edu.cornell.mannlib.vitro.webapp.auth.policy

Class PolicyHelper

java.lang.Object

edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper

public class PolicyHelper
extends Object

A collection of static methods to help determine whether requested actions are authorized by current policy.

Method Summary

Modifier and Type	Method and Description
static boolean	isAuthorizedAsExpected(javax.servlet.http.HttpServletRequest req, org.apache.jena.rdf.model.Model additions, org.apache.jena.rdf.model.Model retractions, org.apache.jena.ontology.OntModel modelBeingModified) Do the current policies authorize the current user to modify this model by adding all of the statments in the additions model and dropping all of the statements in the retractions model? This differs from the other calls to "isAuthorized..." because we always expect the answer to be true.
static boolean	isAuthorizedForActions(javax.servlet.http.HttpServletRequest req, AuthorizationRequest... actions) Are these actions authorized for the current user by the current policies?
static boolean	isAuthorizedForActions(javax.servlet.http.HttpServletRequest req, Iterable<? extends AuthorizationRequest> actions) Are these actions authorized for the current user by the current policies?
static boolean	isAuthorizedForActions(javax.servlet.http.HttpServletRequest req, String email, String password, AuthorizationRequest ar) Is the email/password authorized for these actions? This should be used when a controller or something needs allow actions if the user passes in their email and password.
static boolean	isAuthorizedForActions(IdentifierBundle ids, PolicyIface policy, AuthorizationRequest ar) Are these actions authorized for these identifiers by these policies?
static boolean	isAuthorizedToAdd(javax.servlet.http.HttpServletRequest req, org.apache.jena.rdf.model.Statement stmt, org.apache.jena.ontology.OntModel modelToBeModified) Do the current policies authorize the current user to add this statement to this model? The statement is expected to be fully-populated, with no null fields.
static boolean	isAuthorizedToDrop(javax.servlet.http.HttpServletRequest req, org.apache.jena.rdf.model.Statement stmt, org.apache.jena.ontology.OntModel modelToBeModified) Do the current policies authorize the current user to drop this statement from this model? The statement is expected to be fully-populated, with no null fields.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

isAuthorizedForActions

public static boolean isAuthorizedForActions(javax.servlet.http.HttpServletRequest req,
                                             AuthorizationRequest... actions)

Are these actions authorized for the current user by the current policies?

isAuthorizedForActions

public static boolean isAuthorizedForActions(javax.servlet.http.HttpServletRequest req,
                                             Iterable<? extends AuthorizationRequest> actions)

Are these actions authorized for the current user by the current policies?

isAuthorizedForActions

public static boolean isAuthorizedForActions(IdentifierBundle ids,
                                             PolicyIface policy,
                                             AuthorizationRequest ar)

Are these actions authorized for these identifiers by these policies?

isAuthorizedForActions

public static boolean isAuthorizedForActions(javax.servlet.http.HttpServletRequest req,
                                             String email,
                                             String password,
                                             AuthorizationRequest ar)

Is the email/password authorized for these actions? This should be used when a controller or something needs allow actions if the user passes in their email and password. It may be better to check this as part of a servlet Filter and add an identifier bundle.

isAuthorizedToAdd

public static boolean isAuthorizedToAdd(javax.servlet.http.HttpServletRequest req,
                                        org.apache.jena.rdf.model.Statement stmt,
                                        org.apache.jena.ontology.OntModel modelToBeModified)

Do the current policies authorize the current user to add this statement to this model? The statement is expected to be fully-populated, with no null fields.

isAuthorizedToDrop

public static boolean isAuthorizedToDrop(javax.servlet.http.HttpServletRequest req,
                                         org.apache.jena.rdf.model.Statement stmt,
                                         org.apache.jena.ontology.OntModel modelToBeModified)

Do the current policies authorize the current user to drop this statement from this model? The statement is expected to be fully-populated, with no null fields.

isAuthorizedAsExpected

public static boolean isAuthorizedAsExpected(javax.servlet.http.HttpServletRequest req,
                                             org.apache.jena.rdf.model.Model additions,
                                             org.apache.jena.rdf.model.Model retractions,
                                             org.apache.jena.ontology.OntModel modelBeingModified)

Do the current policies authorize the current user to modify this model by adding all of the statments in the additions model and dropping all of the statements in the retractions model? This differs from the other calls to "isAuthorized..." because we always expect the answer to be true. If the answer is false, it should be logged as an error. Even if a statement fails the test, continue to test the others, so the log will contain a full record of all failures. This is no more expensive than if all statements succeeded.