Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

edu.internet2.middleware.grouper.privs
Class CachingAttrDefResolver

java.lang.Object
  extended by edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator
      extended by edu.internet2.middleware.grouper.privs.CachingAttrDefResolver
All Implemented Interfaces:
AttributeDefResolver
public class CachingAttrDefResolver
extends AttributeDefResolverDecorator

Decorator that provides caching for AttributeDefResolver.

Since:
1.2.1
Version:
$Id: CachingAttrDefResolver.java,v 1.2 2009-09-28 05:06:46 mchyzer Exp $
Author:
blair christensen.

Field Summary
static String CACHE_HASPRIV
           
 
Constructor Summary
CachingAttrDefResolver(AttributeDefResolver resolver)
           
 
Method Summary
 void flushCache()
          flush cache if caching resolver
 Set<AttributeDef> getAttributeDefsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Get all attributedefs where subject has privilege.
 GrouperSession getGrouperSession()
          get a reference to the session
 Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject)
          Get all privileges subject has on attributeDef.
 CacheStats getStats(String cache)
           
 Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPrivilege(AttributeDef attributeDef, Privilege privilege)
          Get all subjects with privilege on attributeDef.
 void grantPrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege, String uuid)
          Grant privilege to subject on attributeDef.
 boolean hasPrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Check whether subject has privilege on attributeDef.
 boolean hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, StringBuilder hqlTables, StringBuilder hqlWhereClause, String attrDefColumn, Set<Privilege> privInSet)
          for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)
 boolean hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject, HqlQuery hqlQuery, StringBuilder hql, String attributeDefColumn, Privilege privilege, boolean considerAllSubject)
          for an attribute def query, check to make sure the subject cant see the records
 Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs, edu.internet2.middleware.subject.Subject subject, Set<Privilege> privInSet)
          after HQL is run, filter attributeDefs.
 Set<AttributeAssign> postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject subject, Set<AttributeAssign> attributeAssigns)
          filter attributeDefs for things the subject can see
 Set<PermissionEntry> postHqlFilterPermissions(edu.internet2.middleware.subject.Subject subject, Set<PermissionEntry> permissionsEntries)
          filter permissions for things the subject can see
 Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(edu.internet2.middleware.subject.Subject subject, Set<PITAttributeAssign> pitAttributeAssigns)
          filter pit attribute assignments for things the subject can see
 void privilegeCopy(AttributeDef attributeDef1, AttributeDef attributeDef2, Privilege priv)
          Copies privileges for subjects that have the specified privilege on g1 to g2.
 void privilegeCopy(edu.internet2.middleware.subject.Subject subj1, edu.internet2.middleware.subject.Subject subj2, Privilege priv)
          Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2.
 void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
          Revoke all attrDef privileges that this subject has.
 void revokePrivilege(AttributeDef attributeDef, Privilege privilege)
          Revoke privilege from all subjects on attributeDef.
 void revokePrivilege(AttributeDef attributeDef, edu.internet2.middleware.subject.Subject subject, Privilege privilege)
          Revoke privilege from subject on attributeDef.
 void stop()
          clean up resources, session is stopped
 
Methods inherited from class edu.internet2.middleware.grouper.privs.AttributeDefResolverDecorator
getAttributeDefsWhereSubjectDoesntHavePrivilege, getDecoratedResolver, retrievePrivileges
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CACHE_HASPRIV

public static final String CACHE_HASPRIV
Constructor Detail

CachingAttrDefResolver

public CachingAttrDefResolver(AttributeDefResolver resolver)
Parameters:
resolver -
Since:
1.2.1
Method Detail

getAttributeDefsWhereSubjectHasPrivilege

public Set<AttributeDef> getAttributeDefsWhereSubjectHasPrivilege(edu.internet2.middleware.subject.Subject subject,
                                                                  Privilege privilege)
                                                           throws IllegalArgumentException
Description copied from interface: AttributeDefResolver
Get all attributedefs where subject has privilege.

Specified by:
getAttributeDefsWhereSubjectHasPrivilege in interface AttributeDefResolver
Overrides:
getAttributeDefsWhereSubjectHasPrivilege in class AttributeDefResolverDecorator
Returns:
the set
Throws:
IllegalArgumentException - if any parameter is null.
See Also:
AttributeDefResolver.getAttributeDefsWhereSubjectHasPrivilege(Subject, Privilege)

getPrivileges

public Set<AttributeDefPrivilege> getPrivileges(AttributeDef attributeDef,
                                                edu.internet2.middleware.subject.Subject subject)
                                         throws IllegalArgumentException
Description copied from interface: AttributeDefResolver
Get all privileges subject has on attributeDef.

Specified by:
getPrivileges in interface AttributeDefResolver
Overrides:
getPrivileges in class AttributeDefResolverDecorator
Returns:
the set
Throws:
IllegalArgumentException - if any parameter is null.
See Also:
AttributeDefResolver.getPrivileges(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject)

getStats

public CacheStats getStats(String cache)
Parameters:
cache -
Returns:
ehcache statistics for cache.
Since:
1.2.1

getSubjectsWithPrivilege

public Set<edu.internet2.middleware.subject.Subject> getSubjectsWithPrivilege(AttributeDef attributeDef,
                                                                              Privilege privilege)
                                                                       throws IllegalArgumentException
Description copied from interface: AttributeDefResolver
Get all subjects with privilege on attributeDef.

Specified by:
getSubjectsWithPrivilege in interface AttributeDefResolver
Overrides:
getSubjectsWithPrivilege in class AttributeDefResolverDecorator
Returns:
the set
Throws:
IllegalArgumentException - if any parameter is null.
See Also:
AttributeDefResolver.getSubjectsWithPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.privs.Privilege)

grantPrivilege

public void grantPrivilege(AttributeDef attributeDef,
                           edu.internet2.middleware.subject.Subject subject,
                           Privilege privilege,
                           String uuid)
                    throws IllegalArgumentException,
                           UnableToPerformException
Description copied from interface: AttributeDefResolver
Grant privilege to subject on attributeDef.

Specified by:
grantPrivilege in interface AttributeDefResolver
Overrides:
grantPrivilege in class AttributeDefResolverDecorator
uuid - is uuid or null for assigned
Throws:
IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be granted.
See Also:
AttributeDefResolver.grantPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege, String)

hasPrivilege

public boolean hasPrivilege(AttributeDef attributeDef,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws IllegalArgumentException
Description copied from interface: AttributeDefResolver
Check whether subject has privilege on attributeDef.

Specified by:
hasPrivilege in interface AttributeDefResolver
Overrides:
hasPrivilege in class AttributeDefResolverDecorator
Returns:
boolean
Throws:
IllegalArgumentException - if any parameter is null.
See Also:
AttributeDefResolver.hasPrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

revokePrivilege

public void revokePrivilege(AttributeDef attributeDef,
                            Privilege privilege)
                     throws IllegalArgumentException,
                            UnableToPerformException
Description copied from interface: AttributeDefResolver
Revoke privilege from all subjects on attributeDef.

Specified by:
revokePrivilege in interface AttributeDefResolver
Overrides:
revokePrivilege in class AttributeDefResolverDecorator
Throws:
IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.
See Also:
AttributeDefResolver.revokePrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.privs.Privilege)

revokePrivilege

public void revokePrivilege(AttributeDef attributeDef,
                            edu.internet2.middleware.subject.Subject subject,
                            Privilege privilege)
                     throws IllegalArgumentException,
                            UnableToPerformException
Description copied from interface: AttributeDefResolver
Revoke privilege from subject on attributeDef.

