com.jcorporate.expresso.core.dbobj
Class SecuredDBObject

java.lang.Object
  com.jcorporate.expresso.core.dataobjects.BaseDataObject
      com.jcorporate.expresso.core.dataobjects.jdbc.JDBCDataObject
          com.jcorporate.expresso.core.dbobj.DBObject
              com.jcorporate.expresso.core.dbobj.SecuredDBObject

All Implemented Interfaces:

Cacheable, ContextNested, DataObject, LookupInterface, Securable, Serializable

Direct Known Subclasses:

AppIntegration, AuditedSecuredDBObject, AuditLog, AuditLogL, AutoDBObject, CacheSync, ControllerDefault, ControllerXSLMap, DBMessage, DBObjImpl, DBObjLimit, DBOtherMap, DBSequence, DownloadFiles, DownloadLog, Event, EventMail, ISOCountryCodes, JobHandlerControl, JobHandlerRegistry, JobQueue, JobQueueParam, LogEntry, MediaDBObject, MimeTypes, PerfTests, PerfTestSet, PerfTestSetDet, PerfTestStat, RegistrationDBObject, RegistrationDomain, RegistrationObjectMap, RestrictedCountries, RestrictedOverrides, RowSecuredDBObject, SchemaList, SecurityDBObject, Setup, SingleDBUserInfo, UserAgent, UserPreferenceVal, ValidationQueue, ValidationQueueParam

public abstract class SecuredDBObject

extends DBObject

implements Securable

A database object can be stored in a table (or tables), can be retrieved, and various other operations Specific database objects extend this object

Author:

Michael Nash

See Also:

Serialized Form

Nested Class Summary

Nested classes inherited from class com.jcorporate.expresso.core.dbobj.DBObject

DBObject.FieldError, DBObject.FieldUpdate

Field Summary

static String	ADD Field constants for add update search and delete functionality.
static String[]	ALL_FUNCTIONS all possible manipution functions
protected static String	CACHE_NAME Cache name for the system security
protected static long	CACHE_TTY Cache Default Expiration Default value of 30 minutes.
static String	DELETE Designates a Delete Operation
static String	SEARCH Desginates an Search Operation
static int	SYSTEM_ACCOUNT Used in the constructor.
static String	SYSTEM_ACCOUNT_NAME Used in the deprecated constructor.
static String	UPDATE Designates an Update Operation

Fields inherited from class com.jcorporate.expresso.core.dbobj.DBObject

ATTRIBUTE_ERROR, ATTRIBUTE_ERROR_MESSAGE, ATTRIBUTE_PAGE_LIMIT, BIG_DECIMAL_ZERO, EMAIL_MASK, EVENT_ADD, EVENT_DELETE, EVENT_UPDATE, FLOAT_MASK, INT_MASK, IS_CHECK_RELATIONAL_INTEGRITY, UPDATE_CHANGED_ONLY, WHERE_KEYWORD

Fields inherited from class com.jcorporate.expresso.core.dataobjects.jdbc.JDBCDataObject

anyFieldsDistinct, anyFieldsToRetrieve, appendCustomWhere, caseSensitiveQuery, customWhereClause, dbKey, distinctFields, localConnection, LONGBINARY_READ_DEFAULT_SIZE, maxRecords, myClassName, myUpdates, offsetRecord, recordSet, retrieveFields, sMetadataMap, sortKeys

Fields inherited from class com.jcorporate.expresso.core.dataobjects.BaseDataObject

currentStatus, globalMask

Fields inherited from interface com.jcorporate.expresso.core.dataobjects.DataObject

STATUS_CURRENT, STATUS_DELETED, STATUS_NEW, STATUS_UPDATED

Constructor Summary

SecuredDBObject()
Constructor

SecuredDBObject(ControllerRequest request)
Constructor that sets user ID and data context from request

SecuredDBObject(DBConnection newConnection)
Constructor that sets the connection on create

SecuredDBObject(DBConnection theConnection, int theUser)
Constructor: Specify a DB connection AND user id

SecuredDBObject(DBConnection newConnection, String setupTablesContext)

Constructor that sets a connection as the object is created - typically this is used when a particular DBConnection is required for the purposes of maintaining a database transaction.

