Package org.alfresco.repo.security.authority

Class AuthorityServiceImpl

java.lang.Object
org.alfresco.repo.security.authority.AuthorityServiceImpl
All Implemented Interfaces:
AuthorityService, org.springframework.beans.factory.InitializingBean
public class AuthorityServiceImpl extends Object implements AuthorityService, org.springframework.beans.factory.InitializingBean
The default implementation of the authority service.
Author:
Andy Hind

  • Field Details

    • GROUP_ALFRESCO_SYSTEM_ADMINISTRATORS_AUTHORITY

      public static final String GROUP_ALFRESCO_SYSTEM_ADMINISTRATORS_AUTHORITY
      See Also:

  • Constructor Details

    • AuthorityServiceImpl

      public AuthorityServiceImpl()

  • Method Details

    • setTenantService

      public void setTenantService(TenantService tenantService)

    • setPersonService

      public void setPersonService(PersonService personService)

    • setAuthorityDAO

      public void setAuthorityDAO(AuthorityDAO authorityDAO)

    • setUserNameMatcher

      public void setUserNameMatcher(UserNameMatcher userNameMatcher)

    • setAuthenticationService

      public void setAuthenticationService(AuthenticationService authenticationService)

    • setPermissionServiceSPI

      public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)

    • setAdminGroups

      public void setAdminGroups(Set<String> adminGroups)

    • setGuestGroups

      public void setGuestGroups(Set<String> guestGroups)

    • setPolicyComponent

      public void setPolicyComponent(PolicyComponent policyComponent)

    • init

      public void init()

    • afterPropertiesSet

      public void afterPropertiesSet() throws Exception
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Throws:
      Exception

    • hasAdminAuthority

      public boolean hasAdminAuthority()
      Check of the current user has admin authority. There is no contract for who should have this authority, only that it can be tested here. It could be determined by group membership, role, authentication mechanism, ...
      Specified by:
      hasAdminAuthority in interface AuthorityService
      Returns:
      true if the currently authenticated user has the admin authority

    • isAdminAuthority

      public boolean isAdminAuthority(String authorityName)
      Does the given authority have admin authority.
      Specified by:
      isAdminAuthority in interface AuthorityService
      Parameters:
      authorityName - The name of the authority.
      Returns:
      Whether the authority is an 'administrator'.

    • hasGuestAuthority

      public boolean hasGuestAuthority()
      Check of the current user has guest authority. There is no contract for who should have this authority, only that it can be tested here. It could be determined by group membership, role, authentication mechanism, ...
      Specified by:
      hasGuestAuthority in interface AuthorityService
      Returns:
      true if the currently authenticated user has the guest authority

    • isGuestAuthority

      public boolean isGuestAuthority(String authorityName)
      Does the given authority have guest authority.
      Specified by:
      isGuestAuthority in interface AuthorityService
      Parameters:
      authorityName - The name of the authority.
      Returns:
      Whether the authority is a 'guest'.

    • countUsers

      public long countUsers()
      Description copied from interface: AuthorityService
      Count the number of groups
      Specified by:
      countUsers in interface AuthorityService
      Returns:
      Returns the number of groups

    • countGroups

      public long countGroups()
      Description copied from interface: AuthorityService
      Count the number of users (not groups)
      Specified by:
      countGroups in interface AuthorityService
      Returns:
      Returns the number of usrs

    • getAuthorities

      public Set<String> getAuthorities()
      Get the authorities for the current user
      Specified by:
      getAuthorities in interface AuthorityService
      Returns:
      authorities for the current user

    • getAuthoritiesForUser

      public Set<String> getAuthoritiesForUser(String currentUserName)
      Get the authorities for the given user
      Specified by:
      getAuthoritiesForUser in interface AuthorityService

    • getAllAuthorities

      public Set<String> getAllAuthorities(AuthorityType type)
      Get all authorities by type See also "getAuthorities" (paged) alternative
      Specified by:
      getAllAuthorities in interface AuthorityService
      Parameters:
      type - the type of authorities - cannot be null
      Returns:
      all authorities by type
      See Also:

    • getAuthoritiesInfo

      public org.alfresco.query.PagingResults<AuthorityInfo> getAuthoritiesInfo(AuthorityType type, String zoneName, String displayNameFilter, String sortBy, boolean sortAscending, org.alfresco.query.PagingRequest pagingRequest)
      Get authorities by type and/or zone
      Specified by:
      getAuthoritiesInfo in interface AuthorityService
      Parameters:
      type - the type of authorities (note: mandatory if zoneName is null)
      zoneName - the zoneName (note: mandatory if type is null)
      displayNameFilter - optional filter (startsWith / ignoreCase) for authority display name (note: implied trailing "*")
      sortBy - either "displayName", "shortName", "authorityName" or null if no sorting. note: for users, displayName/shortName is equivalent to the userName, for groups if the display is null then use the short name
      sortAscending - if true then sort ascending else sort descending (ignore if sortByDisplayName is false)
      pagingRequest - the requested page (skipCount, maxItems, queryExectionId)

    • getAuthorities

      public org.alfresco.query.PagingResults<String> getAuthorities(AuthorityType type, String zoneName, String displayNameFilter, boolean sortByDisplayName, boolean sortAscending, org.alfresco.query.PagingRequest pagingRequest)
      Get authorities by type and/or zone
      Specified by:
      getAuthorities in interface AuthorityService
      Parameters:
      type - the type of authorities (note: mandatory if zoneName is null)
      zoneName - the zoneName (note: mandatory if type is null)
      displayNameFilter - optional filter (startsWith / ignoreCase) for authority display name (note: implied trailing "*")
      sortByDisplayName - if true then sort (ignoring case) by the authority display name, if false then unsorted note: for users, displayName/shortName is equivalent to the userName, for groups if the display is null then use the short name
      sortAscending - if true then sort ascending else sort descending (ignore if sortByDisplayName is false)
      pagingRequest - the requested page (skipCount, maxItems, queryExectionId)

    • addAuthority

      public void addAuthority(String parentName, String childName)
      Set an authority to include another authority. For example, adding a group to a group or adding a user to a group.
      Specified by:
      addAuthority in interface AuthorityService
      Parameters:
      parentName - - the full name string identifier for the parent.
      childName - - the string identifier for the child.

    • addAuthority

      public void addAuthority(Collection<String> parentNames, String childName)
      Set a given child authority to be included by the given parent authorities. For example, adding a group to groups or adding a user to groups.
      Specified by:
      addAuthority in interface AuthorityService
      Parameters:
      parentNames - - the full name string identifier for the parents.
      childName - - the string identifier for the child.

    • createAuthority

      public String createAuthority(AuthorityType type, String shortName)
      Create an authority.
      Specified by:
      createAuthority in interface AuthorityService
      Parameters:
      type - - the type of the authority
      shortName - - the short name of the authority to create this will also be set as the default display name for the authority
      Returns:
      the name of the authority (this will be the prefix, if any associated with the type appended with the short name)

    • createAuthority

      public String createAuthority(AuthorityType type, String shortName, Map<QName,Serializable> properties)
      Create an authority with properties.
      Specified by:
      createAuthority in interface AuthorityService
      Parameters:
      type - - the type of the authority
      shortName - - the short name of the authority to create this will also be set as the default display name for the authority
      properties - - properties that will be added to authority
      Returns:
      the name of the authority (this will be the prefix, if any associated with the type appended with the short name)

    • deleteAuthority

      public void deleteAuthority(String name)
      Delete an authority and all its relationships. Note child authorities are not deleted.
      Specified by:
      deleteAuthority in interface AuthorityService
      Parameters:
      name - String

    • deleteAuthority

      public void deleteAuthority(String name, boolean cascade)
      Delete an authority and all its relationships, optionally recursively deleting child authorities of the same type.
      Specified by:
      deleteAuthority in interface AuthorityService
      Parameters:
      name - the authority long name
      cascade - should the delete be cascaded to child authorities of the same type?

    • getAllRootAuthorities

      public Set<String> getAllRootAuthorities(AuthorityType type)
      Get all root authorities by type. Root authorities are ones that were created without an authority as the parent authority;
      Specified by:
      getAllRootAuthorities in interface AuthorityService
      Parameters:
      type - - the type of the authority
      Returns:
      all root authorities by type.

