public class AccessControl extends CloneableDataObject
Title: Structured Data Objects
Description: Access control object that hold event security information.
< This is an access control list for event data elements. It is presented as a byte array (appears as Base64 encoded in XML). The bits have the following meaning: <
+------------+-------------+------------+ | Read Bit | Write Bit | Xmit Bit | +------------+-------------+------------+------------------------+--------------+ | 27 | 37 | 47 | Allow Public | Domain | +------------+-------------+------------+------------------------+--------------+ | 26 | 36 | 46 | Allow Group Principal | Global | +------------+-------------+------------+------------------------+--------------+ | 25 | 35 | 45 | Allow User Principal | Observable | +------------+-------------+------------+------------------------+--------------+ | 24 | 34 | 44 | Disallow | Local | +------------+-------------+------------+------------------------+--------------+Additional meaning may be assigned in the future. However the critical aspects of read, write and re-transmit are covered here. The participants have the following meaning:
Group Principal - denotes a user group ACL. The user credential is a specially encoded token that verifies user role. This Encoded Access Token (EAT) is generated and verified by the upper layers of the exchange. Namely theFabricEventSourceFactory
is responsible for locking the Event Datagram, verifyring the principal's identity and generating the EAT as part or its coalesce operation. For groups the token is marked with a preamble that denotes a group role and credential. When the event is received by the recipient it is passed to theFabricEventSinkFactory
for presentation to the user application. The users credentials are compared to those of the event datagram and verified against the local security mechanisms to ensure this is a valid group. If there is a match the EAT is re-generated and passed to the EvGram (and possibly cached for performance). The factory then matches the 3-way credential to the EvGram as part of its present operation. User Principal - denotes a user ACL. Processing for this token is similar to the steps above but the EAT preamble specifies that this is a user and not a group. Global Event - denotes the scope of the raised event that carries this payload. In EventGram parlance, this controls whether the datagram is passed on to all other link participants. Global scope implies that the event is sent along to all group and cluster participants, effectively engaging in broadcast. This is handled automatically by the Exchange and requires no user interaction. Observable Event- implies that the event datagram is propagated only to those users directly subscribing to the event but allowing the specified user to re-transmit the datagram without cloning. Effectively allows a user to programmatically forward the EvGram bypassing the standard coalesce processing. The event header retains all of it's properties and time stamp. Local Event - implies that the event datagram cannot be re-transmitted. The user may manually copy the body of the datagram and re-create the EvGram with the same content if permissions allow, but the new datagram goes thru standard coalesce processing and is stamped with a new Source Id, Time Stamp and credentials. This affects a 'destroy after reading' policy for datagrams.
Copyright: Copyright (c) 2009
Company: StreamScape Technologies
DEFAULT_SERIAL_VERSION_ID
Constructor and Description |
---|
AccessControl() |
AccessControl(boolean global) |
Modifier and Type | Method and Description |
---|---|
AccessControl |
clone()
Clones the object.
|
boolean |
equals(java.lang.Object other) |
byte |
getReadAccess()
Returns the read access setting for this access control.
|
byte |
getTransmitAccess()
Returns the transmit access setting for this access control.
|
byte |
getWriteAccess()
Returns the write access setting for this access control.
|
void |
setReadAccess(byte access)
Sets read access for this access control.
|
void |
setTransmitAccess(byte access)
Sets transmit access setting for this access control.
|
void |
setWriteAccess(byte access)
Sets write access for this access control.
|
java.lang.String |
toSelectorString() |
java.lang.String |
toString() |
getSerialVersionUID
public AccessControl()
public AccessControl(boolean global)
public void setReadAccess(byte access) throws AccessControlException
access
- the access mode to be set.AccessControlException
- if the specified value is invalid.public byte getReadAccess()
public void setWriteAccess(byte access) throws AccessControlException
access
- the access mode to be set.AccessControlException
- if the specified value is invalid.public byte getWriteAccess()
public void setTransmitAccess(byte access) throws AccessControlException
access
- the access mode to be set.AccessControlException
- if the specified value is invalid.public byte getTransmitAccess()
public AccessControl clone()
CloneableDataObject
clone
in interface CloneableObject
clone
in class CloneableDataObject
public java.lang.String toString()
toString
in class java.lang.Object
public java.lang.String toSelectorString()
public boolean equals(java.lang.Object other)
equals
in class java.lang.Object
Copyright © 2015-2024 StreamScape Technologies. All rights reserved.