SecuredDBObject(int newUid)
Constructor: Specify a DB connection AND user

SecuredDBObject(RequestContext request)
For using DBObjects within Controllers.

SecuredDBObject(String dbKey, int theUser)
Alternate form of constructor, specifying the db name/context and the user at once

Method Summary

void	add() If the user is allowed to add, invoke the superclass add
boolean	canRequesterAdd() determine if getRequestingUid has rights to add this kind of object (not just this particular object, but ALL INSTANCES of this kind of object)
boolean	canRequesterDelete() determine if getRequestingUid has rights to delete this kind of object (not just this particular object, but ALL INSTANCES of this kind of object)
boolean	canRequesterRead() determine if getRequestingUid has rights to read this kind of object (not just this particular object, but ALL INSTANCES of this kind of object)
boolean	canRequesterUpdate() determine if getRequestingUid has rights to update this kind of object (not just this particular object, but ALL INSTANCES of this kind of object)
boolean	checkAllowed(String requestedFunction) See if the current user has permission to perform the permissions
void	copyAttributes(DBObject returnObj) this method should make sure that the 'returnObj' object is properly initialized with copied UID and data context as this (parent) object
int	count() Security check on count
protected void	createSecurityCache() Creates the security caches Synchronized to provide thread safety since this is accessing a system-wide object.
void	delete() Delete a record from the target table
void	deleteAll() Security check on deleteAll
boolean	find() Just like retrieve, but works with any fields, not just the key field.
int	getRequestingUid() New version of "setUser()", returns the integer UID of the permissions this dbobject is operating under
protected String	getString(String stringCode) Convenience method of the above with no arguments
protected String	getString(String stringCode, Object[] args) Convenience method to get a local language string from within any SecuredDBObject by using the user's language perferences automatically
protected String	getString(String stringCode, String arg1) Convenience method of the above without array arguments
protected String	getString(String stringCode, String arg1, String arg2) Convenience method of the above without array arguments
protected String	getString(String stringCode, String arg1, String arg2, String arg3) Convenience method of the above without array arguments
protected String	getString(String stringCode, String arg1, String arg2, String arg3, String arg4) Convenience method of the above without array arguments
int	getSystemUid() Retrieve the uid of the 'System Account'
static SecuredDBObject	instantiate(String className) Convenience factory method to create a SecuredDBObject object from it's name
void	isAllowed(String requestedFunction) See if the current user of this DB object is allowed to perform the requested function, given the function's code.
void	retrieve() Get a particular record from the database into this object's fields Assumes that the key fields are set to the key of the object to be retrieved
void	search() Find a set of keys of all of the objects that match the current search critieria in the fields Assumes that the fields are populated with search criteria instead of data NOTE: Criteria in 'text' type colums is ignored (SQL Server limitation)
ArrayList	searchAndRetrieveList() Find a set of records of all of the objects that match the current search critieria in the fields and retrieve the list of all records that match this criteria NOTE: Criteria in 'text' type colums is ignored (SQL Server limitation)
ArrayList	searchAndRetrieveList(String sortKeys) Find a set of records of all of the objects that match the current search critieria in the fields and retrieve the list of all records that match this criteria NOTE: Criteria in 'text' type colums is ignored (SQL Server limitation)
void	setRequestingUid(int newUid) New version of "setUser()" to to speak.
void	update() Update the database with the new info

