gov.nih.nci.caarray.services.security
Class SecurityServiceObj

java.lang.Object
  extended by gov.nih.nci.caarray.services.security.SecurityServiceObj
All Implemented Interfaces:
SecurityServiceItf

public class SecurityServiceObj
extends java.lang.Object
implements SecurityServiceItf

This class which implements SecurityServiceItf provides the authentication and authorization services and is independent of underlying security infrastructures.

Version:
1.0
Author:
Q. Pan, Sumeet Muju

Field Summary
 AuthenticationDAItf theAuthenticationDAItf
           
 AuthorizationDAItf theAuthorizationDAItf
           
 
Constructor Summary
SecurityServiceObj()
          Constructor for a new SecurityServiceObj object.
 
Method Summary
 boolean authenticateUser(java.lang.String loginName, java.lang.String passwd)
          Returns the result of the user authentication.
 boolean authorizeUser(Role[] roles, java.lang.String applicationName, java.lang.String objectId, java.lang.String attribute)
          place holders for to support interface.
 boolean authorizeUser(java.lang.String userName, Role[] roles, java.lang.String applicationName, java.lang.String objectId, java.lang.String attribute)
          Returns the given user or role's access permission to a protection element.
 SecuredElementItf authorizeUser(java.lang.String loginName, java.lang.String[] roles, java.lang.String applicationName, SecuredElementItf object)
          Overloaded to support isEditable.
 SecuredElementItf[] authorizeUser(java.lang.String loginName, java.lang.String[] roles, java.lang.String applicationName, SecuredElementItf[] objects)
          Returns the given users with role's access permission to a collection of protection element.
 SecuredElementItf[] authorizeUser(java.lang.String loginName, java.lang.String[] roles, java.lang.String applicationName, SecuredElementItf[] objects, ProtectionGroupData[] protectionGroups)
          Returns the given users with role's access permission to a collection of protection element.
 boolean authorizeUser(java.lang.String loginName, java.lang.String[] roles, java.lang.String applicationName, java.lang.String objectId)
          Returns the given users with role's access permission to a protection element.
 SecuredElementItf[] authorizeUserOwner(java.lang.String loginName, java.lang.String applicationName, SecuredElementItf[] objects)
          Returns the given users with role's access permission to a collection of protection element.
 SecuredElementItf[] authorizeUserOwnerOnly(java.lang.String loginName, java.lang.String applicationName, SecuredElementItf[] objects)
          Returns the given users with role's access permission to a collection of protection element.
 java.lang.String getEmail(java.lang.String loginName)
          The email address associated with the login name.
 java.lang.String getEmail(java.lang.String objectId, java.lang.String applicationName)
          The email address associated with the owner of an object.
protected  SecuredElementItf[] getPermittedObjects(java.util.LinkedHashMap objectEntries)
           
 Role[] getRole(java.lang.String loginName, java.lang.String passwd)
          Returns an array of Role objects associated with the loginName/passwd.
 boolean isUserOwner(java.lang.String loginName, java.lang.String applicationName, java.lang.String objectId)
          Returns if the user is owner of given securedElement.
static void main(java.lang.String[] args)
          Used for test only.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

theAuthenticationDAItf

public AuthenticationDAItf theAuthenticationDAItf

theAuthorizationDAItf

public AuthorizationDAItf theAuthorizationDAItf
Constructor Detail

SecurityServiceObj

public SecurityServiceObj()
Constructor for a new SecurityServiceObj object.

Method Detail

authenticateUser

public boolean authenticateUser(java.lang.String loginName,
                                java.lang.String passwd)
Returns the result of the user authentication.

Specified by:
authenticateUser in interface SecurityServiceItf
Parameters:
loginName - the login name of the user
passwd - the password of the user
Returns:
true for successful authentication
false for failed authentication

getRole

public Role[] getRole(java.lang.String loginName,
                      java.lang.String passwd)
Returns an array of Role objects associated with the loginName/passwd.

Specified by:
getRole in interface SecurityServiceItf
Parameters:
loginName - the login name of the user
passwd - the password of the user
Returns:
an array of Role objects associated with the login name

getEmail

public java.lang.String getEmail(java.lang.String loginName)
The email address associated with the login name.

Specified by:
getEmail in interface SecurityServiceItf
Parameters:
loginName - the login name of the user
Returns:
an email addresss associated with the login name

authorizeUser

public SecuredElementItf authorizeUser(java.lang.String loginName,
                                       java.lang.String[] roles,
                                       java.lang.String applicationName,
                                       SecuredElementItf object)
                                throws DBException
Overloaded to support isEditable. Returns the given users with role's access permission to a protection element.

Parameters:
loginName - login name used to check if this is the owner of the protection element
roles, - an array of roles that user should have to access
applicationName - application name
objectId - object Id
Returns:
true if the user is the owner of the protection element or has the permission false if the user is not the owner of the protection element or has no asscee permission
Throws:
DBException

authorizeUser

public boolean authorizeUser(java.lang.String loginName,
                             java.lang.String[] roles,
                             java.lang.String applicationName,
                             java.lang.String objectId)
                      throws DBException
Returns the given users with role's access permission to a protection element.

