Package wt.access

Class UnrestrictedPrincipalEvaluator

java.lang.Object
wt.access.UnrestrictedPrincipalEvaluator
All Implemented Interfaces:
Serializable

public abstract class UnrestrictedPrincipalEvaluator extends Object implements Serializable
Abstract class that can be extended to customize who is restricted by a security label value and/or who can modify a particular security label value. The customized class is specified in the evaluatorClass element of the UnrestrictedPrincipal element in the security labels configuration file for a particular security label value.

When an evaluatorClass is specified for a security label value, a single instance of that class, which must extend this class, will be instantiated and held in memory for that security label value. This occurs when the access control service is starting, and before many other services have been started. Static initializers, the default constructor, and any methods they call, cannot call other Windchill services. If you need to initialize something like a cache or local variable that requires a service, then the initialization needs to wait until the services are started to do so. There are two options to handle this.

The first option is that lazy initialization could be done the first time a method on this class is called (Windchill tries to make sure that methods of this class are not called before all services have been started, but will not absolutely guarantee it). To do the lazy initialization, use a static inner class that stores the information needed. The inner class would have static variable(s) storing the necessary information. An example might be if the custom class wanted to store a principal reference to a group for later comparisons. It should not get that principal reference during initialization, because it would require a call to organization services, which starts after access control. The inner class, during its static initialization, could populate that method variable. The only use of the inner class will be in the overridden methods. The inner class would not get loaded and the static field will not be set until the first time it is referenced during run-time (the first call to the method). For example:

 public class MyUnrestrictedPrincipalEvaluator extends UnrestrictedPrincipal Evaluator {
    private static class LazyHolder {
       public static final WTPrincipalReference PRINCIPAL = // Some call to OrganizationServicesHelper.manager
                                                            // to get the principal you want;
    }

    public boolean isRestrictedBySecurityLabelValue(WTPrincipal principal, String label_name, String label_value)
          throws WTException {
       return WTPrincipalReference.newWTPrincipalReference(principal).equals(LazyHolder.PRINCIPAL);
    }
 }
 
The other benefit of the above approach is that it is guaranteed to be thread-safe, since the lazy initialization is done while the inner class is being loaded by the class loader, which can only happen in one thread.

The second option is if it is necessary to know for sure when the services are started, the custom class will need to register for the ALL_SERVICES_STARTED event and do the initialization then. For example:

 static {
    ManagerServiceFactory.getDefault().addEventListener(
          new ServiceEventListenerAdapter(MyUnrestrictedPrincipalEvaluator.class.getName()) {
             public void notifyVetoableEvent(Object event) throws WTException {
                // Do your initialization here.
             }
          },
          StandardManagerServiceEvent.generateEventKey(StandardManagerServiceEvent.ALL_SERVICES_STARTED));
 }
 
This way will guarantee that the initialization won't occur until all services are available, but will require the class to handle the case where the methods are called before initialization occurs. It is up to the class itself to decide how to return from the methods if they are called before everything is initialized. Perhaps return true (everybody is restricted), or throw an exception.

Supported API: true

Extendable: true
See Also:
  • Method Details

    • isRestrictedBySecurityLabelValue

      public boolean isRestrictedBySecurityLabelValue(WTPrincipal principal, String label_name, String label_value) throws WTException
      Determines whether a principal is restricted (not authorized) by a security label value. In the default implementation, if a UFID is specified in the UnrestrictedPrincipal section of the security labels configuration file for the label value, the principal is authorized by the label value if the authorized principal identified by the configured UFID is the same principal, or if the authorized principal is a group or organization and the specified principal is a member. If there is no UFID configured, all users are unrestricted. If the principal is restricted, this method will return true, otherwise it will return false. If this method is overridden, the overridden implementation will completely replace the default implementation. If the default implementation is desired as well, make sure to call super.isRestrictedBySecurityLabelValue(). The access control service will not call this method, but isRestrictedBySecurityLabelValue(WTPrincipal, SecurityLabeled, String, String) instead.

      Supported API: true
      Parameters:
      principal - principal whose authorization is to be evaluated
      label_name - label name that is being checked
      label_value - label value being checked. If the label value is a custom label value, the value is the internal representation.
      Returns:
      boolean true if the principal is restricted by the security label value; false otherwise
      Throws:
      WTException - if an unexpected error occurs
    • isRestrictedBySecurityLabelValue

      public boolean isRestrictedBySecurityLabelValue(WTPrincipal principal, SecurityLabeled object, String label_name, String label_value) throws WTException
      Determines whether a principal is restricted (not authorized) by a security label value. In the default implementation, the isRestrictedBySecurityLabelValue(WTPrincipal, String, String) is called. If this method is overridden, the overridden implementation will completely replace the default implementation. If the default implementation is desired as well, make sure to call super.isRestrictedBySecurityLabelValue(). This is the method that the access control service will call.

      Supported API: true
      Parameters:
      principal - principal whose authorization is to be evaluated
      object - SecurityLabeled object that can be used for extra information when determining if the principal is restricted or not
      label_name - label name that is being checked
      label_value - label value being checked. If the label value is a custom label value, the value is the internal representation.
      Returns:
      boolean true if the principal is restricted by the security label value; false otherwise
      Throws:
      WTException - if an unexpected error occurs
    • isAllowedToModifySecurityLabelValue

      public boolean isAllowedToModifySecurityLabelValue(WTPrincipal principal, SecurityLabeled object, String label_name, String label_value) throws WTException
      Determines whether a principal is allowed to modify a security label value (the user must still have Modify permission for the object). In this default implementation, if a UFID is specified in the UnrestrictedPrincipal section of the security labels configuration file for the label value, the principal is allowed to modify the label value if the authorized principal identified by the configured UFID is the same principal, or if the authorized principal is a group or organization and the specified principal is a member. If there is no UFID configured, all users are authorized to modify the label value. If the principal is authorized, this method will return true, otherwise it will return false.
      This method should be overridden by custom evaluators requiring a different mechanism for deciding whether a principal is authorized to modify the security label value.