Methods inherited from class com.jcorporate.expresso.core.dbobj.DBObject

addDetail, addField, addField, addFieldError, addFoundKeys, addIfNeeded, addIndex, addKey, addOrUpdate, addSortKey, addTransition, addVirtualField, addVirtualField, addVirtualField, addVirtualField, average, basicAdd, cacheIsChangedComparison, checkAllReferredToBy, checkAllRefs, checkAllRefsPublic, checkDeleteDetailPerm, checkField, checkRef, checkRef, clear, clearDistinctFields, clearError, clearFieldsToRetrieve, clearSortKeys, containsWildCards, delete, deleteAll, deleteDetails, denotesRange, equals, forKey, formatDateTime, get, getAllAttributes, getAttribute, getAttributesIterator, getBooleanFieldValue, getCacheSize, getCacheStatsMap, getCacheUtil, getCheckZeroUpdate, getCustomWhereClause, getDataContext, getDataField, getDataTransferObject, getDBName, getDetails, getDistinctFieldCount, getDistinctFields, getField, getFieldBigDecimal, getFieldBoolean, getFieldByte, getFieldByteArray, getFieldData, getFieldDate, getFieldDecimalFormatted, getFieldDouble, getFieldErrorMessage, getFieldFloat, getFieldInt, getFieldLong, getFieldMetaData, getFieldShort, getFieldsToRetrieveCount, getFilterClass, getFoundCount, getFoundKeysArray, getIndexArray, getISOValuesDefault, getISOValuesDefault, getISOValuesDefault, getKey, getKeyFieldListIterator, getLength, getLengthInt, getLocalConnection, getLocale, getLogger, getLookupObject, getMax, getMax, getMaxRecords, getMyKeys, getMyUpdatesArray, getOffsetRecord, getPatternMatcher, getPrecision, getSerializedForm, getStringFilter, getThisDBbj, getThisDBObj, getValidValueDescrip, getValidValues, getValidValuesList, getValues, getValuesDefault, getValuesDefault, getValuesDefault, hasError, hasErrors, haveAllKeys, initialize, isCached, isChanged, isDistinct, isEmpty, isFieldDistinct, isFieldNull, isFieldsToRetrieve, isFieldToRetrieve, isMultiValued, isReadOnly, isSecret, isVirtual, loadFromConnection, logChange, max, min, newInstance, noNewLine, noQuotes, notifyListeners, populateDefaultValues, referredToBy, removeAttribute, removeFromCache, retrieveFromCache, saveBinaryField, search, set, setAttribute, setCacheSize, setCharset, setCheckZeroUpdate, setConnection, setConnection, setCustomWhereClause, setCustomWhereClause, setDataContext, setDataField, setDataTransferObject, setDefaultValue, setDescription, setField, setField, setField, setField, setField, setField, setField, setField, setField, setField, setFieldData, setFieldData, setFieldDistinct, setFieldsToRetrieve, setFilterClass, setFilterClass, setKeys, setLocale, setLookupField, setLookupObject, setMask, setMaxRecords, setMultiValued, setName, setOffsetRecord, setReadOnly, setSchema, setSecret, setSortKey, setStringFilter, setStringFiltersOnAll, setTargetDbSchema, setTargetTable, setupFields, sqlAggrFunction, sum, toDebugString, update, updateAll, updateAll, verify

Methods inherited from class com.jcorporate.expresso.core.dataobjects.jdbc.JDBCDataObject

addInParam, addOutParam, buildWhereClause, buildWhereClauseBuffer, checkZeroUpdate, constructNewMetaData, createAndExecuteSearch, createAndRunStoreProcedure, getConnectionPool, getCustomStringFieldValue, getDef, getDistinctFieldArrayList, getExecutor, getFieldsToRetrieveIterator, getJDBCMetaData, getJDBCUtil, getMappedDataContext, getMetaData, getQueryInterface, getSerialForm, loadFromConnection, makeLimitationStub, quoteIfNeeded, runStoredProcedure, runStoredProcedureAndRetrieveList, selectFieldString, setCaseSensitiveQuery, setDBConnectionPool, setDBName, setMappedDataContext, setOriginalDBName, setTargetStoreProcedure

Methods inherited from class com.jcorporate.expresso.core.dataobjects.BaseDataObject

getGlobalMask, getStatus, isGlobalMasked, setFieldsWithDefaults, setGlobalMask, setStatus

Methods inherited from class java.lang.Object

clone, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SYSTEM_ACCOUNT

public static final int SYSTEM_ACCOUNT

Used in the constructor. If you use the SYSTEM_ACCOUNT, there are no security checks performed before a Database Object is used. BE CAREFUL ON USING THIS as it effectively bypasses security!

See Also:

Constant Field Values

SYSTEM_ACCOUNT_NAME

public static final String SYSTEM_ACCOUNT_NAME

Used in the deprecated constructor. If you use this, there are no security checks performed before a Database Object is used. BE CAREFUL ON USING THIS as it effectively bypasses security!

