CachingAccessResolver

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Class CachingAccessResolver

java.lang.Object
  edu.internet2.middleware.grouper.privs.AccessResolverDecorator
      edu.internet2.middleware.grouper.privs.CachingAccessResolver

All Implemented Interfaces:: AccessResolver

public class CachingAccessResolver
extends AccessResolverDecorator
extends AccessResolverDecorator

Decorator that provides caching for AccessResolver.

Since:: 1.2.1
Version:: $Id: CachingAccessResolver.java,v 1.16 2009-09-21 06:14:26 mchyzer Exp $
Author:: blair christensen.

Field Summary
`static java.lang.String`	`CACHE_HASPRIV`

Constructor Summary
`CachingAccessResolver(AccessResolver resolver)`

Method Summary
`void`	`flushCache()` flush cache if caching resolver
`GrouperSession`	`getGrouperSession()` get a reference to the session
`java.util.Set<AccessPrivilege>`	`getPrivileges(Group group, edu.internet2.middleware.subject.Subject subject)` Get all privileges subject has on group.
`CacheStats`	`getStats(java.lang.String cache)`
`void`	`grantPrivilege(Group group, edu.internet2.middleware.subject.Subject subject, Privilege privilege, java.lang.String uuid)` Grant privilege to subject on group.
`boolean`	`hasPrivilege(Group group, edu.internet2.middleware.subject.Subject subject, Privilege privilege)` Check whether subject has privilege on group.
`boolean`	`hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String groupColumn, Privilege privilege, boolean considerAllSubject)` for a group query, check to make sure the subject cant see the records
`boolean`	`hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, java.lang.StringBuilder hql, java.lang.String groupColumn, java.util.Set<Privilege> privInSet)` for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)
`java.util.Set<Group>`	`postHqlFilterGroups(java.util.Set<Group> groups, edu.internet2.middleware.subject.Subject subject, java.util.Set<Privilege> privInSet)` after HQL is run, filter groups.
`java.util.Set<Membership>`	`postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject, java.util.Set<Membership> memberships)` filter memberships for things the subject can see
`void`	`privilegeCopy(Group g1, Group g2, Privilege priv)` Copies privileges for subjects that have the specified privilege on g1 to g2.
`void`	`privilegeCopy(edu.internet2.middleware.subject.Subject subj1, edu.internet2.middleware.subject.Subject subj2, Privilege priv)` Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
`void`	`revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)` Revoke all access privileges that this subject has.
`void`	`revokePrivilege(Group group, Privilege privilege)` Revoke privilege from all subjects on group.
`void`	`revokePrivilege(Group group, edu.internet2.middleware.subject.Subject subject, Privilege privilege)` Revoke privilege from subject on group.
`void`	`stop()` clean up resources, session is stopped

Methods inherited from class edu.internet2.middleware.grouper.privs.AccessResolverDecorator
`getDecoratedResolver, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPrivilege, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPrivilege, postHqlFilterStemsWithGroups, retrievePrivileges`

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

CACHE_HASPRIV

public static final java.lang.String CACHE_HASPRIV

Constructor Detail

CachingAccessResolver

public CachingAccessResolver(AccessResolver resolver)

Parameters:: resolver -
Since:: 1.2.1

Method Detail

getPrivileges

public java.util.Set<AccessPrivilege> getPrivileges(Group group,
                                                    edu.internet2.middleware.subject.Subject subject)
                                             throws java.lang.IllegalArgumentException

Description copied from interface: AccessResolver

Get all privileges subject has on group.

Specified by:: getPrivileges in interface AccessResolver
Overrides:: getPrivileges in class AccessResolverDecorator

Returns:: the set
Throws:: java.lang.IllegalArgumentException - if any parameter is null.
Since:: 1.2.1
See Also:: AccessResolver.getPrivileges(Group, Subject)

getStats

public CacheStats getStats(java.lang.String cache)

Parameters:: cache -
Returns:: ehcache statistics for cache.
Since:: 1.2.1

grantPrivilege

public void grantPrivilege(Group group,
                           edu.internet2.middleware.subject.Subject subject,
                           Privilege privilege,
                           java.lang.String uuid)
                    throws java.lang.IllegalArgumentException,
                           UnableToPerformException

Description copied from interface: AccessResolver

Grant privilege to subject on group.

