Interface AuthorizationService


  • public interface AuthorizationService
    The AuthorizationService allows logging in users, checking permissions of the currently logged in user, and creating and deleting users.
    • Method Detail

      • checkAccess

        boolean checkAccess​(String permissionValue)
        Returns true if the owner of the current session has access for the given permission.
        Parameters:
        permissionValue - Value that uniquely identifies the permission to check.
        Returns:
        true If the owner of the current session is has access to given permission.
      • checkAccess

        boolean checkAccess​(String permissionValue,
                            WorkflowEnabled workflowEnabledObject)
        Returns true if the owner of the current session has both the requested static RBAC authorization as well as the dynamic Workflow authorization according to the Workflow of the given Workflow enabled object. Returns false otherwise.
        Parameters:
        permissionValue - RBAC authorization key to check authorization for.
        workflowEnabledObject - Workflow enabled object to check Workflow authorization against.
        Returns:
        true if the owner of the current session has both static RBAC and dynamic Workflow authorization for the requested RBAC permission and Workflow context.
      • checkAccess

        boolean checkAccess​(String permissionValue,
                            WorkflowModel workflowModel)
        Returns true if the owner of the current session has both the requested static RBAC authorization as well as the auhorization to initiate the given Workflow model (in other words; to create a Workflow model instance from it) Returns false otherwise
        Parameters:
        permissionValue - RBAC authorization key to check authorization for
        workflowModel - Workflow model to check Workflow authorization against
        Returns:
        true if the owner of the current session has both static RBAC and dynamic Workflow authorization to initiate the given Workflow model
      • checkComponent

        boolean checkComponent​(String permissionValue,
                               int webid)
        This method checks if the component that corresponds to the given permission is enabled or not. Note that if 'show_as_component' of the component category is false then this method will always return true; the component in that case cannot be disabled using the GUI.
        Parameters:
        permissionValue - Label of the permission to check component access for
        Returns:
        true if the component that belongs to the permission is either enabled in the GUI or has the 'show_as_component' option set to false.
      • registerCreatePermissions

        void registerCreatePermissions​(Class<? extends Element> elementClass,
                                       Permission[] createPermissions)
        Called by element component type to register the create permissions registered by the element component definition
        Parameters:
        elementClass - Element class to register the create permissions for
        createPermissions - Create permissions to register
      • unregisterCreatePermissions

        void unregisterCreatePermissions​(Class<? extends Element> elementClass)
        Called by element component type to unregister the create permissions registered by the element component definition
        Parameters:
        elementClass - Element class to unregister the create permissions for
      • registerDeletePermissions

        void registerDeletePermissions​(Class<? extends Element> elementClass,
                                       Permission[] deletePermissions)
        Called by element component type to register the delete permissions registered by the element component definition
        Parameters:
        elementClass - Element class to register the delete permissions for
        deletePermissions - Delete permissions to register
      • unregisterDeletePermissions

        void unregisterDeletePermissions​(Class<? extends Element> elementClass)
        Called by element component type to unregister the delete permissions registered by the element component definition
        Parameters:
        elementClass - Element class to unregister the delete permissions for
      • getElementCreatePermission

        String[] getElementCreatePermission​(Class<? extends Element> elementClass)
        Returns the create RBAC permissions associated with this element. This is the permission that allows the user to create the element
        Returns:
        RBAC permission that grants create permission on this element
      • getElementDeletePermission

        String[] getElementDeletePermission​(Class<? extends Element> elementClass)
        Returns the Delete RBAC permission associated with this element. This is the permission that allows the user to delete the element
        Returns:
        RBAC permission that grants delete permission on this element
      • formLogin

        AuthorizationService.LoginStatus formLogin​(String username,
                                                   String password,
                                                   javax.servlet.http.HttpServletRequest request)
        Logs in the given user with the given password for the given http servlet request. This is the first step in a 2FA enabled login.
        Parameters:
        username - Username of the user
        password - Password of the user
        request - Current http servlet request
        Returns:
        the AuthorizationService.LoginStatus to determine the next action to complete the login
      • applicationKeyLogin

        boolean applicationKeyLogin​(javax.servlet.http.HttpServletRequest request,
                                    String key)
        Try to create a logged in session using an application key.
        Parameters:
        request - The current HTTP servlet request.
        key - The application key to use.
        Returns:
        True if the session was successfully created.
      • logout

        void logout​(javax.servlet.http.HttpServletRequest request)
        Logs out the user, clear session data in the request.
        Parameters:
        request - Current request session to clear
      • getCurrentUser