See Also:

Constant Field Values

CACHE_NAME

protected static final String CACHE_NAME

Cache name for the system security

CACHE_TTY

protected static final long CACHE_TTY

Cache Default Expiration Default value of 30 minutes.

See Also:

Constant Field Values

ADD

public static final String ADD

Field constants for add update search and delete functionality. Designates an add operation

See Also:

Constant Field Values

DELETE

public static final String DELETE

Designates a Delete Operation

See Also:

Constant Field Values

SEARCH

public static final String SEARCH

Desginates an Search Operation

See Also:

Constant Field Values

UPDATE

public static final String UPDATE

Designates an Update Operation

See Also:

Constant Field Values

ALL_FUNCTIONS

public static final String[] ALL_FUNCTIONS

all possible manipution functions

Constructor Detail

SecuredDBObject

public SecuredDBObject()
                throws DBException

Constructor

SecuredDBObject

public SecuredDBObject(DBConnection newConnection)
                throws DBException

Constructor that sets the connection on create

Parameters:

newConnection - The dbConnection object to associate with this object

SecuredDBObject

public SecuredDBObject(DBConnection newConnection,
                       String setupTablesContext)
                throws DBException

Constructor that sets a connection as the object is created - typically this is used when a particular DBConnection is required for the purposes of maintaining a database transaction. If a specific connection is not used, there is no way to use commit() and rollback() in the event of failure, as a different DBConnection might be used for each phase of the transaction. Critial sections should therefore explicity request a DBConnection from the connection pool and pass it to each of the DB objects in that section.

This constructor is neceesary to work with otherDBMap and transaction capabilities

Parameters:

newConnection - The DBConnection to utilize

setupTablesContext - The data context that contains the setup (and security) tables for this object

Since:

Expresso 5.0.1

SecuredDBObject

public SecuredDBObject(ControllerRequest request)
                throws DBException

Constructor that sets user ID and data context from request

Parameters:

request - the request from which to set user, context

Throws:

DBException - upon construction error

SecuredDBObject

public SecuredDBObject(int newUid)
                throws DBException

Constructor: Specify a DB connection AND user

Parameters:

newUid - User ID attempting to use this object. If this is SecuredDBObject.SYSTEM_ACCOUNT, then full permissions are granted. Note that you cannot log in as SecuredDBObject.SYSTEM_ACCOUNT, t can only be used from within a method.

Throws:

DBException - If the object cannot be created

SecuredDBObject

public SecuredDBObject(DBConnection theConnection,
                       int theUser)
                throws DBException

Constructor: Specify a DB connection AND user id

Parameters:

theConnection - A DBConnection that this object should use to connect to the database

theUser - User name attempting to use this object. If this is "SYSTEM", then full permissions are granted. Note that you cannot log in as "SYSTEM", it can only be used from within a method.

Throws:

DBException - If the object cannot be created

SecuredDBObject

public SecuredDBObject(RequestContext request)
                throws DBException

For using DBObjects within Controllers. Initializes based upon the current login user id, locale, and the requested db context.

Parameters:

request - - The controller request handed to you by the framework.

Throws:

DBException - if there's an error constructing the SecuredDBObject

SecuredDBObject

public SecuredDBObject(String dbKey,
                       int theUser)
                throws DBException

Alternate form of constructor, specifying the db name/context and the user at once

Parameters:

dbKey - db/Context key for the context being requested

theUser - User id of the user requesting access

Method Detail

setRequestingUid

public void setRequestingUid(int newUid)

New version of "setUser()" to to speak.

Specified by:

setRequestingUid in interface Securable

Parameters:

newUid - Sets the UID for this DBObject. Used for security checks.

