All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • org.directwebremoting.extend.AccessControl Maven / Gradle / Ivy

    Go to download

    DWR is easy Ajax for Java. It makes it simple to call Java code directly from Javascript. It gets rid of almost all the boiler plate code between the web browser and your Java code.

    The newest version!
    /*
 * Copyright 2005 Joe Walker
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.directwebremoting.extend;

import java.lang.reflect.Method;

/**
 * Control who should be accessing which methods on which classes.
 * @author Joe Walker [joe at getahead dot ltd dot uk]
 */
public interface AccessControl
{
    /**
     * Check the method for accessibility at runtime, and return an error
     * message if anything is wrong. If nothing is wrong, return null.
     * 
    See notes on getReasonToNotDisplay(). This method should
     * duplicate the tests made by that method.
     * 
    This is not a great because it mixes 2 bits of information in the same
     * variable (is it wrong, and what is wrong) but without multi-value returns
     * in Java this seems like the most simple implementation.
     * @param scriptName The Javascript name of the class
     * @param method A logical method declaration
     * @throws SecurityException If the given method is disallowed
     * @see AccessControl#assertGeneralDisplayable(String, MethodDeclaration)
     */
    void assertGeneralExecutionIsPossible(String scriptName, MethodDeclaration method) throws SecurityException;

    /**
     * Complementing checks for a remoted Java class and method.
     * @param clazz An actual Java class
     * @param method An actual reflected Java method
     * @throws SecurityException
     * @see AccessControl#assertGeneralExecutionIsPossible(String, MethodDeclaration)
     */
    void assertMethodExecutionIsPossible(Class clazz, Method method) throws SecurityException;

    /**
     * Check the method for accessibility at 'compile-time' (i.e. when the application
     * is downloaded), and return an error message if anything is wrong. If
     * nothing is wrong, return null.
     * 
    This method is similar to getReasonToNotExecute() except
     * that there may be checks (like security checks) that we wish to make only
     * at runtime in case the situation changes between 'compile-time' and
     * runtime.
     * 
    This is not a great because it mixes 2 bits of information in the same
     * variable (is it wrong, and what is wrong) but without multi-value returns
     * in Java this seems like the most simple implementation.
     * @param scriptName The Javascript name of the class
     * @param method A logical method declaration
     * @throws SecurityException If the given method is disallowed
     * @see AccessControl#assertGeneralExecutionIsPossible(String, MethodDeclaration)
     */
    void assertGeneralDisplayable(String scriptName, MethodDeclaration method) throws SecurityException;

    /**
     * Complementing checks for a remoted Java class and method.
     * @param clazz An actual Java class
     * @param method An actual reflected Java method
     * @throws SecurityException
     * @see AccessControl#assertGeneralDisplayable(String, MethodDeclaration)
     */
    void assertMethodDisplayable(Class clazz, Method method) throws SecurityException;

    /**
     * J2EE role based security allows us to restrict methods to only being used
     * by people in certain roles.
     * @param scriptName The name of the creator to Javascript
     * @param methodName The name of the method (without brackets)
     * @param role The new role name to add to the list for the given scriptName and methodName
     */
    void addRoleRestriction(String scriptName, String methodName, String role);

    /**
     * Add an include rule.
     * Each creator can have either a list of inclusions or a list of exclusions
     * but not both. If a creator has a list of inclusions then the default
     * policy is to deny any method that is not specifically included. If the
     * creator has a list of exclusions then the default policy is to allow
     * any method not listed.
     * If there are no included or excluded rules then the default policy is to
     * allow all methods
     * @param scriptName The name of the creator to Javascript
     * @param methodName The name of the method (without brackets)
     */
    void addIncludeRule(String scriptName, String methodName);

    /**
     * Add an exclude rule.
     * @param scriptName The name of the creator to Javascript
     * @param methodName The name of the method (without brackets)
     * @see AccessControl#addIncludeRule(String, String)
     */
    void addExcludeRule(String scriptName, String methodName);
}




    © 2015 - 2025 Weber Informatics LLC | Privacy Policy