Parameters:
loginName - login name used to check if this is the owner of the protection element
roles, - an array of roles that user should have to access
applicationName - application name
objectId - object Id
Returns:
true if the user is the owner of the protection element or has the permission false if the user is not the owner of the protection element or has no asscee permission
Throws:
DBException

authorizeUser

public SecuredElementItf[] authorizeUser(java.lang.String loginName,
                                         java.lang.String[] roles,
                                         java.lang.String applicationName,
                                         SecuredElementItf[] objects)
                                  throws DBException
Returns the given users with role's access permission to a collection of protection element. This is overloaded method and implemented to process a collection of securedElementIds vs a single one. This saves multiple database calls ans is more efficient when dealing with a collection of objects.

Parameters:
loginName - login name used to check if this is the owner of the protection element
roles, - an array of roles that user should have to access
applicationName - application name
objectId - collection of objects implementing SecuredElementItf interface.
Returns:
true if the user is the owner of the protection element or has the permission false if the user is not the owner of the protection element or has no asscee permission
Throws:
DBException

authorizeUser

public SecuredElementItf[] authorizeUser(java.lang.String loginName,
                                         java.lang.String[] roles,
                                         java.lang.String applicationName,
                                         SecuredElementItf[] objects,
                                         ProtectionGroupData[] protectionGroups)
                                  throws DBException
Returns the given users with role's access permission to a collection of protection element. This is overloaded method and implemented to process a collection of securedElementIds vs a single one. This saves multiple database calls ans is more efficient when dealing with a collection of objects.

Parameters:
loginName - login name used to check if this is the owner of the protection element
roles, - an array of roles that user should have to access
applicationName - application name
objectId - collection of objects implementing SecuredElementItf interface.
protectionGroups, - array of protectionGroupData to which the search is restricted.
Returns:
true if the user is the owner of the protection element or has the permission false if the user is not the owner of the protection element or has no asscee permission
Throws:
DBException

authorizeUserOwnerOnly

public SecuredElementItf[] authorizeUserOwnerOnly(java.lang.String loginName,
                                                  java.lang.String applicationName,
                                                  SecuredElementItf[] objects)
                                           throws DBException
Returns the given users with role's access permission to a collection of protection element. This is overloaded method and implemented to process a collection of securedElementIds vs a single one. This saves multiple database calls ans is more efficient when dealing with a collection of objects.

Parameters:
loginName - login name used to check if this is the owner of the protection element
roles, - an array of roles that user should have to access
applicationName - application name
objectId - collection of objects implementing SecuredElementItf interface.
Returns:
true if the user is the owner of the protection element or has the permission false if the user is not the owner of the protection element or has no asscee permission
Throws:
DBException

authorizeUserOwner

public SecuredElementItf[] authorizeUserOwner(java.lang.String loginName,
                                              java.lang.String applicationName,
                                              SecuredElementItf[] objects)
                                       throws DBException
Returns the given users with role's access permission to a collection of protection element. This is overloaded method and implemented to process a collection of securedElementIds vs a single one. This saves multiple database calls ans is more efficient when dealing with a collection of objects.

Parameters:
loginName - login name used to check if this is the owner of the protection element
roles, - an array of roles that user should have to access
applicationName - application name
objectId - collection of objects implementing SecuredElementItf interface.
Returns:
true if the user is the owner of the protection element or has the permission false if the user is not the owner of the protection element or has no asscee permission
Throws:
DBException

authorizeUser

public boolean authorizeUser(Role[] roles,
                             java.lang.String applicationName,
                             java.lang.String objectId,
                             java.lang.String attribute)
place holders for to support interface. -TODO sort out the interface with security team.

Specified by:
authorizeUser in interface SecurityServiceItf
applicationName - application name
objectId - object Id
attribute - attribute
Returns:
true if has the permission false if has no asscee permission

authorizeUser

public boolean authorizeUser(java.lang.String userName,
                             Role[] roles,
                             java.lang.String applicationName,
                             java.lang.String objectId,
                             java.lang.String attribute)
Description copied from interface: SecurityServiceItf
Returns the given user or role's access permission to a protection element.

Specified by:
authorizeUser in interface SecurityServiceItf
Parameters:
userName - login name used to check if this is the owner of the protection element
applicationName - application name
objectId - object Id
attribute - attribute
Returns:
true if the user is the owner of the protection element or has the permission false if the user is not the owner of the protection element or has no asscee permission

getEmail

public java.lang.String getEmail(java.lang.String objectId,
                                 java.lang.String applicationName)
The email address associated with the owner of an object.

Parameters:
objectid - the objects id
applicationName - the applications name
Returns:
an email addresss associated with the owner of an object.

isUserOwner

public boolean isUserOwner(java.lang.String loginName,
                           java.lang.String applicationName,
                           java.lang.String objectId)
                    throws DBException
Returns if the user is owner of given securedElement.

Parameters:
loginName - login name used to check if this is the owner of the protection element
applicationName - application name
objectId - object Id
Returns:
true if the user is the owner of the protection element or has the permission false if the user is not the owner of the protection element or has no access permission
Throws:
DBException

getPermittedObjects

protected SecuredElementItf[] getPermittedObjects(java.util.LinkedHashMap objectEntries)
Parameters:
objectEntries - a mix of permitted and non-permitted SecuredObjectEntry objects
Returns:
array of permitted SecuredElementItf objects

main

public static void main(java.lang.String[] args)
Used for test only.