        User getCurrentUser()
        Returns the currently logged in user.
        Returns:
        the currently logged in user.
      • getUserByUuid

        User getUserByUuid​(String uuid)
        Returns the user specified by its uuid.
        Returns:
        the user specified by its uuid
      • getUserById

        User getUserById​(int id)
        Returns the user specified by the SiteWorks id.
        Returns:
        the user specified by the SiteWorks id.
      • getUserByUsername

        User getUserByUsername​(String username)
        Returns the user specified by a username.
        Parameters:
        username - Username to search for (case insensitive).
        Returns:
        User found or null if the user can not be found.
      • createUser

        User createUser​(String login,
                        String password,
                        Website[] websites)
                 throws DuplicateNamingException
        Creates a new user with the specified login and password on the specified websites. No roles are assigned to this user and therefore the user will not be able to login in WebManager yet. Use User.setRoles to provide this user the appropriate authorization.
        Parameters:
        login - The login of the user to create.
        password - The password to set for the user (not encrypted)
        websites - The webinitiatifs to assign the user to. If the array is null or empty, a warning will be logged, the user will not be created and null will be returned.
        Returns:
        The created user or null if creation failed
        Throws:
        DuplicateNamingException - In case a user with the given login already exists on the installation.
      • deleteUser

        void deleteUser​(User user)
        Deletes the User passed by the user parameter and publishes an event before and after deleting it.
        Parameters:
        user - User object which is deleted
      • createRole

        Role createRole​(String roleName,
                        Website[] websites)
                 throws DuplicateNamingException
        Creates a new role with the specified name on the specified websites.
        Parameters:
        roleName - The password to set for the user (not encrypted)
        websites - The webinitiatifs to create the role on. If the array is null or empty, a warning will be logged, the role will not be created and null will be returned.
        Returns:
        The created role or null if creation failed
        Throws:
        DuplicateNamingException - In case a role with the given name already exists on the installation.
      • getAllUsers

        User[] getAllUsers​(Website website)
        Returns all users that are available on the specified webinitiatif. If the webinitiatif passed equals null, all users are returned.
        Parameters:
        website - The website to retrieve the users for. May be null, in which case all users are returned.
        Returns:
        All users available on the specified webinitiatif or all users if the webinitiatif passed is null.
      • getSystemUsers

        Set<User> getSystemUsers()
        Returns all users indicated as system user. Users from all webintiatives are returned.
        Returns:
        The collection of system users throughout the entire XC installation
      • getAllRoles

        Role[] getAllRoles​(Website website)
        Returns all roles that are available on the specified webinitiatif. If the webinitiatif passed equals null, all roles are returned.
        Parameters:
        website - The website to retrieve the roles for. May be null, in which case all roles are returned.
        Returns:
        All roles available on the specified webinitiatif or all roles if the webinitiatif passed is null.
      • getAuthorizedRoles

        Role[] getAuthorizedRoles​(WorkflowEnabled workflowEnabled,
                                  String permissionValue)
        Returns the role who have access to the content item according to the given content item workflow and permission.
        Parameters:
        permissionValue - RBAC authorization key to check authorization for.
        workflowEnabled - Workflow enabled object to check Workflow authorization against.
        Returns:
        Roles who have access to the content item given the wokflow of the content item and permission. When no roles have access, an empty array is returned.
      • login

        boolean login​(String username,
                      javax.servlet.http.HttpServletRequest request)
        Logs in the given user for the given HttpServletRequest without authentication and returns true if the user was successfully logged in, false otherwise.
        Parameters:
        username - name of the user
        request - current HttpServletRequest
        Returns:
        true if the user was successfully logged in, false otherwise
      • isCurrentAccessMethodPassword

        boolean isCurrentAccessMethodPassword()
        Check whether the current login method is using the WebManager login screen.

        This is the case if the current user is logged in using this method, but also when the user has entered a correct password and is about to change his/her password using the form for this purpose.

        Returns:
        true iff the access method is by password
      • notifyListenersOnUserLogout

        @Deprecated
        void notifyListenersOnUserLogout​(javax.servlet.http.HttpSession session,
                                         String userName)
        Deprecated.
        This method does not invalidate the session.
      • notifyListenersOnUserSessionTimeout

        void notifyListenersOnUserSessionTimeout​(javax.servlet.http.HttpSession session,
                                                 String userName)
        Invoked when the session of a user has timed out. Note that the session passed to this method is not valid anymore. You can retrieve attributes from the session, but you cannot use it to invoke the XC API.
        Parameters:
        session - Http session that just timed out
        userName - Name of the user assigned to the session that just timed out