      Supported API: true
      Parameters:
      principal - principal whose authorization is to be evaluated
      object - SecurityLabeled object for which the security label would be modified
      label_name - label name that is being checked
      label_value - label value being checked. If the label value is a custom label value, the value is the internal representation.
      Returns:
      boolean true if the principal is allowed to modify the security label value; false otherwise
      Throws:
      WTException - if an unexpected error occurs
    • isAllowedToModifySecurityLabelValues

      @Deprecated public WTKeyedHashMap isAllowedToModifySecurityLabelValues(WTPrincipal principal, WTKeyedMap objects_to_security_labels_map) throws WTException
      Determines whether a principal is allowed to modify security label values for multiple objects. This default implementation simply loops over the objects in the collection, calling the single-object API for each of the objects. Implementers of custom evaluators should consider overriding this method with a more efficient implementation. For example, a custom evaluator may want to use a cache to reduce evaluation time. Callers should not invoke this method directly to evaluate a user's authorization to modify security label values, since some security labels may be configured to use different subclasses of UnrestrictedPrincipalEvaluator which override this method. The objects_to_security_labels_map contains the objects for which the principal's authorization is to be evaluated as its keys. Each corresponding value is a Mapinvalid input: '<'String,String> containing the names of the security labels which are to be modified, and their current values. The keys of the returned WTKeyedHashMap are the SecurityLabeled objects provided as keys in the objects_to_security_labels_map parameter. The value corresponding to each key is a Mapinvalid input: '<'String,Boolean> whose keys are the Security Label names, and whose values are Boolean.TRUE if the principal is authorized to modify that Security Label, and Boolean.FALSE otherwise. Please see the descriptions of the parameters and return values for important details.
      Implementation Note: This is a default implementation, designed to work properly with subclasses which don't provide an override method. To accomplish this, it simply calls the single-object isAllowedToModifySecurityLabels() API for each security label value on each object in the collection. Implementers of subclasses should consider providing a more performant implementation.
      Supported API: true
      Parameters:
      principal - the WTPrincipal whose authorization is to be evaluated
      objects_to_security_labels_map - Contains the SecurityLabeled objects for which the principal's authorization is to be evaluated as its keys. For each object in this map, the value is a Mapinvalid input: '<'String,String> whose keys are the names of the security labels whose modifications are to be evaluated, and their current values. For custom security labels, the values must be the internal values. The caller is responsible for limiting this set to security labels whose current values are configured to use this evaluator.
      Returns:
      WTKeyedHashMap whose keys are the SecurityLabeled objects passed in the objects_to_security_labels_map parameter. The value corresponding to each key is a Mapinvalid input: '<'String, Boolean> whose keys are the security label name and whose values are Boolean.TRUE if the principal is authorized to modify the corresponding security label, otherwise Boolean.FALSE
      Throws:
      WTException - if an unexpected error occurs
    • isAllowedToModifyMultipleSecurityLabelValues

      public WTKeyedHashMap isAllowedToModifyMultipleSecurityLabelValues(WTPrincipal principal, WTKeyedMap objects_to_security_labels_map) throws WTException
      Determines whether a principal is allowed to modify security label values for multiple objects. This default implementation simply loops over the objects in the collection, calling the single-object API for each of the objects. Implementers of custom evaluators should consider overriding this method with a more efficient implementation. For example, a custom evaluator may want to use a cache to reduce evaluation time. Callers should not invoke this method directly to evaluate a user's authorization to modify security label values, since some security labels may be configured to use different subclasses of UnrestrictedPrincipalEvaluator which override this method. The objects_to_security_labels_map contains the objects for which the principal's authorization is to be evaluated as its keys. Each corresponding value is a Mapinvalid input: '<'String,Set> containing the names of the security labels which are to be modified, and their current values in a set. The keys of the returned WTKeyedHashMap are the SecurityLabeled objects provided as keys in the objects_to_security_labels_map parameter. The value corresponding to each key is a Mapinvalid input: '<'String,Mapinvalid input: '<'String,Boolean>> whose keys are the Security Label names, and whose values are Boolean.TRUE if the principal is authorized to modify that Security Label, and Boolean for each value in a set .FALSE otherwise. Please see the descriptions of the parameters and return values for important details.
      Implementation Note: This is a default implementation, designed to work properly with subclasses which don't provide an override method. To accomplish this, it simply calls the single-object isAllowedToModifySecurityLabels() API for each security label value on each object in the collection. Implementers of subclasses should consider providing a more performant implementation.
      Supported API: true
      Parameters:
      principal - the WTPrincipal whose authorization is to be evaluated
      objects_to_security_labels_map - Contains the SecurityLabeled objects for which the principal's authorization is to be evaluated as its keys. For each object in this map, the value is a Mapinvalid input: '<'String,setinvalid input: '<'> whose keys are the names of the security labels whose modifications are to be evaluated, and their current values. For custom security labels, the values must be the internal values. The caller is responsible for limiting this set to security labels whose current values are configured to use this evaluator.
      Returns:
      WTKeyedHashMap whose keys are the SecurityLabeled objects passed in the objects_to_security_labels_map parameter. The value corresponding to each key is a Mapinvalid input: '<'String, Mapinvalid input: '<'String,Boolean>> whose keys are the security label name and whose values is a map of each sl Value and a boolean.TRUE if the principal is authorized to modify the corresponding security label, otherwise Boolean.FALSE
      Throws:
      WTException - if an unexpected error occurs