AccessControlPermission (JavaDocs for oasp4j-security)

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- io.oasp.module.security.common.api.accesscontrol.AccessControl
- - io.oasp.module.security.common.api.accesscontrol.AccessControlPermission

All Implemented Interfaces:

Serializable
```
public class AccessControlPermission
extends AccessControl
```
A AccessControlPermission represents an atomic permission of the application. Each operation (use-case) should have its own permission. These operations are secured referencing the ID of the permission. We do this by annotating the operation method with security.RolesAllowed (from JSR 250). Please do not get confused by the name security.RolesAllowed as we are not assigning roles (see also AccessControlGroup) but permissions instead. We want to use Java standards (such as security.RolesAllowed) where suitable but assigning the allowed roles to a method would end up in unmaintainable system configurations if your application reaches a certain complexity.

If a user is logged in and wants to invoke the operation he needs to own the required permission. Therefore his AccessControlGroups (resp. roles) have to contain the permission directly or indirectly.
In order to avoid naming clashes you should use the name of the application component as prefix of the permission.

Author:

hohwille

See Also:
Serialized Form

- Field Summary
  
  Fields
  Modifier and Type Field and Description
  
  private static long serialVersionUID
  UID for serialization.
- Constructor Summary
  
  Constructors
  Constructor and Description
  
  AccessControlPermission()
  The constructor.
  
  AccessControlPermission(String id)
  The constructor.
- Method Summary
  - Methods inherited from class io.oasp.module.security.common.api.accesscontrol.AccessControl
    equals, getId, hashCode, setId, toString
  - Methods inherited from class java.lang.Object
    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - serialVersionUID
```
private static final long serialVersionUID
```
    UID for serialization.
    
    See Also:
    Constant Field Values
- Constructor Detail
  - AccessControlPermission
```
public AccessControlPermission()
```
    The constructor.
  - AccessControlPermission
```
public AccessControlPermission(String id)
```
    The constructor.
    
    Parameters:
    id - the ID.

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2014–2016 OASP-Team. All rights reserved.