org.directwebremoting.extend
Interface AccessControl

All Known Implementing Classes:
DefaultAccessControl

public interface AccessControl

Control who should be accessing which methods on which classes.

Author:
Joe Walker [joe at getahead dot ltd dot uk]

Method Summary
 void addExcludeRule(java.lang.String scriptName, java.lang.String methodName)
          Add an exclude rule.
 void addIncludeRule(java.lang.String scriptName, java.lang.String methodName)
          Add an include rule.
 void addRoleRestriction(java.lang.String scriptName, java.lang.String methodName, java.lang.String role)
          J2EE role based security allows us to restrict methods to only being used by people in certain roles.
 void assertExecutionIsPossible(Creator creator, java.lang.String className, java.lang.reflect.Method method)
          Check the method for accessibility at runtime, and return an error message if anything is wrong.
 void assertIsDisplayable(Creator creator, java.lang.String className, java.lang.reflect.Method method)
          Check the method for accessibility at 'compile-time' (i.e.
 

Method Detail

assertExecutionIsPossible

void assertExecutionIsPossible(Creator creator,
                               java.lang.String className,
                               java.lang.reflect.Method method)
                               throws java.lang.SecurityException
Check the method for accessibility at runtime, and return an error message if anything is wrong. If nothing is wrong, return null.

See notes on getReasonToNotDisplay(). This method should duplicate the tests made by that method.

This is not a great becuase it mixes 2 bits of information in the same variable (is it wrong, and what is wrong) but without multi-value returns in Java this seems like the most simple implementation.

Parameters:
creator - Where does the method come from?
className - The Javascript name of the class
method - What is the method to execute?
Throws:
java.lang.SecurityException - If the given method is disallowed
See Also:
assertIsDisplayable(Creator, String, Method)

assertIsDisplayable

void assertIsDisplayable(Creator creator,
                         java.lang.String className,
                         java.lang.reflect.Method method)
                         throws java.lang.SecurityException
Check the method for accessibility at 'compile-time' (i.e. when the app is downloaded), and return an error message if anything is wrong. If nothing is wrong, return null.

This method is similar to getReasonToNotExecute() except that there may be checks (like security checks) that we wish to make only at runtime in case the situation changes between 'compile-time' and runtime.

This is not a great becuase it mixes 2 bits of information in the same variable (is it wrong, and what is wrong) but without multi-value returns in Java this seems like the most simple implementation.

Parameters:
creator - Where does the method come from?
className - The Javascript name of the class
method - What is the method to execute?
Throws:
java.lang.SecurityException - If the given method is disallowed
See Also:
assertExecutionIsPossible(Creator, String, Method)

addRoleRestriction

void addRoleRestriction(java.lang.String scriptName,
                        java.lang.String methodName,
                        java.lang.String role)
J2EE role based security allows us to restrict methods to only being used by people in certain roles.

Parameters:
scriptName - The name of the creator to Javascript
methodName - The name of the method (without brackets)
role - The new role name to add to the list for the given scriptName and methodName

addIncludeRule

void addIncludeRule(java.lang.String scriptName,
                    java.lang.String methodName)
Add an include rule. Each creator can have either a list of inclusions or a list of exclusions but not both. If a creator has a list of inclusions then the default policy is to deny any method that is not specifically included. If the creator has a list of exclusions then the default policy is to allow any method not listed. If there are no included or excluded rules then the default policy is to allow all methods

Parameters:
scriptName - The name of the creator to Javascript
methodName - The name of the method (without brackets)

addExcludeRule

void addExcludeRule(java.lang.String scriptName,
                    java.lang.String methodName)
Add an exclude rule.

Parameters:
scriptName - The name of the creator to Javascript
methodName - The name of the method (without brackets)
See Also:
addIncludeRule(String, String)