Versions Compared

Old Version 3

changes.mady.by.user Unknown User (adrianc@hlmksw.com)

Saved on

compared with

New Version Current

changes.mady.by.user Adrian adrianc

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

As was mentioned in the main design document, the org.ofbiz.security.Security abstract class will be converted to an interface, and the Authorization Manager methods will be added to that interface. The authorization manager implementation will be decoupled from the OFBiz framework - making it easier to use third-party authorization librariessoftware.

The proposed new methods are:

Code Block
java
java
// User methods
public void createUser(GenericValue userLoginString userLoginId, String password);
public void updateUser(GenericValue userLoginString userLoginId, String password);
public void deleteUser(GenericValueString userLoginuserLoginId);

// User Group methods
public String createUserGroup(String description);
public void updateUserGroup(String userGroupId, String description);
public void deleteUserGroup(String userGroupId);

// User Group Assignment methods
public Stringvoid assignUserToGroup(String userLoginId, String userGroupId);
public void deleteUserFromGroup(String userLoginId, String userGroupId);
public Stringvoid assignGroupToGroup(String childGroupId, String parentGroupId);
public void deleteGroupFromGroup(String childGroupId, String parentGroupId);

// Permission Assignment methods
public void assignUserPermission(String userLoginId, String artifactId, Permission permission);
public void deleteUserPermission(String userLoginId, String artifactId, Permission permission);
public void assignGroupPermission(String userGroupId, String artifactId, Permission permission);
public void deleteGroupPermission(String userGroupId, String artifactId, Permission permission);

// Get the access controller for an artifact/user combination
public AccessController getAccessController();

All methods throw java.security.GeneralSecurityException. The Permission class is from the java.security package, and the AccessController interface is similar to the AccessController class in the java.security package:

Code Block
java
java

package org.ofbiz.base.authorization;

public interface AccessController {

    public void checkPermission(Permission permission) throws AccessControlException;
    public void checkPermission(Permission permission, ArtifactPath artifactPath) throws AccessControlException;
    public <E> List<E> applyFilters(List<E> list);
    public <E> ListIterator<E> applyFilters(ListIterator<E> list);

}

Artifacts will check permissions in two steps:

  1. Get an AccessController instance from the ThreadContext by calling the getAccessController method
  2. Call the checkPermission method with the desired permission(s)
Code Block
java
java

    // An artifact update method
    public void doUpdateTask() {
        ThreadContext.getAccessController().checkPermission(new UpdatePermission());
        ...
    }