Package org.opencastproject.authorization.xacml

Class XACMLAuthorizationService

java.lang.Object
org.opencastproject.authorization.xacml.XACMLAuthorizationService
All Implemented Interfaces:
AuthorizationService
public class XACMLAuthorizationService extends Object implements AuthorizationService
A XACML implementation of the AuthorizationService.

  • Field Details

    • workspace

      protected Workspace workspace
      The workspace

    • securityService

      protected SecurityService securityService
      The security service

  • Constructor Details

    • XACMLAuthorizationService

      public XACMLAuthorizationService()

  • Method Details

    • activate

      public void activate(org.osgi.service.component.ComponentContext cc)

    • setMediaPackageSerializer

      public void setMediaPackageSerializer(MediaPackageSerializer serializer)

    • unsetMediaPackageSerializer

      protected void unsetMediaPackageSerializer(MediaPackageSerializer serializer)

    • getActiveAcl

      public Tuple<AccessControlList,AclScope> getActiveAcl(MediaPackage mp)
      Description copied from interface: AuthorizationService
      Gets the active access control list associated with the given media package, as specified by its XACML attachments. XACML attachments are evaluated in the following order:
      1. Use episode XACML attachment if present
      2. Use series XACML attachment if present
      3. Use non-specific XACML attachment if present. Note that the usage of this is deprecated!
      4. Use the global default ACL
      Note that this is identical to calling AuthorizationService.getAcl(MediaPackage, AclScope) with scope set to AclScope.Series.
      Specified by:
      getActiveAcl in interface AuthorizationService
      Parameters:
      mp - the media package
      Returns:
      the active access control list as well as the scope identifying the source of the access rules (episode, series, …).

    • getAcl

      public Tuple<AccessControlList,AclScope> getAcl(MediaPackage mp, AclScope scope)
      Description copied from interface: AuthorizationService
      Gets the access control list for a given scope associated with the given media package, as specified by its XACML attachments. XACML attachments are evaluated in the following order:
      1. Use episode XACML attachment if present. This applies only if scope is set to AclScope.Episode
      2. Use series XACML attachment if present. This applies only if scope is set to AclScope.Episode or AclScope.Series
      3. Use non-specific XACML attachment if present. Note that the usage of this is deprecated!
      4. Use the global default ACL
      Specified by:
      getAcl in interface AuthorizationService
      Parameters:
      mp - the media package
      scope - the acl scope
      Returns:
      the access control list as well as the scope identifying the source of the access rules (episode, series, …) for the given media package and scope.

    • setAcl

      public Tuple<MediaPackage,Attachment> setAcl(MediaPackage mp, AclScope scope, AccessControlList acl) throws MediaPackageException
      Description copied from interface: AuthorizationService
      Attaches the provided policies to a media package as a XACML attachment, replacing any previous policy element of the same scope.
      Specified by:
      setAcl in interface AuthorizationService
      Parameters:
      mp - the media package
      scope - scope of the ACL
      acl - the tuples of roles to actions
      Returns:
      the mutated (!) media package with attached XACML policy and the XACML attachment
      Throws:
      MediaPackageException

    • removeAcl

      public MediaPackage removeAcl(MediaPackage mp, AclScope scope)
      Description copied from interface: AuthorizationService
      Remove the XACML of the given scope.
      Specified by:
      removeAcl in interface AuthorizationService
      Parameters:
      mp - the media package
      scope - scope of the ACL
      Returns:
      the mutated (!) media package with removed XACML policy

    • hasPermission

      public boolean hasPermission(MediaPackage mp, String action)
      Description copied from interface: AuthorizationService
      Determines whether the current user can take the specified action on the media package.
      Specified by:
      hasPermission in interface AuthorizationService
      Parameters:
      mp - the media package
      action - the action (e.g. read, modify, delete)
      Returns:
      whether the current user has the correct privileges to take this action

    • hasPermission

      public boolean hasPermission(AccessControlList acl, String action)
      Description copied from interface: AuthorizationService
      Determines whether the current user can take the specified action given the access control list. This is not restricted to access control lists in media packages, but works regardless of which entity the access control list belongs to.
      Specified by:
      hasPermission in interface AuthorizationService
      Parameters:
      acl - the access control list
      action - the action (e.g. read, modify, delete)
      Returns:
      whether the current user has the correct privileges to take this action

    • setWorkspace

      public void setWorkspace(Workspace workspace)
      Sets the workspace to use for retrieving XACML policies
      Parameters:
      workspace - the workspace to set

    • setSecurityService

      public void setSecurityService(SecurityService securityService)
      Declarative services callback to set the security service.
      Parameters:
      securityService - the security service