Since:

Expresso 4.0

getRequestingUid

public int getRequestingUid()

New version of "setUser()", returns the integer UID of the permissions this dbobject is operating under

Specified by:

getRequestingUid in interface Securable

Returns:

The User's UID for which the DBObject is set to. [-1 if it's the system account]

Since:

Expresso 4.0

add

public void add()
         throws DBException

If the user is allowed to add, invoke the superclass add

Specified by:

add in interface DataObject

Overrides:

add in class DBObject

Throws:

DBException - If the user is not permitted to add or if the add fails

checkAllowed

public boolean checkAllowed(String requestedFunction)
                     throws DBException

See if the current user has permission to perform the permissions

Overrides:

checkAllowed in class DBObject

Parameters:

requestedFunction - (A)dd, (U)pdate, (D)elete, (S)earch

Returns:

boolean: true if the operation is allowed, or false if it is not

Throws:

DBException - upon error.

See Also:

isAllowed(java.lang.String)

delete

public void delete()
            throws DBException

Delete a record from the target table

Specified by:

delete in interface DataObject

Overrides:

delete in class DBObject

Throws:

DBException - if delete is not allowed for the current user

See Also:

to delete objects identified by non-key fields

find

public boolean find()
             throws DBException

Just like retrieve, but works with any fields, not just the key field. Finds only first record matching the criteria

Specified by:

find in interface DataObject

Overrides:

find in class DBObject

Returns:

boolean If a matching record is found, else false

Throws:

DBException - if search is not allowed

createSecurityCache

protected void createSecurityCache()
                            throws CacheException

Creates the security caches Synchronized to provide thread safety since this is accessing a system-wide object.

Throws:

CacheException - if there's an error creating the cache or adding the listeners.

isAllowed

public void isAllowed(String requestedFunction)
               throws SecurityException,
                      DBException

See if the current user of this DB object is allowed to perform the requested function, given the function's code.

Specified by:

isAllowed in interface Securable

Parameters:

requestedFunction - The code of the requested function. The codes are:

1. A: Add
3. S: Search
5. U: Update
7. D: Delete

Throws:

DBException - If the requested operation is not permitted to this user

SecurityException - if the user is not allowed

getSystemUid

public int getSystemUid()

Retrieve the uid of the 'System Account'

Returns:

usually -1. May vary depending on the implementation.

retrieve

public void retrieve()
              throws DBException

Get a particular record from the database into this object's fields Assumes that the key fields are set to the key of the object to be retrieved

Overrides:

retrieve in class DBObject

Throws:

DBException - if search is not allowed or if no record is found

See Also:

DBObject.find()

search

public void search()
            throws DBException

Find a set of keys of all of the objects that match the current search critieria in the fields Assumes that the fields are populated with search criteria instead of data NOTE: Criteria in 'text' type colums is ignored (SQL Server limitation)

Overrides:

search in class DBObject

Throws:

DBException - if search is not allowed for the current user

searchAndRetrieveList

public ArrayList searchAndRetrieveList()
                                throws DBException

Find a set of records of all of the objects that match the current search critieria in the fields and retrieve the list of all records that match this criteria NOTE: Criteria in 'text' type colums is ignored (SQL Server limitation)

Specified by:

searchAndRetrieveList in interface DataObject

Overrides:

searchAndRetrieveList in class DBObject

Returns:

An ArrayList containing all of the objects matching the criteria

Throws:

DBException - if search is not allowed for the current user

Since:

Expresso 4.0

searchAndRetrieveList

public ArrayList searchAndRetrieveList(String sortKeys)
                                throws DBException

Find a set of records of all of the objects that match the current search critieria in the fields and retrieve the list of all records that match this criteria NOTE: Criteria in 'text' type colums is ignored (SQL Server limitation)

Specified by:

searchAndRetrieveList in interface DataObject

Overrides:

searchAndRetrieveList in class DBObject

Parameters:

sortKeys - A list of field names, seperated by pipes, that determine the order in which the records retrieved are sorted

Returns:

java.util.ArrayList of DBObjects found.

Throws:

DBException - if search is not allowed for the current user

Since:

Expreso 4.0

update

public void update()
            throws DBException

Update the database with the new info

Specified by:

update in interface DataObject

Overrides:

update in class DBObject

Throws:

DBException - if update is not allowed for the current user

See Also:

DBObject.update(boolean)

getString

protected String getString(String stringCode,
                           Object[] args)
                    throws DBException

Convenience method to get a local language string from within any SecuredDBObject by using the user's language perferences automatically

Parameters:

stringCode - The string code in the MessagesBundle to retrieve

args - The i18n formatting arguments which equals the standard arguments for a normal Java i18n APi

Returns:

The properly formatted string.

