public class PersistenceSecurityImpl extends SecurityImpl implements PersistenceSecurity
Modifier and Type | Class and Description |
---|---|
protected static class |
PersistenceSecurityImpl.EntityId |
Modifier and Type | Field and Description |
---|---|
protected AttributeSecuritySupport |
attributeSecuritySupport |
protected Configuration |
configuration |
protected EntityStates |
entityStates |
protected Persistence |
persistence |
protected ReferenceToEntitySupport |
referenceToEntitySupport |
protected SecurityTokenManager |
securityTokenManager |
extendedEntities, metadata, metadataTools, persistenceSecurityService, scripting, userSessionSource
CONSTRAINT_PARAM_SESSION_ATTR, CONSTRAINT_PARAM_USER_GROUP_ID, CONSTRAINT_PARAM_USER_ID, CONSTRAINT_PARAM_USER_LOGIN, NAME
Constructor and Description |
---|
PersistenceSecurityImpl() |
Modifier and Type | Method and Description |
---|---|
void |
applyConstraints(java.util.Collection<Entity> entities)
Applies in-memory constraints to the entity fields by filtered data
|
void |
applyConstraints(Entity entity)
Applies in-memory constraints to the entity by filtered data
|
protected void |
applyConstraints(Entity entity,
java.util.Set<PersistenceSecurityImpl.EntityId> handled) |
boolean |
applyConstraints(Query query)
Modifies the query depending on current user's security constraints.
|
protected void |
assertSecurityConstraints(Entity entity,
java.util.function.BiPredicate<Entity,MetaProperty> predicate) |
void |
assertToken(Entity entity)
Validate that security token exists for specific cases.
|
protected void |
assertTokenForAttributeAccess(Entity entity) |
void |
assertTokenForREST(Entity entity,
View view)
Validate that security token for REST exists for specific cases.
|
void |
calculateFilteredData(java.util.Collection<Entity> entities)
Calculate filtered data
|
void |
calculateFilteredData(Entity entity)
Calculate filtered data
|
protected boolean |
calculateFilteredData(Entity entity,
java.util.Set<PersistenceSecurityImpl.EntityId> handled,
boolean checkPermitted) |
java.lang.Object |
evaluateConstraintScript(Entity entity,
java.lang.String groovyScript) |
protected void |
fillGroovyConstraintsContext(java.util.Map<java.lang.String,java.lang.Object> context)
Override if you need specific context variables in Groovy constraints.
|
boolean |
filterByConstraints(java.util.Collection<Entity> entities)
Filter entities in collection by in-memory constraints
|
boolean |
filterByConstraints(Entity entity)
Filter entity by in-memory constraints
|
boolean |
hasInMemoryReadConstraints(MetaClass metaClass)
Check if there are registered memory read constraints for the metaClass or it's original metaClass
|
protected boolean |
isNotPermittedInMemory(Entity entity) |
boolean |
isPermitted(Entity entity,
ConstraintOperationType operationType)
Check if the operation type is permitted for the entity
|
boolean |
isPermitted(Entity entity,
EntityOp operation)
Check if the operation type is permitted for the entity
|
boolean |
isPermitted(Entity entity,
java.lang.String customCode)
Check the special constraint permission for the entity
|
protected java.lang.Object |
parseValue(java.lang.Class<?> clazz,
java.lang.String string) |
protected void |
processConstraint(QueryTransformer transformer,
JpqlAccessConstraint constraint,
java.lang.String entityName) |
void |
restoreFilteredData(Entity entity)
Restores filtered data from security token
|
void |
restoreSecurityState(Entity entity)
Reads security token and restores security state
|
protected java.lang.Object |
runGroovyScript(Entity entity,
java.lang.String groovyScript) |
void |
setQueryParam(Query query,
java.lang.String paramName)
Sets the query param to a value provided by user session (see constants above).