Specified by:: grantPrivilege in interface AccessResolver
Overrides:: grantPrivilege in class AccessResolverDecorator

uuid - send uuid if known, else null
Throws:: java.lang.IllegalArgumentException - if any parameter is null.; UnableToPerformException - if the privilege could not be granted.
Since:: 1.2.1
See Also:: AccessResolver.grantPrivilege(Group, Subject, Privilege, String)

hasPrivilege

public boolean hasPrivilege(Group group,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws java.lang.IllegalArgumentException

Description copied from interface: AccessResolver

Check whether subject has privilege on group.

Specified by:: hasPrivilege in interface AccessResolver
Overrides:: hasPrivilege in class AccessResolverDecorator

Returns:: boolean
Throws:: java.lang.IllegalArgumentException - if any parameter is null.
Since:: 1.2.1
See Also:: AccessResolver.hasPrivilege(Group, Subject, Privilege)

revokePrivilege

public void revokePrivilege(Group group,
                            Privilege privilege)
                     throws java.lang.IllegalArgumentException,
                            UnableToPerformException

Description copied from interface: AccessResolver

Revoke privilege from all subjects on group.

Specified by:: revokePrivilege in interface AccessResolver
Overrides:: revokePrivilege in class AccessResolverDecorator

Throws:: java.lang.IllegalArgumentException - if any parameter is null.; UnableToPerformException - if the privilege could not be revoked.
Since:: 1.2.1
See Also:: AccessResolver.revokePrivilege(Group, Privilege)

revokePrivilege

public void revokePrivilege(Group group,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws java.lang.IllegalArgumentException,
                            UnableToPerformException

Description copied from interface: AccessResolver

Revoke privilege from subject on group.

Specified by:: revokePrivilege in interface AccessResolver
Overrides:: revokePrivilege in class AccessResolverDecorator

Throws:: java.lang.IllegalArgumentException - if any parameter is null.; UnableToPerformException - if the privilege could not be revoked.
Since:: 1.2.1
See Also:: AccessResolver.revokePrivilege(Group, Subject, Privilege)

privilegeCopy

public void privilegeCopy(Group g1,
                          Group g2,
                          Privilege priv)
                   throws java.lang.IllegalArgumentException,
                          UnableToPerformException

Description copied from interface: AccessResolver

Copies privileges for subjects that have the specified privilege on g1 to g2.

Specified by:: privilegeCopy in interface AccessResolver
Overrides:: privilegeCopy in class AccessResolverDecorator

Throws:: java.lang.IllegalArgumentException; UnableToPerformException
See Also:: AccessResolver.privilegeCopy(edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.Group, edu.internet2.middleware.grouper.privs.Privilege)

privilegeCopy

public void privilegeCopy(edu.internet2.middleware.subject.Subject subj1,
                          edu.internet2.middleware.subject.Subject subj2,
                          Privilege priv)
                   throws java.lang.IllegalArgumentException,
                          UnableToPerformException

Description copied from interface: AccessResolver

Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ADMIN privilege to Group x, this method will result with subj2 having ADMIN privilege to Group x.

Specified by:: privilegeCopy in interface AccessResolver
Overrides:: privilegeCopy in class AccessResolverDecorator

Throws:: java.lang.IllegalArgumentException; UnableToPerformException
See Also:: AccessResolver.privilegeCopy(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

flushCache

public void flushCache()

Description copied from interface: AccessResolver

flush cache if caching resolver

Specified by:: flushCache in interface AccessResolver
Overrides:: flushCache in class AccessResolverDecorator

See Also:: AccessResolver.flushCache()

postHqlFilterGroups

public java.util.Set<Group> postHqlFilterGroups(java.util.Set<Group> groups,
                                                edu.internet2.middleware.subject.Subject subject,
                                                java.util.Set<Privilege> privInSet)