Specified by:
revokePrivilege in interface AttributeDefResolver
Overrides:
revokePrivilege in class AttributeDefResolverDecorator
Throws:
IllegalArgumentException - if any parameter is null.
UnableToPerformException - if the privilege could not be revoked.
See Also:
AttributeDefResolver.revokePrivilege(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

privilegeCopy

public void privilegeCopy(AttributeDef attributeDef1,
                          AttributeDef attributeDef2,
                          Privilege priv)
                   throws IllegalArgumentException,
                          UnableToPerformException
Description copied from interface: AttributeDefResolver
Copies privileges for subjects that have the specified privilege on g1 to g2.

Specified by:
privilegeCopy in interface AttributeDefResolver
Overrides:
privilegeCopy in class AttributeDefResolverDecorator
Throws:
IllegalArgumentException
UnableToPerformException
See Also:
AttributeDefResolver.privilegeCopy(edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.attr.AttributeDef, edu.internet2.middleware.grouper.privs.Privilege)

privilegeCopy

public void privilegeCopy(edu.internet2.middleware.subject.Subject subj1,
                          edu.internet2.middleware.subject.Subject subj2,
                          Privilege priv)
                   throws IllegalArgumentException,
                          UnableToPerformException
Description copied from interface: AttributeDefResolver
Copies privileges of type priv on any subject for the given Subject subj1 to the given Subject subj2. For instance, if subj1 has ATTR_ADMIN privilege to AttributeDef x, this method will result with subj2 having ATTR_ADMIN privilege to AttributeDef x.

Specified by:
privilegeCopy in interface AttributeDefResolver
Overrides:
privilegeCopy in class AttributeDefResolverDecorator
Throws:
IllegalArgumentException
UnableToPerformException
See Also:
AttributeDefResolver.privilegeCopy(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.privs.Privilege)

flushCache

public void flushCache()
Description copied from interface: AttributeDefResolver
flush cache if caching resolver

Specified by:
flushCache in interface AttributeDefResolver
Overrides:
flushCache in class AttributeDefResolverDecorator
See Also:
AttributeDefResolverDecorator.flushCache()

postHqlFilterAttrDefs

public Set<AttributeDef> postHqlFilterAttrDefs(Set<AttributeDef> attributeDefs,
                                               edu.internet2.middleware.subject.Subject subject,
                                               Set<Privilege> privInSet)
Description copied from interface: AttributeDefResolver
after HQL is run, filter attributeDefs. If you are filtering in HQL, then dont filter here

Specified by:
postHqlFilterAttrDefs in interface AttributeDefResolver
Overrides:
postHqlFilterAttrDefs in class AttributeDefResolverDecorator
subject - which needs view access to the attribute defs
privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs). There are pre-canned sets in AttributeDefAdapter
Returns:
the set of filtered attrDefs
See Also:
AttributeDefResolver.postHqlFilterAttrDefs(java.util.Set, edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterAttrDefsWhereClause

public boolean hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject subject,
                                            HqlQuery hqlQuery,
                                            StringBuilder hqlTables,
                                            StringBuilder hqlWhereClause,
                                            String attrDefColumn,
                                            Set<Privilege> privInSet)
Description copied from interface: AttributeDefResolver
for an attrDef query, check to make sure the subject can see the records (if filtering HQL, you can do the postHqlFilterAttDefs instead if you like)

Specified by:
hqlFilterAttrDefsWhereClause in interface AttributeDefResolver
Overrides:
hqlFilterAttrDefsWhereClause in class AttributeDefResolverDecorator
Parameters:
subject - which needs view access to the attrDefs
hqlTables - the select and current from part
hqlWhereClause - is there where clause part of the query
attrDefColumn - is the name of the attributeDef column to join to
privInSet - find a privilege which is in this set (e.g. for view, send all attrDef privs)
Returns:
if the statement was changed
See Also:
AttributeDefResolver.hqlFilterAttrDefsWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.StringBuilder, java.lang.String, java.util.Set)

getGrouperSession

public GrouperSession getGrouperSession()
Description copied from interface: AttributeDefResolver
get a reference to the session