    • getContainedAuthorities

      public Set<String> getContainedAuthorities(AuthorityType type, String name, boolean immediate)
      Get all the authorities that are contained by the given authority. For a group you could get all the authorities it contains, just the users it contains or just the other groups it includes.
      Specified by:
      getContainedAuthorities in interface AuthorityService
      Parameters:
      type - - if not null, limit to the type of authority specified
      name - - the name of the containing authority
      immediate - - if true, limit the depth to just immediate child, if false find authorities at any depth

    • getContainingAuthorities

      public Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate)
      Get the authorities that contain the given authority, but use getAuthoritiesForUser(userName).contains(authority) rather than getContainingAuthorities(type, userName, false).contains(authority) or use AuthorityService.getContainingAuthoritiesInZone(AuthorityType, String, String, AuthorityFilter, int) as they will be much faster. For example, this method can be used find out all the authorities that contain a group.
      Specified by:
      getContainingAuthorities in interface AuthorityService
      Parameters:
      type - - if not null, limit to the type of authority specified
      name - - the name of the authority for which the containing authorities are required.
      immediate - - limit to immediate parents or any ancestor.

    • getAuthorityNodeRef

      public NodeRef getAuthorityNodeRef(String name)
      Gets the authority node for the specified name
      Specified by:
      getAuthorityNodeRef in interface AuthorityService
      Parameters:
      name - The authority name
      Returns:
      the reference to the authority node

    • getContainingAuthoritiesInZone

      public Set<String> getContainingAuthoritiesInZone(AuthorityType type, String authority, String zoneName, AuthorityService.AuthorityFilter filter, int size)
      Get a set of authorities with varying filter criteria
      Specified by:
      getContainingAuthoritiesInZone in interface AuthorityService
      Parameters:
      type - authority type or null for all types
      authority - if non-null, only return those authorities who contain this authority
      zoneName - if non-null, only include authorities in the named zone
      filter - optional callback to apply further filter criteria or null
      size - if greater than zero, the maximum results to return. The search strategy used is varied depending on this number.
      Returns:
      a set of authorities

    • removeAuthority

      public void removeAuthority(String parentName, String childName)
      Description copied from interface: AuthorityService
      Remove an authority as a member of another authority. The child authority will still exist. If the child authority was not created as a root authority and you remove its creation link, it will be moved to a root authority. If you want rid of it, use delete.
      Specified by:
      removeAuthority in interface AuthorityService
      Parameters:
      parentName - - the string identifier for the parent.
      childName - - the string identifier for the child.

    • authorityExists

      public boolean authorityExists(String name)
      Check if an authority exists.
      Specified by:
      authorityExists in interface AuthorityService
      Parameters:
      name - (the long name).
      Returns:
      true, the authority exists.

    • createAuthority

      public String createAuthority(AuthorityType type, String shortName, String authorityDisplayName, Set<String> authorityZones)
      Create an authority with a display name and zone.
      Specified by:
      createAuthority in interface AuthorityService
      Parameters:
      type - the type of the authority
      shortName - the short name of the authority to create
      authorityDisplayName - the display name for the authority
      authorityZones - identifier for external user registry owning the authority or null if not applicable
      Returns:
      the full name of the authority (this will be the prefix, if any associated with the type appended with the short name)

    • createAuthority

      public String createAuthority(AuthorityType type, String shortName, String authorityDisplayName, Set<String> authorityZones, Map<QName,Serializable> properties)
      Create an authority with a display name and zone.
      Specified by:
      createAuthority in interface AuthorityService
      Parameters:
      type - the type of the authority
      shortName - the short name of the authority to create
      authorityDisplayName - the display name for the authority
      authorityZones - identifier for external user registry owning the authority or null if not applicable
      properties - - properties that will be added to authority
      Returns:
      the full name of the authority (this will be the prefix, if any associated with the type appended with the short name)

    • getAuthorityDisplayName

      public String getAuthorityDisplayName(String name)
      Get the display name for the given authority.
      Specified by:
      getAuthorityDisplayName in interface AuthorityService
      Parameters:
      name - - the full authority string including any prefix (e.g. GROUP_woof)
      Returns:
      - the display name

    • setAuthorityDisplayName

      public void setAuthorityDisplayName(String authorityName, String authorityDisplayName)
      Set the display name for the given authority. Setting the display name is only supported for authorities of type group
      Specified by:
      setAuthorityDisplayName in interface AuthorityService
      Parameters:
      authorityName - String
      authorityDisplayName - String

    • getAuthorityDisplayNameAndDescription

      public Pair<String,String> getAuthorityDisplayNameAndDescription(String name)
      Get the display name and description for the given authority.
      Specified by:
      getAuthorityDisplayNameAndDescription in interface AuthorityService
      Parameters:
      name - - the full authority string including any prefix (e.g. GROUP_woof)
      Returns:
      - pair containing display name and description

