Package com.webmethods.portal.bizPolicy.biz.access

Interface IAccessPolicy

All Superinterfaces:
IBizPolicy, IComponent, IInitializable, ISystemHandler
public interface IAccessPolicy extends IBizPolicy

Policy to modify Portal Access information. This includes IAce, and other information.

IAccessPolicy functions expose setting (updating) and removing IAces, as well as altering Anonymous, AuthScheme and capability information as well on Portal resources. (IThings).

  • Method Details

    • setAces

      @Deprecated void setAces(IContext context, IThingID itemId, List<? extends IURI> principalIds, boolean recursive, int grant, int deny, int exclusive, int delegate, int mask) throws BizException
      Deprecated.
      use setAcesEx(IContext, IThingID, List, boolean, Collection, Collection, Collection) instead
      Sets the access entries of the specified item. This will update any existing aces as well. For instance, if the 'everyone' group already has an ace, and you call this passing in the 'everyone' group's uri, the ace will be updated with the new information.
      Parameters:
      context - Command context (user state information).
      itemId - Item whose access entries to set.
      principalIds - List of IURIs for which to add or modify access.
      recursive - True if the access modification should be applied to this item's descendants.
      grant - Bit set of rights to grant.
      deny - Bit set of rights to deny.
      exclusive - Bit set of rights to grant exclusively.
      delegate - Bit set of rights that may be delegated.
      mask - Bit set of rights to modify. When adding or modifying a particular right set (like grant or deny) only the intersection of this and the particular right set apply.
      Throws:
      BizException - TODO: delegate and mask are unused and should be deprected/removed.

    • setAcesEx

      void setAcesEx(IContext context, IThingID itemId, List<? extends IURI> principalIds, boolean recursive, Collection<? extends Object> granted, Collection<? extends Object> denied, Collection<? extends Object> exclusive) throws BizException
      Sets the access for the specified item.
      Parameters:
      context - current context
      itemId - item to set aces on
      principalIds - principals list
      recursive - whether set aces recursive
      granted - list of granted rights. This is a list of String names of rights or Integer right values
      denied - list of denied rights. This is a list of String names of rights or Integer right values
      exclusive - list of denied rights. This is a list of String names of rights or Integer right values
      Throws:
      BizException

    • getAccess

      @Deprecated int getAccess(IContext context, IThingID itemID, IURI userID) throws BizException
      Deprecated.
      use getAccessEx(IContext, IThingID, IURI) instead
      Returns access rights that user has for the given thing. See IAccessRight for the definition of possible access rights values
      Parameters:
      context - Command context
      itemID - item whose access should be retrieved
      userID - user whose access shouild be retrieved
      Returns:
      integer representing rights that user has on an item
      Throws:
      BizException

    • getRightsForType

      IListView<IView> getRightsForType(IContext context, String xtypeName) throws BizException
      Returns list view of all rights registered with the given xtype/basic type
      Parameters:
      context - current context
      xtypeName - xtype or base type name
      Returns:
      list view
      Throws:
      BizException

    • getAccessEx

      Collection<Integer> getAccessEx(IContext context, IThingID itemID, IURI userID) throws BizException
      Returns access rights that user has for the given thing. See IAccessRight for the definition of possible access rights values
      Parameters:
      context - Command context
      itemID - item whose access should be retrieved
      userID - user whose access shouild be retrieved
      Returns:
      collections with Integer values of granted access rights
      Throws:
      BizException

    • getAclView

      IListView<IAceView> getAclView(IContext context, IThingID itemID) throws BizException
      Returns list of access control entries for this item
      Parameters:
      context - executing context
      itemID - item to retrieve access control list
      Returns:
      list view of IAceView objects
      Throws:
      BizException

    • removeAces

      void removeAces(IContext context, IThingID itemId, List<? extends IURI> principalIds, boolean recursive) throws BizException
      Removes the access entries of the specified item.
      Parameters:
      context - Command context (user state information).
      itemId - Item whose access entries to remove.
      principalIds - List of IURIs for which to add or modify access.
      recursive - True if the access modification should be applied to this item's descendants.
      Throws:
      BizException

    • setAnonymous

      void setAnonymous(IContext context, IThingID itemId, boolean recursive, boolean isAnonymous) throws BizException
      Set specified resource either as anonymous. If it is set to being anonymous, some important things will change. 
       1) The authLevel on the thing will change. IThingBaseView.getAuthLevel()
 2) Authentication will not be required to access this thing
      This is really just a convience function for checking to see if getAuthScheme(com.webmethods.portal.bizPolicy.IContext, com.webmethods.portal.service.meta2.thing.IThingID) is equal to anonymous
      Parameters:
      context - Command context (user state information).
      itemId - Item whose anonymous setting to change.
      recursive - True if the access modification should be applied to this item's descendants.
      isAnonymous - whether or not to set this as anonymous
      Throws:
      BizException

    • isAnonymous

      boolean isAnonymous(IContext context, IThingID itemId) throws BizException
      Verifies whether specified resource is anonymous.
      Parameters:
      context - Command context (user state information).
      itemId - Item whose anonymous setting to query.
      Returns:
      True if anonymous, false otherwise
      Throws:
      BizException

    • setAuthScheme

      void setAuthScheme(IContext context, IThingID itemId, boolean recursive, String authLevel) throws BizException
      Sets the authentication level of this thing
      Parameters:
      context - Command context (user state information).
      itemId - Item whose authLevel setting to change.
      recursive - True if the access modification should be applied to this item's descendants.
      authLevel - the name of the auth scheme: 'default', 'fullAccess', 'anonymous', 'basic', 'ntlm'
      Throws:
      BizException
      See Also:

    • getAuthScheme

      String getAuthScheme(IContext context, IThingID itemId) throws BizException
      Queries the authLevel of the resource.
      Parameters:
      context - Command context (user state information).
      itemId - Item whose authLevel setting to query.
      Returns:
      the name of the auth scheme: 'default', 'fullAccess', 'anonymous', 'basic', 'ntlm'
      Throws:
      BizException
      See Also:

    • setSecurityRealm

      void setSecurityRealm(IContext context, IThingID itemID, IThingID securityRealmID, boolean recursive) throws BizException
      Sets security policy to the object
      Parameters:
      context - Command context
      itemID - item thing ID to set policy on
      securityRealmID - policy thing ID
      recursive - whether to set policy recursively
      Throws:
      BizException

    • getSecurityRealm

      IThingID getSecurityRealm(IContext context, IThingID itemID) throws BizException
      Retrieves and returns security policy associated with the item
      Parameters:
      context - Command context
      itemID - item thing ID
      Returns:
      policy thing ID or null
      Throws:
      BizException

    • removeSecurityRealm

      void removeSecurityRealm(IContext context, IThingID itemID, IThingID securityRealmID, boolean recursive) throws BizException
      Removes security policy from the object
      Parameters:
      context - command context
      itemID - item thing ID
      securityRealmID - policy thing ID
      Throws:
      BizException

    • listSecurityRealmObjects

      IListView<IView> listSecurityRealmObjects(IContext context, IThingID securityRealmID) throws BizException
      Returns list view of all objects assigned this security realm. List could be empry
      Parameters:
      securityRealmID -
      Returns:
      Throws:
      BizException

    • listSecurityReamObjects

      @Deprecated IListView<IView> listSecurityReamObjects(IContext context, IThingID securityRealmID) throws BizException
      Deprecated.
      use listSecurityRealmObjects(IContext, IThingID) instead
      Returns list view of all objects assigned this security realm. List could be empry
      Parameters:
      securityRealmID -
      Returns:
      Throws:
      BizException