Package ch.ivyteam.ivy.security

Interface ISecurityContext

  • All Superinterfaces:
    org.eclipse.core.runtime.IAdaptable, ISynchronizableSecuritySystem
    public interface ISecurityContext
extends org.eclipse.core.runtime.IAdaptable, ISynchronizableSecuritySystem
    The security context is responsible to manage users, roles and sessions.
    Since:
    17.05.2006
    API:
    This is a public API.

    • Method Detail

      • getRoles

        List<IRole> getRoles()
        Returns:
        All roles. Flat without any hierarchy, but the child roles of a role are always behind the parent role.
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.
        Security:
        SESSION OWNS RoleReadAll PERMISSION OR OWNS RoleReadAll@SYSTEM PERMISSION

      • getActiveRoles

        List<IRole> getActiveRoles()
        Returns:
        all roles which could be actively used by the system. Flat without any hierarchy, but the child roles of a role are always behind the parent role.
        In comparison to getRoles() those roles will be excluded, which only exists in outdated Process Model Versions.
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • getTopLevelRole

        IRole getTopLevelRole()
        Returns the top level role
        Returns:
        top level role
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.
        Security:
        SESSION OWNS RoleReadAll PERMISSION OR OWNS RoleReadAll@SYSTEM PERMISSION

      • findRole

        IRole findRole​(String roleName)
        Finds a role by its name
        Parameters:
        roleName - The name of a role
        Returns:
        role or null if no role was found
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.
        Security:
        SESSION OWNS RoleReadAll PERMISSION OR OWNS RoleReadAll@SYSTEM PERMISSION

      • findRole

        IRole findRole​(long roleId)
        Find a role by its identifier
        Parameters:
        roleId - the identifier of the role
        Returns:
        the role or null if role is not found
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS RoleReadAll PERMISSION OR OWNS RoleReadAll@SYSTEM PERMISSION

      • createUser

        IUser createUser​(String userName,
                 String fullUserName,
                 String password,
                 Locale eMailLanguage,
                 String eMailAddress,
                 String externalSecuritySystemName)
        Creates a new well-known user
        Parameters:
        userName - The user name
        fullUserName - The user's full name
        password - The user's password
        eMailLanguage - the language the e-mail notifications are written in
        eMailAddress - The users e-mail address
        externalSecuritySystemName - the name of the user in the external security system
        Returns:
        created user
        Throws:
        PersistencyException - if persistency access fails or user already exists
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • deleteUser

        void deleteUser​(String userName)
        Deletes a well-known user
        Parameters:
        userName - The user name
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • findUser

        IUser findUser​(String userName)
        Find a user by its name. Does lookup the user in the external security system (e.g Active Directory) if the user is not yet synchronized.
        Parameters:
        userName - the name of the user to find
        Returns:
        user or null if no user with the name exists (also in the external security system if configured)
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • findUserWithoutLookup

        IUser findUserWithoutLookup​(String userName)
        Finds a user by its name. Does not lookup the user in the external security system (e.g Active Directory) if the user is not synchronized yet.
        Parameters:
        userName - the name of the user to find
        Returns:
        user or null if no user with the name exists or the user was not yet synchronized from the external security system
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • findUser

        IUser findUser​(long userId)
        Find a user by its identifier
        Parameters:
        userId - the identifier of the user
        Returns:
        the user or null if user is not found
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • getSystemUser

        IUser getSystemUser()
        Gets the system user
        Returns:
        system user
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.
        Security:
        SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

      • createSession

        ISession createSession​(int sessionIdentifier)
        Creates a new session
        Parameters:
        sessionIdentifier - the session identifier
        Returns:
        new session
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in Java.
        Security:
        SESSION OWNS SessionCreate PERMISSION OR OWNS SessionCreate@SYSTEM PERMISSION

      • createSession

        ISession createSession()
        Creates a new session
        Returns:
        new session
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in Java.

      • findSession

        ISession findSession​(int sessionIdentifier)
        Find session
        Parameters:
        sessionIdentifier - session identifier
        Returns:
        session
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in Java.
        Security:
        SESSION OWNS SessionReadAll PERMISSION OR OWNS SessionReadAll@SYSTEM PERMISSION

      • getSystemUserSession

        ISession getSystemUserSession()
        Gets the session of the system user
        Returns:
        system user session
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in Java.
        Security:
        SESSION OWNS SessionReadAll PERMISSION OR OWNS SessionReadAll@SYSTEM PERMISSION

      • destroySession

        void destroySession​(int sessionIdentifier)
        Destroys a session
        Parameters:
        sessionIdentifier - session identifier
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in Java.

