mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-06-16 17:55:15 +00:00
8f2123ff16
8014: Extended support for RunAs - real and effctive authorities 8032: Build Fix - there is a special check for the effective user 8094: Fix for NPE in AuthenticationUtil noticed on first upgrade from V2.1.x to V2.2 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8471 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
92 lines
3.3 KiB
Java
92 lines
3.3 KiB
Java
/*
|
|
* Copyright (C) 2005-2007 Alfresco Software Limited.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
* As a special exception to the terms and conditions of version 2.0 of
|
|
* the GPL, you may redistribute this Program in connection with Free/Libre
|
|
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
|
* FLOSS exception. You should have recieved a copy of the text describing
|
|
* the FLOSS exception, and it is also available here:
|
|
* http://www.alfresco.com/legal/licensing"
|
|
*/
|
|
package org.alfresco.repo.security.authentication;
|
|
|
|
import net.sf.acegisecurity.Authentication;
|
|
import net.sf.acegisecurity.context.security.SecureContext;
|
|
|
|
/**
|
|
* Extensions for the Alfresco security context.
|
|
*
|
|
* This is based on the Linux model and supports real, effective and stored authorities
|
|
*
|
|
* The real authority is used for auditing and reporting who the user is etc.
|
|
* The effective authority is used for permission checks.
|
|
*
|
|
* RunAs support leaves the real authority and changes only the effective authority
|
|
* That means "special" code can run code as system but still be audited as Joe
|
|
*
|
|
* In the future scrips etc can support a setUId flag and run as the owner of the script.
|
|
* If the script chooses to do this ....
|
|
* A method invocation could do the same (after entry security checks)
|
|
*
|
|
* TODO: extent runAs to take a nodeRef context - it can then set the stored atc and set this as effective if required.
|
|
*
|
|
* @author andyh
|
|
*
|
|
*/
|
|
public interface AlfrescoSecureContext extends SecureContext
|
|
{
|
|
/**
|
|
* Get the effective authentication - used for permission checks
|
|
* @return
|
|
*/
|
|
public Authentication getEffectiveAuthentication();
|
|
|
|
/**
|
|
* Get the real authenticaiton - used for auditing and everything else
|
|
* @return
|
|
*/
|
|
public Authentication getRealAuthentication();
|
|
|
|
/**
|
|
* Get the store authentication - used for setuid scripts and methods
|
|
* @return
|
|
*/
|
|
public Authentication getStoredAuthentication();
|
|
|
|
/**
|
|
* Set the effective authentication held by the context
|
|
*
|
|
* @param effictiveAuthentication
|
|
*/
|
|
public void setEffectiveAuthentication(Authentication effictiveAuthentication);
|
|
|
|
/**
|
|
* Set the real authentication held by the context
|
|
*
|
|
* @param realAuthentication
|
|
*/
|
|
public void setRealAuthentication(Authentication realAuthentication);
|
|
|
|
/**
|
|
* Set the stored authentication held by the context
|
|
*
|
|
* @param storedAuthentication
|
|
*/
|
|
public void setStoredAuthentication(Authentication storedAuthentication);
|
|
|
|
}
|