AccessControl


1   /*
2    * Copyright 2005 Joe Walker
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.directwebremoting.extend;
17  
18  import java.lang.reflect.Method  ;
19  
20  /**
21   * Control who should be accessing which methods on which classes.
22   * @author Joe Walker [joe at getahead dot ltd dot uk]
23   */
24  public interface AccessControl
25  {
26      /**
27       * Check the method for accessibility at runtime, and return an error
28       * message if anything is wrong. If nothing is wrong, return null.
29       * <p>See notes on <code>getReasonToNotDisplay()</code>. This method should
30       * duplicate the tests made by that method.
31       * <p>This is not a great becuase it mixes 2 bits of information in the same
32       * variable (is it wrong, and what is wrong) but without multi-value returns
33       * in Java this seems like the most simple implementation.
34       * @param creator Where does the method come from?
35       * @param className The Javascript name of the class
36       * @param method What is the method to execute?
37       * @throws SecurityException If the given method is disallowed
38       * @see AccessControl#assertIsDisplayable(Creator, String, Method)
39       */
40      void assertExecutionIsPossible(Creator creator, String   className, Method   method) throws SecurityException  ;
41  
42      /**
43       * Check the method for accessibility at 'compile-time' (i.e. when the app
44       * is downloaded), and return an error message if anything is wrong. If
45       * nothing is wrong, return null.
46       * <p>This method is similar to <code>getReasonToNotExecute()</code> except
47       * that there may be checks (like security checks) that we wish to make only
48       * at runtime in case the situation changes between 'compile-time' and
49       * runtime.
50       * <p>This is not a great becuase it mixes 2 bits of information in the same
51       * variable (is it wrong, and what is wrong) but without multi-value returns
52       * in Java this seems like the most simple implementation.
53       * @param creator Where does the method come from?
54       * @param className The Javascript name of the class
55       * @param method What is the method to execute?
56       * @throws SecurityException If the given method is disallowed
57       * @see AccessControl#assertExecutionIsPossible(Creator, String, Method)
58       */
59      void assertIsDisplayable(Creator creator, String   className, Method   method) throws SecurityException  ;
60  
61      /**
62       * J2EE role based security allows us to restrict methods to only being used
63       * by people in certain roles.
64       * @param scriptName The name of the creator to Javascript
65       * @param methodName The name of the method (without brackets)
66       * @param role The new role name to add to the list for the given scriptName and methodName
67       */
68      void addRoleRestriction(String   scriptName, String   methodName, String   role);
69  
70      /**
71       * Add an include rule.
72       * Each creator can have either a list of inclusions or a list of exclusions
73       * but not both. If a creator has a list of inclusions then the default
74       * policy is to deny any method that is not specifically included. If the
75       * creator has a list of exclusions then the default policy is to allow
76       * any method not listed.
77       * If there are no included or excluded rules then the default policy is to
78       * allow all methods
79       * @param scriptName The name of the creator to Javascript
80       * @param methodName The name of the method (without brackets)
81       */
82      void addIncludeRule(String   scriptName, String   methodName);
83  
84      /**
85       * Add an exclude rule.
86       * @param scriptName The name of the creator to Javascript
87       * @param methodName The name of the method (without brackets)
88       * @see AccessControl#addIncludeRule(String, String)
89       */
90      void addExcludeRule(String   scriptName, String   methodName);
91  }
92
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags