Overview  Package   Class  Tree  Deprecated  Index  Help 
OracleAS PDK for Java 9.0.4.0.2
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.portal.provider.v2.security
Class PortletSecurityManager

java.lang.Object
  |
  +--oracle.portal.provider.v2.security.PortletSecurityManager
Direct Known Subclasses:
AuthLevelSecurityManager, DenyAllSecurityManager, GroupSecurityManager, URLSecurityManager
public abstract class PortletSecurityManager
extends java.lang.Object

A PortletSecurityManager is the access controller for a portlet. If the Portlet restricts its capabilities in any manner it implements a PortletSecurityManager. The manager is responsible for authorizing (but not authenticating) the user. There are two authorization levels. The first level checks whether the user is authorized to use this Portlet. The second level checks whether the user is authorized to use a particular instance of this Portlet.

Constructor Summary
PortletSecurityManager()
           
 
Method Summary
abstract  boolean hasAccess(PortletReference ref, ProviderUser user)
          Verifies whether the user is authorized to use this particular portlet instance.
abstract  boolean hasAccess(ProviderInstance pi, PortletDefinition p, ProviderUser user)
          Verifies whether the user is authorized to use this Portlet.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PortletSecurityManager

public PortletSecurityManager()
Method Detail

hasAccess

public abstract boolean hasAccess(ProviderInstance pi,
                                  PortletDefinition p,
                                  ProviderUser user)
Verifies whether the user is authorized to use this Portlet. That is does this user have the necessary privileges to create, get, copy, and destroy instances of this Portlet.

Parameters:
pi - the provider instance from which the portlet is being accessed.
user - the current user we are being asked to authorize.
Returns:
true is this user is authorized to access this portlet.

hasAccess

public abstract boolean hasAccess(PortletReference ref,
                                  ProviderUser user)
                           throws PortletNotFoundException
Verifies whether the user is authorized to use this particular portlet instance. Generally, this check will only be made of the default instance as it is assumed you cannot be denied access to the default while having access to the customized instance, and in turn must always have access to your customized version if you have access to the default. However, if asked to authorize a particular instance the PortletNotFoundException should be thrown if that instance doesn't exist (even if the default does).

Parameters:
ref - portlet reference
user - the current user we are being asked to authorize.
Returns:
true is this user is authorized to access this portlet instance.
PortletNotFoundException
Overview  Package   Class  Tree  Deprecated  Index  Help 
OracleAS PDK for Java 9.0.4.0.2
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright (c) 2002,2003 Oracle Corporation. All Rights Reserved.