      • getUsers

        List<IUser> getUsers()

        WARNING: This methods loads the all users into memory.
        This can cause out of memory exceptions and bad performance depending on the number of users in your application.

        Returns:
        enumeration with all users
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION

      • getSessions

        List<ISession> getSessions()
        Gets all sessions of the web application. In a cluster environment returns only the sessions of the local cluster node. To get information of session on all cluster nodes use getClusterSessionsSnapshot()
        Returns:
        enumeration with the sessions
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SessionReadAll PERMISSION OR OWNS SessionReadAll@SYSTEM PERMISSION

      • getSessionCount

        long getSessionCount()
        Get count of all sessions of this local running engine.
        Returns:
        count of sessions (without system user session)
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • getClusterSessionsSnapshot

        ClusterSessionsSnapshot getClusterSessionsSnapshot​(long maxAge)
        Returns a snapshot containing information of all sessions at the time this method was invoked. If there is only one cluster node the ClusterSessionsSnapshot contains the same information which can be fetched with getSessions(). If there are multiple cluster nodes the ClusterSessionsSnapshot contains as well information about sessions on other nodes. The parameter maxAge controls how old the ClusterSessionsSnapshot can be. For example with maxAge=5000 the ClusterSessionsSnapshot is maximal 5 seconds old. The longer the maxAge is the less network traffic is caused.
        Parameters:
        maxAge - in milliSeconds
        Returns:
        a cluster session snapshot. Never null
        Throws:
        PersistencyException
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • hasPermission

        boolean hasPermission​(ISecurityDescriptor securityDescriptor,
                      IPermission permission)
        Checks if the current session has a certain permission on the security descriptor
        Parameters:
        securityDescriptor - the security descriptor to check for the permission
        permission - the identifier of the permission to check
        Returns:
        true if session has permission, otherwise false
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • checkPermission

        void checkPermission​(ISecurityDescriptor securityDescriptor,
                     IPermission permission)
        Checks if the current session has a certain permission on the security descriptor
        Parameters:
        securityDescriptor - the security descriptor to check for the permission
        permission - the permission to check
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • getCurrentSession

        ISession getCurrentSession()
        Gets the current session. Gets the current session associated to the current thread
        Returns:
        current session or null if current thread has no session associated
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • findSecurityMember

        ISecurityMember findSecurityMember​(String securityMemberName)
        Finds a security member with its name
        Parameters:
        securityMemberName - the security member name
        Returns:
        the security member found or null.
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.

      • getExternalSecuritySystemName

        String getExternalSecuritySystemName()
        Gets the name of the external security system provider
        Returns:
        name of the external security system provider
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityReadExternalSecuritySystemProvider PERMISSION OR OWNS SecurityReadExternalSecuritySystemProvider@SYSTEM PERMISSION

      • getExternalSecuritySystemProvider

        IExternalSecuritySystemProvider getExternalSecuritySystemProvider()
        The external security system provider
        Returns:
        external security system provider
        Throws:
        PersistencyException - if persistency access fails
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.
        Security:
        SESSION OWNS SecurityReadExternalSecuritySystemProvider PERMISSION OR OWNS SecurityReadExternalSecuritySystemProvider@SYSTEM PERMISSION

      • getId

        long getId()
        Gets the identifier of the security context
        Returns:
        identifier
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • executeAs

        <T> T executeAs​(Callable<T> callable,
                ISession executionContext)
         throws Exception
        Executes the callable in the context of the given execution context
        Type Parameters:
        T - the type of the result
        Parameters:
        callable - the callable
        executionContext - the execution context
        Returns:
        the result of the callable
        Throws:
        Exception - if callable throws an exception
        API:
        This public API is available in IvyScript and Java. It has the visibility EXPERT.

      • users

        IUserRepository users()
        Gets the user repository of this security context. Allows to create, delete, find, query users of this security context / application
        Returns:
        user repository
        Since:
        8.0.3
        API:
        This public API is available in IvyScript and Java. It has the visibility ADVANCED.