Skip to main content

Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Stardust/Knowledge Base/Java API/Document Security

< Stardust‎ | Knowledge Base‎ | Java API
Revision as of 05:51, 13 March 2012 by Unnamed Poltroon (Talk) (Reading the Document Security:)

Overview:

Stardust comes with built in Apache’s Jackrabbit, an open source JCR implementation. Stardust provides a service, called Document Management Service (DMS), to integrate with JCR. Apart from document CRUD, it integrates well with Stardust users, roles, departments, and process attachments seamlessly.

In this article, we will see basic document security API features available with the Stardust. Admin can control the security settings using document repository view of the Stardust portal. For detail, refer “Infinity Documentation > End User Handbooks > Infinity Portal > Common Detail Views and Dialogs > Access Control Editor” section of product documentation at https://infinity.sungard.com/documentation/ipp/6.0/index.jsp


Enabling Document Security:

Document security is not enabled by default. Refer the product documentation mentioned above for enabling document security.

Document Management Service:

This service, DMS, provides the basic API for documents and its security management. It provides the features to create, read, update, and delete the documents and folders. <methods used to get and set policies>

In the next, we will see how we can read and update the security associated with the documents.


Security Data Structure:

A document has set of AccessControlPolicy objects containing security permissions associated with it. Each AccessControlPolicy has a set of AccessControlEntry objects. Where, a signle AccessControlEntry object represents a principal along with its security fields, called privileges.

A principal can be any model participant or dynamic/runtime entity like user or department. The set of privileges can contain all or subset of security permissions given below.


ACL Security Fields:

The document security has the following six fields:

  • Create
  • Read
  • Modify
  • Delete
  • Read ACL
  • Modify ACL

All of these fields can have value of “Allow” or “Deny” to indicate the corresponding permissions. These fields are editable per participant. Any number of available participants can be added on the document ACL and thus their security permissions can be edited separately.


Reading the Document Security:

The following code snippet shows how to read the security data associated with the sample document; 

...
 
              DocumentManagementService dms = sf.getDocumentManagementService();
		List<Document> documentsByName = dms
				.findDocumentsByName("testfile.txt");
 
		if (documentsByName != null && !documentsByName.isEmpty()) {
			for (Document doc : documentsByName) {
				System.out.println("doc:" + doc.getName());
				Set<AccessControlPolicy> policies = dms
						.getPolicies(doc.getId());
				Set<AccessControlPolicy> aPolicies = dms
						.getApplicablePolicies(doc.getId());
 
				for (AccessControlPolicy accessControlPolicy : policies) {
					Set<AccessControlEntry> accessControlEntries = accessControlPolicy
							.getAccessControlEntries();
					for (AccessControlEntry accessControlEntry : accessControlEntries) {
						System.out.println("accessControlEntry.getPrincipal():"
								+ accessControlEntry.getPrincipal());
						System.out
								.println("accessControlEntry.getPrivileges():"
										+ accessControlEntry.getPrivileges());
					}
				}
				System.out.println("policies:" + policies);
 
			}
		} else {
			throw new RuntimeException("Document not found exception:-(");
		}
int test;

Updating the Document Security:

The following code snippets show how to update the security data associated with the sample document; 

...
	         DocumentManagementService dms = sf.getDocumentManagementService();
		List<Document> documentsByName = dms
				.findDocumentsByName("testfile.txt");
 
		if (documentsByName != null && !documentsByName.isEmpty()) {
			for (Document doc : documentsByName) {
				System.out.println("doc:" + doc.getName());
				Set<AccessControlPolicy> policies = dms
						.getPolicies(doc.getId());
 
				// Add the Employee role to read and edit this doc
 
				Principal emp = new DmsPrincipal("Employee"); 
                                   // 'Employee' is a role id.
				// Here instead of this DmsPrincipal constructor use
				// DmsPrincipal(ModelParticipantIndo...)
 
				Set<Privilege> privileges = new HashSet<Privilege>();
				privileges.add(DmsPrivilege.READ_PRIVILEGE);
				privileges.add(DmsPrivilege.MODIFY_PRIVILEGE);
				// privileges.add(DmsPrivilege.ALL_PRIVILEGES);
 
				AccessControlPolicy next = null;
				try {
					policies = dms.getPolicies(doc.getId());
					next = policies.iterator().next();
				} catch (java.util.NoSuchElementException nee) {
					policies = dms.getApplicablePolicies(doc.getId());
					next = policies.iterator().next();
 
				}
				next.addAccessControlEntry(emp, privileges);
				dms.setPolicy(doc.getId(), next);
 
			}
		} else {
			throw new RuntimeException("Document not found exception:-(");
		}

Summary:

Retrieved from "https://wiki.eclipse.org/index.php?title=Stardust/Knowledge_Base/Java_API/Document_Security&oldid=293666"

Back to the top