|
ConstraintValidationResult |
validateConstraintScript(java.lang.String entityType,
java.lang.String groovyScript)
Validate groovy access constraint script
|
checkSpecificPermission, getConstraints, hasConstraints, hasInMemoryConstraints, isEntityAttrPermitted, isEntityAttrPermitted, isEntityAttrPermitted, isEntityAttrReadPermitted, isEntityAttrReadPermitted, isEntityAttrUpdatePermitted, isEntityAttrUpdatePermitted, isEntityOpPermitted, isEntityOpPermitted, isScreenPermitted, isSpecificPermitted
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
restoreSecurityStateAndFilteredData
checkSpecificPermission, hasConstraints, hasInMemoryConstraints, isEntityAttrPermitted, isEntityAttrPermitted, isEntityAttrReadPermitted, isEntityAttrReadPermitted, isEntityAttrUpdatePermitted, isEntityAttrUpdatePermitted, isEntityOpPermitted, isEntityOpPermitted, isScreenPermitted, isSpecificPermitted
@Inject protected SecurityTokenManager securityTokenManager
@Inject protected Configuration configuration
@Inject protected Persistence persistence
@Inject protected ReferenceToEntitySupport referenceToEntitySupport
@Inject protected AttributeSecuritySupport attributeSecuritySupport
@Inject protected EntityStates entityStates
public boolean applyConstraints(Query query)
PersistenceSecurity
applyConstraints
in interface PersistenceSecurity
query
- query to modifypublic void setQueryParam(Query query, java.lang.String paramName)
PersistenceSecurity
setQueryParam
in interface PersistenceSecurity
query
- Query instanceparamName
- parameter to setpublic boolean filterByConstraints(java.util.Collection<Entity> entities)
PersistenceSecurity
filterByConstraints
in interface PersistenceSecurity
entities
- - collection of entities that will be filteredpublic boolean filterByConstraints(Entity entity)
PersistenceSecurity
filterByConstraints
in interface PersistenceSecurity
entity
- - entity that will be filteredpublic void applyConstraints(java.util.Collection<Entity> entities)
PersistenceSecurity
applyConstraints
in interface PersistenceSecurity
entities
- - collection of entitiespublic void applyConstraints(Entity entity)
PersistenceSecurity
applyConstraints
in interface PersistenceSecurity
entity
- -public void calculateFilteredData(Entity entity)
PersistenceSecurity
calculateFilteredData
in interface PersistenceSecurity
entity
- for which will calculate filtered datapublic void calculateFilteredData(java.util.Collection<Entity> entities)
PersistenceSecurity
calculateFilteredData
in interface PersistenceSecurity
entities
- - collection of entities for which will calculate filtered datapublic void restoreSecurityState(Entity entity)
PersistenceSecurity
restoreSecurityState
in interface PersistenceSecurity
entity
- - entity to restore security statepublic void restoreFilteredData(Entity entity)
PersistenceSecurity
restoreFilteredData
in interface PersistenceSecurity
entity
- - entity to restore filtered datapublic void assertToken(Entity entity)
PersistenceSecurity
assertToken
in interface PersistenceSecurity
entity
- - entity to check security tokenpublic void assertTokenForREST(Entity entity, View view)
PersistenceSecurity
assertTokenForREST
in interface PersistenceSecurity
entity
- - entity to check security tokenview
- - view for entitypublic boolean hasInMemoryReadConstraints(MetaClass metaClass)
PersistenceSecurity
hasInMemoryReadConstraints
in interface PersistenceSecurity
protected void assertSecurityConstraints(Entity entity, java.util.function.BiPredicate<Entity,MetaProperty> predicate)
protected void assertTokenForAttributeAccess(Entity entity)
protected void processConstraint(QueryTransformer transformer, JpqlAccessConstraint constraint, java.lang.String entityName)
protected void applyConstraints(Entity entity, java.util.Set<PersistenceSecurityImpl.EntityId> handled)
protected boolean calculateFilteredData(Entity entity, java.util.Set<PersistenceSecurityImpl.EntityId> handled, boolean checkPermitted)
public boolean isPermitted(Entity entity, EntityOp operation)
Security
isPermitted
in interface Security
isPermitted
in class SecurityImpl
public boolean isPermitted(Entity entity, ConstraintOperationType operationType)
Security
isPermitted
in interface Security
isPermitted
in class SecurityImpl
public boolean isPermitted(Entity entity, java.lang.String customCode)
Security
isPermitted
in interface Security
isPermitted
in class SecurityImpl
protected boolean isNotPermittedInMemory(Entity entity)
public java.lang.Object evaluateConstraintScript(Entity entity, java.lang.String groovyScript)
evaluateConstraintScript
in interface Security
evaluateConstraintScript
in class SecurityImpl
public ConstraintValidationResult validateConstraintScript(java.lang.String entityType, java.lang.String groovyScript)
PersistenceSecurity
validateConstraintScript
in interface PersistenceSecurity
protected java.lang.Object runGroovyScript(Entity entity, java.lang.String groovyScript)
protected void fillGroovyConstraintsContext(java.util.Map<java.lang.String,java.lang.Object> context)
context
- passed to Groovy evaluatorprotected java.lang.Object parseValue(java.lang.Class<?> clazz, java.lang.String string)