Added a mechanism for pluggable event access control.
git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@1135 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
@@ -0,0 +1,25 @@
|
||||
//
|
||||
// $Id: AccessController.java,v 1.1 2002/03/20 03:19:51 mdb Exp $
|
||||
|
||||
package com.threerings.presents.dobj;
|
||||
|
||||
/**
|
||||
* Used to validate distributed object subscription requests and event
|
||||
* dispatches.
|
||||
*
|
||||
* @see DObject#setAccessController
|
||||
*/
|
||||
public interface AccessController
|
||||
{
|
||||
/**
|
||||
* Should return true if the supplied subscriber is allowed to
|
||||
* subscribe to the specified object.
|
||||
*/
|
||||
public boolean allowSubscribe (DObject object, Subscriber subscriber);
|
||||
|
||||
/**
|
||||
* Should return true if the supplied event is legal for dispatch on
|
||||
* the specified distributed object.
|
||||
*/
|
||||
public boolean allowDispatch (DObject object, DEvent event);
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
//
|
||||
// $Id: DEvent.java,v 1.8 2001/11/18 04:27:56 mdb Exp $
|
||||
// $Id: DEvent.java,v 1.9 2002/03/20 03:19:51 mdb Exp $
|
||||
|
||||
package com.threerings.presents.dobj;
|
||||
|
||||
@@ -36,8 +36,11 @@ public abstract class DEvent
|
||||
throws ObjectAccessException;
|
||||
|
||||
/**
|
||||
* Returns the object id of the client that generated this event. This
|
||||
* will only be valid on the server, it will return -1 otherwise.
|
||||
* Returns the object id of the client that generated this event. If
|
||||
* the event was generated by the server, the value returned will be
|
||||
* -1. This is not valid on the client, it will return -1 for all
|
||||
* events there (it is primarily provided to allow for event-level
|
||||
* access control).
|
||||
*/
|
||||
public int getSourceOid ()
|
||||
{
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
//
|
||||
// $Id: DObject.java,v 1.41 2002/03/19 01:10:02 mdb Exp $
|
||||
// $Id: DObject.java,v 1.42 2002/03/20 03:19:51 mdb Exp $
|
||||
|
||||
package com.threerings.presents.dobj;
|
||||
|
||||
@@ -178,6 +178,27 @@ public class DObject
|
||||
ListUtil.clear(_listeners, listener);
|
||||
}
|
||||
|
||||
/**
|
||||
* Provides this object with an entity that can be used to validate
|
||||
* subscription requests and events before they are processed. The
|
||||
* access controller is handy for ensuring that clients are behaving
|
||||
* as expected and for preventing impermissible modifications or event
|
||||
* dispatches on a distributed object.
|
||||
*/
|
||||
public void setAccessController (AccessController controller)
|
||||
{
|
||||
_controller = controller;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a reference to the access controller in use by this object
|
||||
* or null if none has been configured.
|
||||
*/
|
||||
public AccessController getAccessController ()
|
||||
{
|
||||
return _controller;
|
||||
}
|
||||
|
||||
/**
|
||||
* At times, an entity on the server may need to ensure that events it
|
||||
* has queued up have made it through the event queue and are applied
|
||||
@@ -262,9 +283,10 @@ public class DObject
|
||||
/**
|
||||
* Checks to ensure that the specified subscriber has access to this
|
||||
* object. This will be called before satisfying a subscription
|
||||
* request. By default objects are accessible to all subscribers, but
|
||||
* certain objects may wish to implement more fine grained access
|
||||
* control.
|
||||
* request. If an {@link AccessController} has been specified for this
|
||||
* object, it will be used to determine whether or not to allow the
|
||||
* subscription request. If no controller is set, the subscription
|
||||
* will be allowed.
|
||||
*
|
||||
* @param sub the subscriber that will subscribe to this object.
|
||||
*
|
||||
@@ -273,14 +295,19 @@ public class DObject
|
||||
*/
|
||||
public boolean checkPermissions (Subscriber sub)
|
||||
{
|
||||
return true;
|
||||
if (_controller != null) {
|
||||
return _controller.allowSubscribe(this, sub);
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks to ensure that this event which is about to be processed,
|
||||
* has the appropriate permissions. By default objects accept all
|
||||
* manner of events, but certain objects may wish to implement more
|
||||
* fine grained access control.
|
||||
* has the appropriate permissions. If an {@link AccessController} has
|
||||
* been specified for this object, it will be used to determine
|
||||
* whether or not to allow the even dispatch. If no controller is set,
|
||||
* all events are allowed.
|
||||
*
|
||||
* @param event the event that will be dispatched, object permitting.
|
||||
*
|
||||
@@ -289,7 +316,11 @@ public class DObject
|
||||
*/
|
||||
public boolean checkPermissions (DEvent event)
|
||||
{
|
||||
return true;
|
||||
if (_controller != null) {
|
||||
return _controller.allowDispatch(this, event);
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -648,6 +679,10 @@ public class DObject
|
||||
/** A reference to our object manager. */
|
||||
protected DObjectManager _omgr;
|
||||
|
||||
/** The entity that tells us if an event or subscription request
|
||||
* should be allowed. */
|
||||
protected AccessController _controller;
|
||||
|
||||
/** A list of outstanding locks. */
|
||||
protected Object[] _locks;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user