All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.directwebremoting.extend.AccessControl Maven / Gradle / Ivy

package org.directwebremoting.extend;

import java.lang.reflect.Method;

/**
 * Control who should be accessing which methods on which classes.
 * @author Joe Walker [joe at getahead dot ltd dot uk]
 */
public interface AccessControl
{
    /**
     * Check the method for accessibility at runtime, and return an error
     * message if anything is wrong. If nothing is wrong, return null.
     * 

See notes on getReasonToNotDisplay(). This method should * duplicate the tests made by that method. *

This is not a great because it mixes 2 bits of information in the same * variable (is it wrong, and what is wrong) but without multi-value returns * in Java this seems like the most simple implementation. * @param scriptName The Javascript name of the class * @param method A logical method declaration * @throws SecurityException If the given method is disallowed * @see AccessControl#assertGeneralDisplayable(String, MethodDeclaration) */ void assertGeneralExecutionIsPossible(String scriptName, MethodDeclaration method) throws SecurityException; /** * Complementing checks for a remoted Java class and method. * @param clazz An actual Java class * @param method An actual reflected Java method * @throws SecurityException ... * @see AccessControl#assertGeneralExecutionIsPossible(String, MethodDeclaration) */ void assertMethodExecutionIsPossible(Class clazz, Method method) throws SecurityException; /** * Check the method for accessibility at 'compile-time' (i.e. when the application * is downloaded), and return an error message if anything is wrong. If * nothing is wrong, return null. *

This method is similar to getReasonToNotExecute() except * that there may be checks (like security checks) that we wish to make only * at runtime in case the situation changes between 'compile-time' and * runtime. *

This is not a great because it mixes 2 bits of information in the same * variable (is it wrong, and what is wrong) but without multi-value returns * in Java this seems like the most simple implementation. * @param scriptName The Javascript name of the class * @param method A logical method declaration * @throws SecurityException If the given method is disallowed * @see AccessControl#assertGeneralExecutionIsPossible(String, MethodDeclaration) */ void assertGeneralDisplayable(String scriptName, MethodDeclaration method) throws SecurityException; /** * Complementing checks for a remoted Java class and method. * @param clazz An actual Java class * @param method An actual reflected Java method * @throws SecurityException ... * @see AccessControl#assertGeneralDisplayable(String, MethodDeclaration) */ void assertMethodDisplayable(Class clazz, Method method) throws SecurityException; /** * J2EE role based security allows us to restrict methods to only being used * by people in certain roles. * @param scriptName The name of the creator to Javascript * @param methodName The name of the method (without brackets) * @param role The new role name to add to the list for the given scriptName and methodName */ void addRoleRestriction(String scriptName, String methodName, String role); /** * Add an include rule. * Each creator can have either a list of inclusions or a list of exclusions * but not both. If a creator has a list of inclusions then the default * policy is to deny any method that is not specifically included. If the * creator has a list of exclusions then the default policy is to allow * any method not listed. * If there are no included or excluded rules then the default policy is to * allow all methods * @param scriptName The name of the creator to Javascript * @param methodName The name of the method (without brackets) */ void addIncludeRule(String scriptName, String methodName); /** * Add an exclude rule. * @param scriptName The name of the creator to Javascript * @param methodName The name of the method (without brackets) * @see AccessControl#addIncludeRule(String, String) */ void addExcludeRule(String scriptName, String methodName); }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy