Package edu.cornell.mannlib.vitro.webapp.auth.policy

Class PolicyHelper

java.lang.Object

edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper

public class PolicyHelper
extends Object

A collection of static methods to help determine whether requested actions are authorized by current policy.

Method Summary

Modifier and Type	Method	Description
static UserAccount	getUserAccount(javax.servlet.http.HttpServletRequest req)
static boolean	isAuthorizedAsExpected(javax.servlet.http.HttpServletRequest req, org.apache.jena.rdf.model.Model additions, org.apache.jena.rdf.model.Model retractions, org.apache.jena.ontology.OntModel modelBeingModified)	Do the current policies authorize the current user to modify this model by adding all of the statments in the additions model and dropping all of the statements in the retractions model? This differs from the other calls to "isAuthorized..." because we always expect the answer to be true.
static boolean	isAuthorizedForActions(UserAccount user, AccessObject ar, AccessOperation op)
static boolean	isAuthorizedForActions(UserAccount userAccount, AuthorizationRequest ar)
static boolean	isAuthorizedForActions(javax.servlet.http.HttpServletRequest req, AccessObject ar, AccessOperation operation)
static boolean	isAuthorizedForActions(javax.servlet.http.HttpServletRequest req, AuthorizationRequest ar)
static boolean	isAuthorizedForActions(javax.servlet.http.HttpServletRequest req, String email, String password, AuthorizationRequest ar)	Is the email/password authorized for these actions? This should be used when a controller or something needs allow actions if the user passes in their email and password.
static boolean	isAuthorizedToAdd(javax.servlet.http.HttpServletRequest req, org.apache.jena.rdf.model.Statement stmt, org.apache.jena.ontology.OntModel modelToBeModified)	Do the current policies authorize the current user to add this statement to this model? The statement is expected to be fully-populated, with no null fields.
static boolean	isAuthorizedToDrop(javax.servlet.http.HttpServletRequest req, org.apache.jena.rdf.model.Statement stmt, org.apache.jena.ontology.OntModel modelToBeModified)	Do the current policies authorize the current user to drop this statement from this model? The statement is expected to be fully-populated, with no null fields.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getUserAccount

public static UserAccount getUserAccount(javax.servlet.http.HttpServletRequest req)

isAuthorizedForActions

public static boolean isAuthorizedForActions(UserAccount user,
                                             AccessObject ar,
                                             AccessOperation op)

isAuthorizedForActions

public static boolean isAuthorizedForActions(javax.servlet.http.HttpServletRequest req,
                                             AuthorizationRequest ar)

isAuthorizedForActions

public static boolean isAuthorizedForActions(javax.servlet.http.HttpServletRequest req,
                                             AccessObject ar,
                                             AccessOperation operation)

isAuthorizedForActions

public static boolean isAuthorizedForActions(UserAccount userAccount,
                                             AuthorizationRequest ar)

isAuthorizedForActions

public static boolean isAuthorizedForActions(javax.servlet.http.HttpServletRequest req,
                                             String email,
                                             String password,
                                             AuthorizationRequest ar)

Is the email/password authorized for these actions? This should be used when a controller or something needs allow actions if the user passes in their email and password. It may be better to check this as part of a servlet Filter and add an identifier bundle.

isAuthorizedToAdd

public static boolean isAuthorizedToAdd(javax.servlet.http.HttpServletRequest req,
                                        org.apache.jena.rdf.model.Statement stmt,
                                        org.apache.jena.ontology.OntModel modelToBeModified)

Do the current policies authorize the current user to add this statement to this model? The statement is expected to be fully-populated, with no null fields.

isAuthorizedToDrop

public static boolean isAuthorizedToDrop(javax.servlet.http.HttpServletRequest req,
                                         org.apache.jena.rdf.model.Statement stmt,
                                         org.apache.jena.ontology.OntModel modelToBeModified)

Do the current policies authorize the current user to drop this statement from this model? The statement is expected to be fully-populated, with no null fields.

isAuthorizedAsExpected

public static boolean isAuthorizedAsExpected(javax.servlet.http.HttpServletRequest req,
                                             org.apache.jena.rdf.model.Model additions,
                                             org.apache.jena.rdf.model.Model retractions,
                                             org.apache.jena.ontology.OntModel modelBeingModified)

Do the current policies authorize the current user to modify this model by adding all of the statments in the additions model and dropping all of the statements in the retractions model? This differs from the other calls to "isAuthorized..." because we always expect the answer to be true. If the answer is false, it should be logged as an error. Even if a statement fails the test, continue to test the others, so the log will contain a full record of all failures. This is no more expensive than if all statements succeeded.