Access to add and change pages is restricted. See: https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access

  • Created by Unknown User (adrianc@hlmksw.com), last modified on Aug 09, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Authorization Manager Implementation Details

As was mentioned in the main design document, the org.ofbiz.security.Security abstract class will be converted to an interface, and the Authorization Manager methods will be added to that interface. The authorization manager implementation will be decoupled from the OFBiz framework - making it easier to use third-party authorization libraries.

The proposed new methods are:

// User methods
public void createUser(String userLoginId, String password);
public void updateUser(String userLoginId, String password);
public void deleteUser(String userLoginId);

// User Group methods
public String createUserGroup(String description);
public void updateUserGroup(String userGroupId, String description);
public void deleteUserGroup(String userGroupId);

// User Group Assignment methods
public void assignUserToGroup(String userLoginId, String userGroupId);
public void deleteUserFromGroup(String userLoginId, String userGroupId);
public void assignGroupToGroup(String childGroupId, String parentGroupId);
public void deleteGroupFromGroup(String childGroupId, String parentGroupId);

// Permission Assignment methods
public void assignUserPermission(String userLoginId, String artifactId, Permission permission);
public void deleteUserPermission(String userLoginId, String artifactId, Permission permission);
public void assignGroupPermission(String userGroupId, String artifactId, Permission permission);
public void deleteGroupPermission(String userGroupId, String artifactId, Permission permission);

// Get the access controller for an artifact/user combination
public AccessController getAccessController (GenericValue userLogin, String artifactId);

All methods throw java.security.GeneralSecurityException. The Permission class is from the java.security package, and the AccessController interface is similar to the AccessController class in the java.security package:

package org.ofbiz.base.authorization;

public interface AccessController {

    public void checkPermission(Permission permission) throws AccessControlException;

}

Artifacts will check permissions in two steps:

  1. Get an AccessController instance from Security by calling the getAccessController method
  2. Call the checkPermission method with the desired permission(s)
    // An artifact update method
    public void doUpdateTask(ExecutionContext context) throws AccessControlException {
        Security security = context.getSecurity();
        AccessController accessController = security.getAccessController(context.getUserLogin(), this.getArtifactId(context));
        accessController.checkPermission(new UpdatePermission());
        ...
    }
  • No labels