Specified by:
getGrouperSession in interface AttributeDefResolver
Overrides:
getGrouperSession in class AttributeDefResolverDecorator
Returns:
the session
See Also:
AttributeDefResolver.getGrouperSession()

postHqlFilterAttributeAssigns

public Set<AttributeAssign> postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject subject,
                                                          Set<AttributeAssign> attributeAssigns)
Description copied from interface: AttributeDefResolver
filter attributeDefs for things the subject can see

Specified by:
postHqlFilterAttributeAssigns in interface AttributeDefResolver
Overrides:
postHqlFilterAttributeAssigns in class AttributeDefResolverDecorator
Returns:
the memberships
See Also:
AttributeDefResolverDecorator.postHqlFilterAttributeAssigns(edu.internet2.middleware.subject.Subject, java.util.Set)

postHqlFilterPITAttributeAssigns

public Set<PITAttributeAssign> postHqlFilterPITAttributeAssigns(edu.internet2.middleware.subject.Subject subject,
                                                                Set<PITAttributeAssign> pitAttributeAssigns)
Description copied from interface: AttributeDefResolver
filter pit attribute assignments for things the subject can see

Specified by:
postHqlFilterPITAttributeAssigns in interface AttributeDefResolver
Overrides:
postHqlFilterPITAttributeAssigns in class AttributeDefResolverDecorator
Returns:
the pit attribute assignments
See Also:
AttributeDefResolverDecorator.postHqlFilterPITAttributeAssigns(edu.internet2.middleware.subject.Subject, java.util.Set)

stop

public void stop()
Description copied from interface: AttributeDefResolver
clean up resources, session is stopped

Specified by:
stop in interface AttributeDefResolver
Overrides:
stop in class AttributeDefResolverDecorator
See Also:
AttributeDefResolver.stop()

revokeAllPrivilegesForSubject

public void revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject subject)
Description copied from interface: AttributeDefResolver
Revoke all attrDef privileges that this subject has.

Specified by:
revokeAllPrivilegesForSubject in interface AttributeDefResolver
Overrides:
revokeAllPrivilegesForSubject in class AttributeDefResolverDecorator
See Also:
AttributeDefResolver.revokeAllPrivilegesForSubject(edu.internet2.middleware.subject.Subject)

postHqlFilterPermissions

public Set<PermissionEntry> postHqlFilterPermissions(edu.internet2.middleware.subject.Subject subject,
                                                     Set<PermissionEntry> permissionsEntries)
Description copied from interface: AttributeDefResolver
filter permissions for things the subject can see

Specified by:
postHqlFilterPermissions in interface AttributeDefResolver
Overrides:
postHqlFilterPermissions in class AttributeDefResolverDecorator
Returns:
the memberships
See Also:
AttributeDefResolver.postHqlFilterPermissions(edu.internet2.middleware.subject.Subject, java.util.Set)

hqlFilterAttributeDefsNotWithPrivWhereClause

public boolean hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject subject,
                                                            HqlQuery hqlQuery,
                                                            StringBuilder hql,
                                                            String attributeDefColumn,
                                                            Privilege privilege,
                                                            boolean considerAllSubject)
Description copied from interface: AttributeDefResolver
for an attribute def query, check to make sure the subject cant see the records

Specified by:
hqlFilterAttributeDefsNotWithPrivWhereClause in interface AttributeDefResolver
Overrides:
hqlFilterAttributeDefsNotWithPrivWhereClause in class AttributeDefResolverDecorator
Parameters:
subject - which needs view access to the groups
hql - the select and current from part
attributeDefColumn - is the name of the attributeDef column to join to
privilege - find a privilege which is in this set (e.g. for view, attr view)
considerAllSubject - if true, then consider GrouperAll when seeign if subject has priv, else do not
Returns:
if the statement was changed
See Also:
edu.internet2.middleware.grouper.privs.AttributeDefResolver#hqlFilterAttributeDefsNotWithPrivWhereClause(edu.internet2.middleware.subject.Subject, edu.internet2.middleware.grouper.hibernate.HqlQuery, java.lang.StringBuilder, java.lang.String, Privilege)
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD