org.directwebremoting.extend
Interface AccessControl

All Known Implementing Classes:
DefaultAccessControl

public interface AccessControl

Control who should be accessing which methods on which classes.

Author:
Joe Walker [joe at getahead dot ltd dot uk]

Method Summary
 void addExcludeRule(java.lang.String scriptName, java.lang.String methodName)
          Add an exclude rule.
 void addIncludeRule(java.lang.String scriptName, java.lang.String methodName)
          Add an include rule.
 void addRoleRestriction(java.lang.String scriptName, java.lang.String methodName, java.lang.String role)
          J2EE role based security allows us to restrict methods to only being used by people in certain roles.
 void assertGeneralDisplayable(java.lang.String scriptName, MethodDeclaration method)
          Check the method for accessibility at 'compile-time' (i.e.
 void assertGeneralExecutionIsPossible(java.lang.String scriptName, MethodDeclaration method)
          Check the method for accessibility at runtime, and return an error message if anything is wrong.
 void assertMethodDisplayable(java.lang.Class<?> clazz, java.lang.reflect.Method method)
          Complementing checks for a remoted Java class and method.
 void assertMethodExecutionIsPossible(java.lang.Class<?> clazz, java.lang.reflect.Method method)
          Complementing checks for a remoted Java class and method.
 

Method Detail

assertGeneralExecutionIsPossible

void assertGeneralExecutionIsPossible(java.lang.String scriptName,
                                      MethodDeclaration method)
                                      throws java.lang.SecurityException
Check the method for accessibility at runtime, and return an error message if anything is wrong. If nothing is wrong, return null.

See notes on getReasonToNotDisplay(). This method should duplicate the tests made by that method.

This is not a great because it mixes 2 bits of information in the same variable (is it wrong, and what is wrong) but without multi-value returns in Java this seems like the most simple implementation.

Parameters:
scriptName - The Javascript name of the class
method - A logical method declaration
Throws:
java.lang.SecurityException - If the given method is disallowed
See Also:
assertGeneralDisplayable(String, MethodDeclaration)

assertMethodExecutionIsPossible

void assertMethodExecutionIsPossible(java.lang.Class<?> clazz,
                                     java.lang.reflect.Method method)
                                     throws java.lang.SecurityException
Complementing checks for a remoted Java class and method.

Parameters:
clazz - An actual Java class
method - An actual reflected Java method
Throws:
java.lang.SecurityException
See Also:
assertGeneralExecutionIsPossible(String, MethodDeclaration)

assertGeneralDisplayable

void assertGeneralDisplayable(java.lang.String scriptName,
                              MethodDeclaration method)
                              throws java.lang.SecurityException
Check the method for accessibility at 'compile-time' (i.e. when the application is downloaded), and return an error message if anything is wrong. If nothing is wrong, return null.

This method is similar to getReasonToNotExecute() except that there may be checks (like security checks) that we wish to make only at runtime in case the situation changes between 'compile-time' and runtime.

This is not a great because it mixes 2 bits of information in the same variable (is it wrong, and what is wrong) but without multi-value returns in Java this seems like the most simple implementation.

Parameters:
scriptName - The Javascript name of the class
method - A logical method declaration
Throws:
java.lang.SecurityException - If the given method is disallowed
See Also:
assertGeneralExecutionIsPossible(String, MethodDeclaration)

assertMethodDisplayable

void assertMethodDisplayable(java.lang.Class<?> clazz,
                             java.lang.reflect.Method method)
                             throws java.lang.SecurityException
Complementing checks for a remoted Java class and method.

Parameters:
clazz - An actual Java class
method - An actual reflected Java method
Throws:
java.lang.SecurityException
See Also:
assertGeneralDisplayable(String, MethodDeclaration)

addRoleRestriction

void addRoleRestriction(java.lang.String scriptName,
                        java.lang.String methodName,
                        java.lang.String role)
J2EE role based security allows us to restrict methods to only being used by people in certain roles.

Parameters:
scriptName - The name of the creator to Javascript
methodName - The name of the method (without brackets)
role - The new role name to add to the list for the given scriptName and methodName

addIncludeRule

void addIncludeRule(java.lang.String scriptName,
                    java.lang.String methodName)
Add an include rule. Each creator can have either a list of inclusions or a list of exclusions but not both. If a creator has a list of inclusions then the default policy is to deny any method that is not specifically included. If the creator has a list of exclusions then the default policy is to allow any method not listed. If there are no included or excluded rules then the default policy is to allow all methods

Parameters:
scriptName - The name of the creator to Javascript
methodName - The name of the method (without brackets)

addExcludeRule

void addExcludeRule(java.lang.String scriptName,
                    java.lang.String methodName)
Add an exclude rule.

Parameters:
scriptName - The name of the creator to Javascript
methodName - The name of the method (without brackets)
See Also:
addIncludeRule(String, String)

Copyright 2008