    • setAuthorityDisplayNameAndDescription

      public void setAuthorityDisplayNameAndDescription(String authorityName, String authorityDisplayName, String description)
      Set the display name and description for the given authority. Setting the display name is only supported for authorities of type group
      Specified by:
      setAuthorityDisplayNameAndDescription in interface AuthorityService
      Parameters:
      authorityName - String
      authorityDisplayName - String
      description - String

    • getAuthorityZones

      public Set<String> getAuthorityZones(String name)
      Gets the name of the zone containing the specified authority.
      Specified by:
      getAuthorityZones in interface AuthorityService
      Parameters:
      name - the authority long name
      Returns:
      the the name of the zone containing the specified authority, AuthorityService.ZONE_APP_DEFAULT if the authority exists but has no zone, or null if the authority does not exist.

    • getOrCreateZone

      public NodeRef getOrCreateZone(String zoneName)
      Gets or creates an authority zone node with the specified name
      Specified by:
      getOrCreateZone in interface AuthorityService
      Parameters:
      zoneName - the zone name
      Returns:
      reference to the zone node

    • getZone

      public NodeRef getZone(String zoneName)
      Gets an authority zone node with the specified name
      Specified by:
      getZone in interface AuthorityService
      Parameters:
      zoneName - the zone name
      Returns:
      reference to the zone node or null

    • getAllAuthoritiesInZone

      public Set<String> getAllAuthoritiesInZone(String zoneName, AuthorityType type)
      Gets the names of all authorities in a zone, optionally filtered by type See also "getAuthorities" paged alternative (note: in that case, zone must exist)
      Specified by:
      getAllAuthoritiesInZone in interface AuthorityService
      Parameters:
      zoneName - the zone name - note: if zone does not exist then will currently return empty set
      type - the authority type to filter by or null for all authority types
      Returns:
      the names of all authorities in a zone, optionally filtered by type
      See Also:

    • addAuthorityToZones

      public void addAuthorityToZones(String authorityName, Set<String> zones)
      Add a zone to an authority.
      Specified by:
      addAuthorityToZones in interface AuthorityService
      Parameters:
      authorityName - String

    • removeAuthorityFromZones

      public void removeAuthorityFromZones(String authorityName, Set<String> zones)
      Remove a zone from an authority
      Specified by:
      removeAuthorityFromZones in interface AuthorityService
      Parameters:
      authorityName - String

    • getDefaultZones

      public Set<String> getDefaultZones()
      Get the name of the default zone.
      Specified by:
      getDefaultZones in interface AuthorityService
      Returns:
      the default zone

    • getAllRootAuthoritiesInZone

      public Set<String> getAllRootAuthoritiesInZone(String zoneName, AuthorityType type)
      Gets the names of all root authorities in a zone, optionally filtered by type.
      Specified by:
      getAllRootAuthoritiesInZone in interface AuthorityService
      Parameters:
      zoneName - the zone name
      type - the authority type to filter by or null for all authority types
      Returns:
      the names of all root authorities in a zone, optionally filtered by type

    • findAuthorities

      public Set<String> findAuthorities(AuthorityType type, String parentAuthority, boolean immediate, String displayNamePattern, String zoneName)
      Search for authorities by pattern matching (* and ?) against the authority name. Note: This will use a search index to find the results (eg. via Lucene / SOLR).
      Specified by:
      findAuthorities in interface AuthorityService
      Parameters:
      type - AuthorityType
      parentAuthority - if non-null, will look only for authorities who are a child of the named parent
      immediate - if true then only search root groups if parentAuthority is null, or immediate children of parentAuthority if it is non-null.
      displayNamePattern - String
      zoneName - - may be null to indicate all zones

    • getName

      public String getName(AuthorityType type, String shortName)
      Create the full identifier for an authority given its short name and type.
      Specified by:
      getName in interface AuthorityService
      Parameters:
      type - AuthorityType
      shortName - String
      Returns:
      String

    • getShortName

      public String getShortName(String name)
      Extract the short name of an authority from its full identifier.
      Specified by:
      getShortName in interface AuthorityService
      Parameters:
      name - String
      Returns:
      String

    • hasSysAdminAuthority

      public boolean hasSysAdminAuthority()
      Description copied from interface: AuthorityService
      Check the current user has system administration authority.
      Specified by:
      hasSysAdminAuthority in interface AuthorityService
      Returns:
      true if the currently authenticated user has the system administration authority, otherwise false