Class CachingAccessResolver
java.lang.Object
edu.internet2.middleware.grouper.privs.AccessResolverDecorator
edu.internet2.middleware.grouper.privs.CachingAccessResolver
- All Implemented Interfaces:
AccessResolver
Decorator that provides caching for
AccessResolver.
- Since:
- 1.2.1
- Version:
- $Id: CachingAccessResolver.java,v 1.16 2009-09-21 06:14:26 mchyzer Exp $
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidflush cache if caching resolverget a reference to the sessiongetPrivileges(Group group, Subject subject) Get all privileges subject has on group.voidgrantPrivilege(Group group, Subject subject, Privilege privilege, String uuid) Grant privilege to subject on group.booleanhasPrivilege(Group group, Subject subject, Privilege privilege) Check whether subject has privilege on group.booleanhqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) for a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)after HQL is run, filter groups.postHqlFilterMemberships(Subject subject, Set<Membership> memberships) filter memberships for things the subject can seevoidprivilegeCopy(Group g1, Group g2, Privilege priv) Copies privileges for subjects that have the specified privilege on g1 to g2.voidprivilegeCopy(Subject subj1, Subject subj2, Privilege priv) Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.voidrevokeAllPrivilegesForSubject(Subject subject) Revoke all access privileges that this subject has.voidrevokePrivilege(Group group, Privilege privilege) Revoke privilege from all subjects on group.voidrevokePrivilege(Group group, Subject subject, Privilege privilege) Revoke privilege from subject on group.voidstop()clean up resources, session is stoppedMethods inherited from class edu.internet2.middleware.grouper.privs.AccessResolverDecorator
getDecoratedResolver, getGroupsWhereSubjectDoesHavePrivilege, getGroupsWhereSubjectDoesntHavePrivilege, getGroupsWhereSubjectHasPrivilege, getStemsWhereGroupThatSubjectHasPrivilege, getSubjectsWithPrivilege, hqlFilterGroupsNotWithPrivWhereClause, hqlFilterGroupsWithPrivWhereClause, postHqlFilterStemsWithGroups, retrievePrivileges
-
Field Details
-
CACHE_HASPRIV
-
-
Constructor Details
-
CachingAccessResolver
- Parameters:
resolver-- Since:
- 1.2.1
-
-
Method Details
-
getPrivileges
public Set<AccessPrivilege> getPrivileges(Group group, Subject subject) throws IllegalArgumentException Description copied from interface:AccessResolverGet all privileges subject has on group.- Specified by:
getPrivilegesin interfaceAccessResolver- Overrides:
getPrivilegesin classAccessResolverDecorator- Returns:
- the set
- Throws:
IllegalArgumentException- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
getStats
- Parameters:
cache-- Returns:
- ehcache statistics for cache.
