Authorizer


1   /*
2   
3      Derby - Class org.apache.derby.iapi.sql.conn.Authorizer
4   
5      Licensed to the Apache Software Foundation (ASF) under one or more
6      contributor license agreements.  See the NOTICE file distributed with
7      this work for additional information regarding copyright ownership.
8      The ASF licenses this file to you under the Apache License, Version 2.0
9      (the "License"); you may not use this file except in compliance with
10     the License.  You may obtain a copy of the License at
11  
12        http://www.apache.org/licenses/LICENSE-2.0
13  
14     Unless required by applicable law or agreed to in writing, software
15     distributed under the License is distributed on an "AS IS" BASIS,
16     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17     See the License for the specific language governing permissions and
18     limitations under the License.
19  
20   */
21  
22  package org.apache.derby.iapi.sql.conn;
23  
24  import org.apache.derby.iapi.sql.Activation;
25  import org.apache.derby.iapi.error.StandardException;
26  /**
27    The Authorizer verifies a connected user has the authorization 
28    to perform a requested database operation using the current
29    connection.
30  
31    <P>
32    Today no object based authorization is supported.
33    */
34  public interface Authorizer
35  {
36      /** SQL write (insert,update,delete) operation */
37      public static final int SQL_WRITE_OP = 0;
38      /** SQL SELECT  operation */
39      public static final int SQL_SELECT_OP = 1;
40      /** Any other SQL operation */
41      public static final int SQL_ARBITARY_OP = 2;
42      /** SQL CALL/VALUE  operation */
43      public static final int SQL_CALL_OP = 3;
44      /** SQL DDL operation */
45      public static final int SQL_DDL_OP   = 4;
46      /** database property write operation */
47      public static final int PROPERTY_WRITE_OP = 5;
48      /**  database jar write operation */    
49      public static final int JAR_WRITE_OP = 6;
50      
51      /* Privilege types for SQL standard (grant/revoke) permissions checking. */
52      public static final int NULL_PRIV = -1;
53      public static final int SELECT_PRIV = 0;
54      public static final int UPDATE_PRIV = 1;
55      public static final int REFERENCES_PRIV = 2;
56      public static final int INSERT_PRIV = 3;
57      public static final int DELETE_PRIV = 4;
58      public static final int TRIGGER_PRIV = 5;
59      public static final int EXECUTE_PRIV = 6;
60      public static final int PRIV_TYPE_COUNT = 7;
61  
62      /* Used to check who can create schemas or who can modify objects in schema */
63      public static final int CREATE_SCHEMA_PRIV = 16;
64      public static final int MODIFY_SCHEMA_PRIV = 17;
65      public static final int DROP_SCHEMA_PRIV = 18;
66      
67      /**
68       * The system authorization ID is defined by the SQL2003 spec as the grantor
69       * of privileges to object owners.
70       */
71      public static final String   SYSTEM_AUTHORIZATION_ID = "_SYSTEM";
72  
73      /**
74       * The public authorization ID is defined by the SQL2003 spec as implying all users.
75       */
76      public static final String   PUBLIC_AUTHORIZATION_ID = "PUBLIC";
77  
78      /**
79        Verify the connected user is authorized to perform the requested
80        operation.
81  
82        This variation should only be used with operations that do not use tables
83        or routines. If the operation involves tables or routines then use the
84        variation of the authorize method that takes an Activation parameter. The
85        activation holds the table, column, and routine lists.
86  
87        @param operation the enumeration code for the requsted operation.
88  
89        @exception StandardException Thrown if the operation is not allowed
90       */
91      public void authorize( int operation) throws StandardException;
92      
93      /**
94        Verify the connected user is authorized to perform the requested
95        operation.
96  
97        @param activation holds the list of tables, columns, and routines used.
98        @param operation the enumeration code for the requsted operation.
99  
100       @exception StandardException Thrown if the operation is not allowed
101     */
102     public void authorize(Activation activation, int operation)
103                 throws StandardException;
104 
105     /**
106       Get the Authorization ID for this Authorizer.
107       */
108    public String   getAuthorizationId();
109 
110    /**
111      Get the readOnly status for this authorizer's connection.
112      */
113    public boolean isReadOnlyConnection();
114 
115    /**
116      Set the readOnly status for this authorizer's connection.
117      @param on true means set the connection to read only mode,
118                false means set the connection to read wrte mode.
119      @param authorize true means to verify the caller has authority
120             to set the connection and false means do not check. 
121      @exception StandardException Oops not allowed.
122      */
123    public void setReadOnlyConnection(boolean on, boolean authorize)
124          throws StandardException;
125 
126    /**
127      Refresh this authorizer to reflect a change in the database
128      permissions.
129      
130      @exception AuthorizerSessionException Connect permission gone.
131      @exception StandardException Oops.
132      */
133    public void refresh() throws StandardException;  
134 }
135
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags