AccessControlServerHelper (WNC.X-10.0.0.00.117)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

wt.access
Class AccessControlServerHelper

java.lang.Object
  wt.access.AccessControlServerHelper

All Implemented Interfaces:: Externalizable, Serializable

public class AccessControlServerHelper
extends Object
implements Externalizable
extends Object
implements Externalizable

Helper class that provides server invokable access control methods. It also provides easy access to the implementation of methods defined by the AccessControlManagerSvr interface.

Supported API: true

Extendable: false

See Also:: Serialized Form

Method Summary
`static void`	`disableNotAuthorizedAudit()` Disables auditing of the `NotAuthorizedException`.
`static boolean`	`isNotAuthorizedAuditEnabled()` Returns true if auditing of the `NotAuthorizedException` is enabled, otherwise returns false.
`static void`	`reenableNotAuthorizedAudit()` Reenables auditing of the `NotAuthorizedException`.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

disableNotAuthorizedAudit

public static void disableNotAuthorizedAudit()

Disables auditing of the NotAuthorizedException. A MethodContext key's value is incremented to indicate that the exception should not be audited. When the key exists with a nonzero value, auditing is disabled.

This method is to be used when the NotAuthorizedException does not result in a user's action failing due to the lack of access rights. For example, if the details page for a document includes information about its owner, and the accessResource.SECURED_INFORMATION message is displayed instead of the owner information when an attempt to access the owner results in a NotAuthorizedException, auditing should be disabled while attempting to get the owner information. Auditing must be reenabled after the access attempt is complete. Uses of this API should be minimal. Consider calling one of the AccessControlManager access checking methods such as a hasAccess method and checking the result rather than catching a NotAuthorizedException.

Code example:

 AccessControlServerHelper.disableNotAuthorizedAudit();
 try {
    // Perform an operation that may throw a NotAuthorizedException
    // nested in a WTRuntimeException
    ...
 }
 catch (WTRuntimeException wtre) {
    if (wtre.getNestedThrowable() instanceof NotAuthorizedException)
 {
       // Handle the authorization error that should not result in
       // the user's action failing
    }
    else {
       throw wtre;
    }
 }
 finally {
    AccessControlServerHelper.reenableNotAuthorizedAudit();
 }

Supported API: true

isNotAuthorizedAuditEnabled

public static boolean isNotAuthorizedAuditEnabled()

Returns true if auditing of the NotAuthorizedException is enabled, otherwise returns false.

Supported API: true

Returns:: boolean
See Also:: disableNotAuthorizedAudit(), reenableNotAuthorizedAudit()

reenableNotAuthorizedAudit

public static void reenableNotAuthorizedAudit()

Reenables auditing of the NotAuthorizedException. The value of a MethodContext key that was added when auditing of exceptions was disabled is decremented. If the key's value goes to zero, the key is removed and auditing of exceptions is reenabled.

Supported API: true