Package org.apache.ofbiz.security

Interface Security

public interface Security
Security interface. This interface defines authorization-related methods.

Implementations must be thread-safe because the instance will be shared among multiple threads.

Note that the API is changing. New versions might not reference a Delegator. Therefore, implementations requiring a Delegator reference should get one from the GenericValue method argument.

  • Method Details

    • getDelegator

      @Deprecated Delegator getDelegator()
      Deprecated.

    • setDelegator

      @Deprecated void setDelegator(Delegator delegator)
      Deprecated.

    • findUserLoginSecurityGroupByUserLoginId

      @Deprecated Iterator<GenericValue> findUserLoginSecurityGroupByUserLoginId(String userLoginId)
      Deprecated.
      Uses userLoginSecurityGroupByUserLoginId cache to speed up the finding of the userLogin's security group list.
      Parameters:
      userLoginId - The userLoginId to find security groups by
      Returns:
      An iterator made from the Collection either cached or retrieved from the database through the UserLoginSecurityGroup Delegator.

    • securityGroupPermissionExists

      @Deprecated boolean securityGroupPermissionExists(String groupId, String permission)
      Deprecated.
      Finds whether or not a SecurityGroupPermission row exists given a groupId and permission. The groupId, permission pair is cached instead of the userLoginId, permission pair to keep the cache small and to make it more changeable.
      Parameters:
      groupId - The ID of the group
      permission - The name of the permission
      Returns:
      boolean specifying whether or not a SecurityGroupPermission row exists

    • hasPermission

      boolean hasPermission(String permission, HttpSession session)
      Checks to see if the currently logged in userLogin has the passed permission.
      Parameters:
      permission - Name of the permission to check.
      session - The current HTTP session, contains the logged in userLogin as an attribute.
      Returns:
      Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

    • hasPermission

      boolean hasPermission(String permission, GenericValue userLogin)
      Checks to see if the userLogin has the passed permission.
      Parameters:
      permission - Name of the permission to check.
      userLogin - The userLogin object for user to check against.
      Returns:
      Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

    • hasEntityPermission

      boolean hasEntityPermission(String entity, String action, HttpSession session)
      Like hasPermission above, except it has functionality specific to Entity permissions. Checks the entity for the specified action, as well as for "_ADMIN" to allow for simplified general administration permission.
      Parameters:
      entity - The name of the Entity corresponding to the desired permission.
      action - The action on the Entity corresponding to the desired permission.
      session - The current HTTP session, contains the logged in userLogin as an attribute.
      Returns:
      Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

    • hasEntityPermission

      boolean hasEntityPermission(String entity, String action, GenericValue userLogin)
      Like hasPermission above, except it has functionality specific to Entity permissions. Checks the entity for the specified action, as well as for "_ADMIN" to allow for simplified general administration permission.
      Parameters:
      entity - The name of the Entity corresponding to the desired permission.
      action - The action on the Entity corresponding to the desired permission.
      userLogin - The userLogin object for user to check against.
      Returns:
      Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

    • hasRolePermission

      boolean hasRolePermission(String application, String action, String primaryKey, String role, HttpSession session)
      Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
      Parameters:
      application - The name of the application corresponding to the desired permission.
      action - The action on the application corresponding to the desired permission.
      primaryKey - The primary key for the role check.
      role - The roleTypeId which the user must validate with.
      session - The current HTTP session, contains the logged in userLogin as an attribute.
      Returns:
      Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

    • hasRolePermission

      boolean hasRolePermission(String application, String action, String primaryKey, String role, GenericValue userLogin)
      Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
      Parameters:
      application - The name of the application corresponding to the desired permission.
      action - The action on the application corresponding to the desired permission.
      primaryKey - The primary key for the role check.
      role - The roleTypeId which the user must validate with.
      userLogin - The userLogin object for user to check against.
      Returns:
      Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

    • hasRolePermission

      boolean hasRolePermission(String application, String action, String primaryKey, List<String> roles, GenericValue userLogin)
      Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
      Parameters:
      application - The name of the application corresponding to the desired permission.
      action - The action on the application corresponding to the desired permission.
      primaryKey - The primary key for the role check.
      roles - List of roleTypeId of which the user must validate with (ORed).
      userLogin - The userLogin object for user to check against.
      Returns:
      Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

    • hasRolePermission

      boolean hasRolePermission(String application, String action, String primaryKey, List<String> roles, HttpSession session)
      Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application.
      Parameters:
      application - The name of the application corresponding to the desired permission.
      action - The action on the application corresponding to the desired permission.
      primaryKey - The primary key for the role check.
      roles - List of roleTypeId of which the user must validate with (ORed).
      session - The current HTTP session, contains the logged in userLogin as an attribute.
      Returns:
      Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.

    • clearUserData

      void clearUserData(GenericValue userLogin)
      Clears any user-related cached data. This method is called by the framework to indicate a user has logged out. Implementations should clear any cached data related to the user.
      Parameters:
      userLogin - The user login to be cleared