessCheckMode - should access check mode be used?

Throws:

IfsException - if the operation fails

updateAclDiscovererTable

protected void updateAclDiscovererTable(S_LibrarySession sess)
                                 throws IfsException

Update, insert, or delete rows from ACL DiscovererTable to reflect the list of discoverers.

Parameters:

sess - the session

Throws:

IfsException - if the operation fails

updateAclDiscovererTableForConformingAcl

protected void updateAclDiscovererTableForConformingAcl(S_LibrarySession sess)
                                                 throws IfsException

Update, insert, or delete rows from ACL DiscovererTable to reflect the list of discoverers for a conforming ACL.

Parameters:

sess - the session

Throws:

IfsException - if the operation fails

updateAclDiscovererTableForComponentAcls

protected void updateAclDiscovererTableForComponentAcls(S_LibrarySession sess)
                                                 throws IfsException

Update, insert, or delete rows from ACL DiscovererTable to reflect the list of discoverers for this ACL's set of component ACLs (i.e. if this ACL is a composite ACL).

Parameters:

sess - the session

Throws:

IfsException - if the operation fails

updateAclDiscovererTableForNonconformingAcl

protected void updateAclDiscovererTableForNonconformingAcl(S_LibrarySession sess)
                                                    throws IfsException

Update, insert, or delete rows from ACL DiscovererTable to reflect the list of discoverers for a non-conforming ACL

Parameters:

sess - the session

Throws:

IfsException - if the operation fails

addLevels

protected static AccessLevel addLevels(AccessLevel level,
                                       AccessLevel grantedLevel,
                                       S_LibrarySession sess)
                                throws IfsException

Adds two access levels.

Parameters:

level - the first level

grantedLevel - the second level

Returns:

the result

Throws:

IfsException - if the operation fails

subtractLevels

protected static AccessLevel subtractLevels(AccessLevel level,
                                            AccessLevel grantedLevel,
                                            S_LibrarySession sess)
                                     throws IfsException

Subtracts two access levels (standard permissions only).

Parameters:

level - the first level

grantedLevel - the second level

Returns:

the result

Throws:

IfsException - if the operation fails

checkForNullAccessLevel

protected static AccessLevel checkForNullAccessLevel(AccessLevel level)
                                              throws IfsException

Checks to see if the specified AccessLevel is equivalent to a null AccessLevel (i.e. has no permissions); if so, return null.

Parameters:

level - the level to check

Throws:

IfsException - if the operation fails

getGrantee

protected S_DirectoryObject getGrantee(S_LibraryObjectData aceData,
                                       S_LibrarySession sess)
                                throws IfsException

Gets the DirectoryObject which is the grantee of the specified ACE data object.

Parameters:

aceData - the ACE

sess - the session

Returns:

the grantee

Throws:

IfsException - if the operation fails

getLevelInfoFromData

protected Object[] getLevelInfoFromData(S_LibraryObjectData aceData,
                                        S_LibrarySession sess)
                                 throws IfsException

Gets the information that represents the access associated with with the acedata.

This is a combination of the distinct access level and the access level of the permission bundles. The PermissionBundles the ACE depends upon is returned as the second object.

Parameters:

aceData - the S_LibraryObjectData that represents the ace

sess - the S_LibrarySession to use when obtaining the access level

Returns:

two objects: access level and Long[] representing the permission bundles; the representation of the access level is null if no access

Throws:

IfsException - if the operation fails

getIsGrant

protected boolean getIsGrant(S_LibraryObjectData aceData,
                             S_LibrarySession sess)
                      throws IfsException

Checks whether the specified ACE represents a grant or a revoke

Parameters:

aceData - the ACE

sess - the session

Returns:

true if a grant; false if a revoke

Throws:

IfsException - if the operation fails

getNonconformingResolution

protected AccessControlListResolver.NonconformingResolution getNonconformingResolution(S_LibrarySession sess)
                                                                                throws IfsException

Resolves this nonconforming instance for the purpose of being able to update the ACLD tables

Parameters:

sess - the session

Throws:

IfsException - if the operation fails

getComponentAclIds

protected Long[] getComponentAclIds(S_LibrarySession sess)

Gets the component ACL IDs.

Parameters:

sess - the session

Returns:

the component ACL IDs

getComponentAcls

protected S_AccessControlList[] getComponentAcls(S_LibrarySession sess)

Gets the component ACLs.

Parameters:

sess - the session

Returns:

the component ACLs

getAcl

protected S_AccessControlList getAcl(S_LibrarySession sess)

Gets the ACL.

Parameters:

sess - the session

Returns:

the ACL