SecurityPolicyServiceImpl (Nuxeo ECM Projects 10.10 API)

java.lang.Object
- org.nuxeo.ecm.core.security.SecurityPolicyServiceImpl

All Implemented Interfaces:

Serializable, SecurityPolicyService
```
public class SecurityPolicyServiceImpl
extends Object
implements SecurityPolicyService
```
Security policy service implementation.
Iterates over ordered policies. First policy to give a known access (grant or deny) applies.

Author:

Anahide Tchertchian

See Also:

Serialized Form

Constructor Summary

Constructors
Constructor and Description

SecurityPolicyServiceImpl()

Constructors
Constructor and Description
`SecurityPolicyServiceImpl()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`arePoliciesExpressibleInQuery(String repositoryName)` Checks if the policies can be expressed in a query for a given repository.
`boolean`	`arePoliciesRestrictingPermission(String permission)` Checks if any policy restricts the given permission.
`Access`	`checkPermission(Document doc, ACP mergedAcp, NuxeoPrincipal principal, String permission, String[] resolvedPermissions, String[] additionalPrincipals)` Checks given permission for doc and principal.
`List<SecurityPolicy>`	`getPolicies()` Gets the list of registered security policies.
`Collection<SQLQuery.Transformer>`	`getPoliciesQueryTransformers(String repositoryName)` Get the transformers to apply the policies to a query for given repository.
`void`	`registerDescriptor(SecurityPolicyDescriptor descriptor)`
`void`	`unregisterDescriptor(SecurityPolicyDescriptor descriptor)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SecurityPolicyServiceImpl
```
public SecurityPolicyServiceImpl()
```
- Method Detail
  - getPolicies
```
public List<SecurityPolicy> getPolicies()
```
    Description copied from interface: SecurityPolicyService
    
    Gets the list of registered security policies.
    
    Specified by:
    
    getPolicies in interface SecurityPolicyService
    
    Returns:
    
    the policies
  - arePoliciesRestrictingPermission
```
public boolean arePoliciesRestrictingPermission(String permission)
```
    Description copied from interface: SecurityPolicyService
    
    Checks if any policy restricts the given permission.
    If not, then no post-filtering on policies will be needed for query results.
    
    Specified by:
    
    arePoliciesRestrictingPermission in interface SecurityPolicyService
    
    Returns:
    
    true if a policy restricts the permission
  - arePoliciesExpressibleInQuery
```
public boolean arePoliciesExpressibleInQuery(String repositoryName)
```
    Description copied from interface: SecurityPolicyService
    
    Checks if the policies can be expressed in a query for a given repository.
    If not, then any query made will have to be post-filtered.
    
    Specified by:
    
    arePoliciesExpressibleInQuery in interface SecurityPolicyService
    
    Parameters:
    
    repositoryName - the target repository name.
    
    Returns:
    
    true if all policies can be expressed in a query
  - getPoliciesQueryTransformers
```
public Collection<SQLQuery.Transformer> getPoliciesQueryTransformers(String repositoryName)
```
    Description copied from interface: SecurityPolicyService
    
    Get the transformers to apply the policies to a query for given repository.
    
    Specified by:
    
    getPoliciesQueryTransformers in interface SecurityPolicyService
    
    Parameters:
    
    repositoryName - the target repository name.
    
    Returns:
    
    the transformers.
  - registerDescriptor
```
public void registerDescriptor(SecurityPolicyDescriptor descriptor)
```
    Specified by:
    
    registerDescriptor in interface SecurityPolicyService
  - unregisterDescriptor
```
public void unregisterDescriptor(SecurityPolicyDescriptor descriptor)
```
    Specified by:
    
    unregisterDescriptor in interface SecurityPolicyService
  - checkPermission
```
public Access checkPermission(Document doc,
                              ACP mergedAcp,
                              NuxeoPrincipal principal,
                              String permission,
                              String[] resolvedPermissions,
                              String[] additionalPrincipals)
```
    Description copied from interface: SecurityPolicyService
    
    Checks given permission for doc and principal.
    The security service checks this service for a security access. This access is defined iterating over pluggable policies in a defined order. If access is not specified, security service applies its default policy.
    
    Specified by:
    
    checkPermission in interface SecurityPolicyService
    
    Parameters:
    
    doc - the document to check
    
    mergedAcp - merged acp resolved for this document
    
    principal - principal to check
    
    permission - permission to check
    
    resolvedPermissions - permissions or groups of permissions containing permission
    
    additionalPrincipals - principals (groups) to check for principal
    
    Returns:
    
    access: true, false, or nothing. When nothing is returned, following policies or default core security are applied.

Class SecurityPolicyServiceImpl

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SecurityPolicyServiceImpl

Method Detail

getPolicies

arePoliciesRestrictingPermission

arePoliciesExpressibleInQuery

getPoliciesQueryTransformers

registerDescriptor

unregisterDescriptor

checkPermission