Throws:

DBException - if there's an error recovering the message string.

instantiate

public static SecuredDBObject instantiate(String className)
                                   throws DBException

Convenience factory method to create a SecuredDBObject object from it's name

Parameters:

className - The classname to instantiate of this DBObject.

Returns:

The fully constructed SecuredDBObject

Throws:

DBException - if there's an error constructing the DBOBject

getString

protected String getString(String stringCode)
                    throws DBException

Convenience method of the above with no arguments

Parameters:

stringCode - The string code to retrieve from the MessagesBundle.

Returns:

The formatted message string

Throws:

DBException - if there's an error retrieving the text

getString

protected String getString(String stringCode,
                           String arg1)
                    throws DBException

Convenience method of the above without array arguments

Parameters:

arg1 - Formatting Argument #1

stringCode - The string code to retrieve from the MessagesBundle.

Returns:

The formatted message string

Throws:

DBException - if there's an error retrieving the text

getString

protected String getString(String stringCode,
                           String arg1,
                           String arg2)
                    throws DBException

Convenience method of the above without array arguments

Parameters:

stringCode - The string code to retrieve from the MessagesBundle.

arg1 - Formatting Argument #1

arg2 - Formatting Argument #2

Returns:

The formatted message string

Throws:

DBException - if there's an error retrieving the text

getString

protected String getString(String stringCode,
                           String arg1,
                           String arg2,
                           String arg3)
                    throws DBException

Convenience method of the above without array arguments

Parameters:

stringCode - The string code to retrieve from the MessagesBundle.

arg1 - Formatting Argument #1

arg2 - Formatting Argument #2

arg3 - Formatting Argument #3

Returns:

The formatted message string

Throws:

DBException - if there's an error retrieving the text

getString

protected String getString(String stringCode,
                           String arg1,
                           String arg2,
                           String arg3,
                           String arg4)
                    throws DBException

Convenience method of the above without array arguments

Parameters:

stringCode - The string code to retrieve from the MessagesBundle.

arg1 - Formatting Argument #1

arg2 - Formatting Argument #2

arg3 - Formatting Argument #3

arg4 - Formatting Argument #4

Returns:

The formatted message string

Throws:

DBException - if there's an error retrieving the text

copyAttributes

public void copyAttributes(DBObject returnObj)
                    throws DBException

this method should make sure that the 'returnObj' object is properly initialized with copied UID and data context as this (parent) object

Overrides:

copyAttributes in class DBObject

Parameters:

returnObj - the object to copy the attributes into.

Throws:

DBException - upon error

count

public int count()
          throws DBException

Security check on count

Specified by:

count in interface DataObject

Overrides:

count in class DBObject

Returns:

the count

Throws:

DBException - or security exception if search permissions is not allowed

deleteAll

public void deleteAll()
               throws DBException

Security check on deleteAll

Overrides:

deleteAll in class DBObject

Throws:

DBException - upon error

canRequesterRead

public boolean canRequesterRead()
                         throws DBException

determine if getRequestingUid has rights to read this kind of object (not just this particular object, but ALL INSTANCES of this kind of object)

Returns:

true if getRequestingUid has rights to read this row

Throws:

DBException - upon database communication error

canRequesterAdd

public boolean canRequesterAdd()
                        throws DBException

determine if getRequestingUid has rights to add this kind of object (not just this particular object, but ALL INSTANCES of this kind of object)

Returns:

true if requesting id has permission to add

Throws:

DBException - upon database communication error

canRequesterDelete

public boolean canRequesterDelete()
                           throws DBException

determine if getRequestingUid has rights to delete this kind of object (not just this particular object, but ALL INSTANCES of this kind of object)

Returns:

true if requesting id has permission to delete

Throws:

DBException - upon database communication error

canRequesterUpdate

public boolean canRequesterUpdate()
                           throws DBException

determine if getRequestingUid has rights to update this kind of object (not just this particular object, but ALL INSTANCES of this kind of object)

Returns:

true if requesting id has permission to update

Throws:

DBException - upon database communication error