...
As was mentioned in the main design document, the org.ofbiz.security.Security abstract class will be converted to an interface, and the Authorization Manager methods will be added to that interface. The authorization manager implementation will be decoupled from the OFBiz framework - making it easier to use third-party authorization librariessoftware.
The proposed new methods are:
Code Block | ||||
---|---|---|---|---|
| ||||
// User methods public void createUser(String userLoginId, String password); public void updateUser(String userLoginId, String password); public void deleteUser(String userLoginId); // User Group methods public String createUserGroup(String description); public void updateUserGroup(String userGroupId, String description); public void deleteUserGroup(String userGroupId); // User Group Assignment methods public void assignUserToGroup(String userLoginId, String userGroupId); public void deleteUserFromGroup(String userLoginId, String userGroupId); public void assignGroupToGroup(String childGroupId, String parentGroupId); public void deleteGroupFromGroup(String childGroupId, String parentGroupId); // Permission Assignment methods public void assignUserPermission(String userLoginId, String artifactId, Permission permission); public void deleteUserPermission(String userLoginId, String artifactId, Permission permission); public void assignGroupPermission(String userGroupId, String artifactId, Permission permission); public void deleteGroupPermission(String userGroupId, String artifactId, Permission permission); // Get permissions the access controller for an artifact/user combination public AccessController getUserPermissions(GenericValue userLogin, String artifactIdgetAccessController(); |
All methods throw java.security.GeneralSecurityException. The Permission class is from the java.security package, and the AccessController interface is similar to the AccessController class in the java.security package:
Code Block | ||||
---|---|---|---|---|
| ||||
package org.ofbiz.securitybase.authorization; public interface AccessController { public void checkPermission(Permission permission) throws AccessControlException; public void checkPermission(Permission permission, ArtifactPath artifactPath) throws AccessControlException; public <E> List<E> applyFilters(List<E> list); public <E> ListIterator<E> applyFilters(ListIterator<E> list); } |
Artifacts will check permissions in two steps: #Get
- Get an AccessController instance from
...
- the ThreadContext by calling the
...
- getAccessController method
...
- Call the checkPermission method with the desired permission(s)
Code Block | ||||
---|---|---|---|---|
| ||||
// An artifact update method public void doUpdateTask(ExecutionContext context) throws AccessControlException { Security security = context.getSecurity(); AccessController accessController = security.getUserPermissions(context.getUserLogin(), this.getArtifactId(context)); accessControllerThreadContext.getAccessController().checkPermission(new UpdatePermission()); ... } |