Description copied from interface: AccessResolver

after HQL is run, filter groups. If you are filtering in HQL, then dont filter here

Specified by:: postHqlFilterGroups in interface AccessResolver
Overrides:: postHqlFilterGroups in class AccessResolverDecorator

subject - which needs view access to the groups; privInSet - find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter
Returns:: the set of filtered groups
See Also:: AccessResolver.postHqlFilterGroups(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterGroupsWhereClause

public boolean hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject subject,
                                          HqlQuery hqlQuery,
                                          java.lang.StringBuilder hql,
                                          java.lang.String groupColumn,
                                          java.util.Set<Privilege> privInSet)

Description copied from interface: AccessResolver

for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)

Specified by:: hqlFilterGroupsWhereClause in interface AccessResolver
Overrides:: hqlFilterGroupsWhereClause in class AccessResolverDecorator

Parameters:: subject - which needs view access to the groups; hql - the select and current from part; groupColumn - is the name of the group column to join to; privInSet - find a privilege which is in this set (e.g. for view, send all access privs)
Returns:: if the statement was changed
See Also:: AccessResolver.hqlFilterGroupsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, java.util.Set)

getGrouperSession

public GrouperSession getGrouperSession()

Description copied from interface: AccessResolver

get a reference to the session

Specified by:: getGrouperSession in interface AccessResolver
Overrides:: getGrouperSession in class AccessResolverDecorator

Returns:: the session
See Also:: AccessResolver.getGrouperSession()

postHqlFilterMemberships

public java.util.Set<Membership> postHqlFilterMemberships(edu.internet2.middleware.subject.Subject subject,
                                                          java.util.Set<Membership> memberships)

Description copied from interface: AccessResolver

filter memberships for things the subject can see

Specified by:: postHqlFilterMemberships in interface AccessResolver
Overrides:: postHqlFilterMemberships in class AccessResolverDecorator

Returns:: the memberships
See Also:: AccessResolver.postHqlFilterMemberships(edu.internet2.middleware.subject.Subject, java.util.Set)

stop

public void stop()

Description copied from interface: AccessResolver

clean up resources, session is stopped

Specified by:: stop in interface AccessResolver
Overrides:: stop in class AccessResolverDecorator

See Also:: AccessResolver.stop()

revokeAllPrivilegesForSubject

public void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)

Description copied from interface: AccessResolver

Revoke all access privileges that this subject has.

Specified by:: revokeAllPrivilegesForSubject in interface AccessResolver
Overrides:: revokeAllPrivilegesForSubject in class AccessResolverDecorator

See Also:: AccessResolver.revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject)

hqlFilterGroupsNotWithPrivWhereClause

public boolean hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
                                                     HqlQuery hqlQuery,
                                                     java.lang.StringBuilder hql,
                                                     java.lang.String groupColumn,
                                                     Privilege privilege,
                                                     boolean considerAllSubject)

Description copied from interface: AccessResolver

for a group query, check to make sure the subject cant see the records

Specified by:: hqlFilterGroupsNotWithPrivWhereClause in interface AccessResolver
Overrides:: hqlFilterGroupsNotWithPrivWhereClause in class AccessResolverDecorator

Parameters:: subject - which needs view access to the groups; hql - the select and current from part; groupColumn - is the name of the group column to join to; privilege - find a privilege which is in this set (e.g. for view, send all access privs); considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not
Returns:: if the statement was changed
See Also:: edu.internet2.middleware.grouper.privs.AccessResolver#hqlFilterGroupsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs Class CachingAccessResolver

CACHE_HASPRIV

CachingAccessResolver

getPrivileges

getStats

grantPrivilege

hasPrivilege

revokePrivilege

revokePrivilege

privilegeCopy

privilegeCopy

flushCache

postHqlFilterGroups

hqlFilterGroupsWhereClause

getGrouperSession

postHqlFilterMemberships

stop

revokeAllPrivilegesForSubject

hqlFilterGroupsNotWithPrivWhereClause

edu.internet2.middleware.grouper.privs
Class CachingAccessResolver