- Since:
- 1.2.1
-
grantPrivilege
public void grantPrivilege(Group group, Subject subject, Privilege privilege, String uuid) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolverGrant privilege to subject on group.- Specified by:
grantPrivilegein interfaceAccessResolver- Overrides:
grantPrivilegein classAccessResolverDecoratoruuid- send uuid if known, else null- Throws:
IllegalArgumentException- if any parameter is null.UnableToPerformException- if the privilege could not be granted.- Since:
- 1.2.1
- See Also:
-
hasPrivilege
public boolean hasPrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException Description copied from interface:AccessResolverCheck whether subject has privilege on group.- Specified by:
hasPrivilegein interfaceAccessResolver- Overrides:
hasPrivilegein classAccessResolverDecorator- Returns:
- boolean
- Throws:
IllegalArgumentException- if any parameter is null.- Since:
- 1.2.1
- See Also:
-
revokePrivilege
public void revokePrivilege(Group group, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolverRevoke privilege from all subjects on group.- Specified by:
revokePrivilegein interfaceAccessResolver- Overrides:
revokePrivilegein classAccessResolverDecorator- Throws:
IllegalArgumentException- if any parameter is null.UnableToPerformException- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
revokePrivilege
public void revokePrivilege(Group group, Subject subject, Privilege privilege) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolverRevoke privilege from subject on group.- Specified by:
revokePrivilegein interfaceAccessResolver- Overrides:
revokePrivilegein classAccessResolverDecorator- Throws:
IllegalArgumentException- if any parameter is null.UnableToPerformException- if the privilege could not be revoked.- Since:
- 1.2.1
- See Also:
-
privilegeCopy
public void privilegeCopy(Group g1, Group g2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolverCopies privileges for subjects that have the specified privilege on g1 to g2.- Specified by:
privilegeCopyin interfaceAccessResolver- Overrides:
privilegeCopyin classAccessResolverDecorator- Throws:
IllegalArgumentExceptionUnableToPerformException- See Also:
-
privilegeCopy
public void privilegeCopy(Subject subj1, Subject subj2, Privilege priv) throws IllegalArgumentException, UnableToPerformException Description copied from interface:AccessResolverCopies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ADMIN privilege to Group x, this method will result with subj2 having ADMIN privilege to Group x.- Specified by:
privilegeCopyin interfaceAccessResolver- Overrides:
privilegeCopyin classAccessResolverDecorator- Throws:
IllegalArgumentExceptionUnableToPerformException- See Also:
-
flushCache
public void flushCache()Description copied from interface:AccessResolverflush cache if caching resolver- Specified by:
flushCachein interfaceAccessResolver- Overrides:
flushCachein classAccessResolverDecorator- See Also:
-
postHqlFilterGroups
Description copied from interface:AccessResolverafter HQL is run, filter groups. If you are filtering in HQL, then dont filter here- Specified by:
postHqlFilterGroupsin interfaceAccessResolver- Overrides:
postHqlFilterGroupsin classAccessResolverDecoratorsubject- which needs view access to the groupsprivInSet- find a privilege which is in this set (e.g. for view, send all access privs). There are pre-canned sets in AccessAdapter- Returns:
- the set of filtered groups
- See Also:
-
hqlFilterGroupsWhereClause
public boolean hqlFilterGroupsWhereClause(Subject subject, HqlQuery hqlQuery, StringBuilder hql, String groupColumn, Set<Privilege> privInSet) Description copied from interface:AccessResolverfor a group query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterGroups instead if you like)- Specified by:
hqlFilterGroupsWhereClausein interfaceAccessResolver- Overrides:
hqlFilterGroupsWhereClausein classAccessResolverDecorator- Parameters:
subject- which needs view access to the groupshql- the select and current from partgroupColumn- is the name of the group column to join toprivInSet- find a privilege which is in this set (e.g. for view, send all access privs)- Returns:
- if the statement was changed
- See Also:
-
getGrouperSession
Description copied from interface:AccessResolverget a reference to the session- Specified by:
getGrouperSessionin interfaceAccessResolver- Overrides:
getGrouperSessionin classAccessResolverDecorator- Returns:
- the session
- See Also:
-
postHqlFilterMemberships
Description copied from interface:AccessResolverfilter memberships for things the subject can see- Specified by:
postHqlFilterMembershipsin interfaceAccessResolver- Overrides:
postHqlFilterMembershipsin classAccessResolverDecorator- Returns:
- the memberships
- See Also:
-
stop
public void stop()Description copied from interface:AccessResolverclean up resources, session is stopped- Specified by:
stopin interfaceAccessResolver- Overrides:
stopin classAccessResolverDecorator- See Also:
-
revokeAllPrivilegesForSubject
Description copied from interface:AccessResolverRevoke all access privileges that this subject has.- Specified by:
revokeAllPrivilegesForSubjectin interfaceAccessResolver- Overrides:
revokeAllPrivilegesForSubjectin classAccessResolverDecorator- See Also:
-