Added a mechanism for pluggable event access control.
git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@1135 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
@@ -0,0 +1,25 @@
|
|||||||
|
//
|
||||||
|
// $Id: AccessController.java,v 1.1 2002/03/20 03:19:51 mdb Exp $
|
||||||
|
|
||||||
|
package com.threerings.presents.dobj;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Used to validate distributed object subscription requests and event
|
||||||
|
* dispatches.
|
||||||
|
*
|
||||||
|
* @see DObject#setAccessController
|
||||||
|
*/
|
||||||
|
public interface AccessController
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Should return true if the supplied subscriber is allowed to
|
||||||
|
* subscribe to the specified object.
|
||||||
|
*/
|
||||||
|
public boolean allowSubscribe (DObject object, Subscriber subscriber);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Should return true if the supplied event is legal for dispatch on
|
||||||
|
* the specified distributed object.
|
||||||
|
*/
|
||||||
|
public boolean allowDispatch (DObject object, DEvent event);
|
||||||
|
}
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
//
|
//
|
||||||
// $Id: DEvent.java,v 1.8 2001/11/18 04:27:56 mdb Exp $
|
// $Id: DEvent.java,v 1.9 2002/03/20 03:19:51 mdb Exp $
|
||||||
|
|
||||||
package com.threerings.presents.dobj;
|
package com.threerings.presents.dobj;
|
||||||
|
|
||||||
@@ -36,8 +36,11 @@ public abstract class DEvent
|
|||||||
throws ObjectAccessException;
|
throws ObjectAccessException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the object id of the client that generated this event. This
|
* Returns the object id of the client that generated this event. If
|
||||||
* will only be valid on the server, it will return -1 otherwise.
|
* the event was generated by the server, the value returned will be
|
||||||
|
* -1. This is not valid on the client, it will return -1 for all
|
||||||
|
* events there (it is primarily provided to allow for event-level
|
||||||
|
* access control).
|
||||||
*/
|
*/
|
||||||
public int getSourceOid ()
|
public int getSourceOid ()
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
//
|
//
|
||||||
// $Id: DObject.java,v 1.41 2002/03/19 01:10:02 mdb Exp $
|
// $Id: DObject.java,v 1.42 2002/03/20 03:19:51 mdb Exp $
|
||||||
|
|
||||||
package com.threerings.presents.dobj;
|
package com.threerings.presents.dobj;
|
||||||
|
|
||||||
@@ -178,6 +178,27 @@ public class DObject
|
|||||||
ListUtil.clear(_listeners, listener);
|
ListUtil.clear(_listeners, listener);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Provides this object with an entity that can be used to validate
|
||||||
|
* subscription requests and events before they are processed. The
|
||||||
|
* access controller is handy for ensuring that clients are behaving
|
||||||
|
* as expected and for preventing impermissible modifications or event
|
||||||
|
* dispatches on a distributed object.
|
||||||
|
*/
|
||||||
|
public void setAccessController (AccessController controller)
|
||||||
|
{
|
||||||
|
_controller = controller;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a reference to the access controller in use by this object
|
||||||
|
* or null if none has been configured.
|
||||||
|
*/
|
||||||
|
public AccessController getAccessController ()
|
||||||
|
{
|
||||||
|
return _controller;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* At times, an entity on the server may need to ensure that events it
|
* At times, an entity on the server may need to ensure that events it
|
||||||
* has queued up have made it through the event queue and are applied
|
* has queued up have made it through the event queue and are applied
|
||||||
@@ -262,9 +283,10 @@ public class DObject
|
|||||||
/**
|
/**
|
||||||
* Checks to ensure that the specified subscriber has access to this
|
* Checks to ensure that the specified subscriber has access to this
|
||||||
* object. This will be called before satisfying a subscription
|
* object. This will be called before satisfying a subscription
|
||||||
* request. By default objects are accessible to all subscribers, but
|
* request. If an {@link AccessController} has been specified for this
|
||||||
* certain objects may wish to implement more fine grained access
|
* object, it will be used to determine whether or not to allow the
|
||||||
* control.
|
* subscription request. If no controller is set, the subscription
|
||||||
|
* will be allowed.
|
||||||
*
|
*
|
||||||
* @param sub the subscriber that will subscribe to this object.
|
* @param sub the subscriber that will subscribe to this object.
|
||||||
*
|
*
|
||||||
@@ -273,14 +295,19 @@ public class DObject
|
|||||||
*/
|
*/
|
||||||
public boolean checkPermissions (Subscriber sub)
|
public boolean checkPermissions (Subscriber sub)
|
||||||
{
|
{
|
||||||
return true;
|
if (_controller != null) {
|
||||||
|
return _controller.allowSubscribe(this, sub);
|
||||||
|
} else {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks to ensure that this event which is about to be processed,
|
* Checks to ensure that this event which is about to be processed,
|
||||||
* has the appropriate permissions. By default objects accept all
|
* has the appropriate permissions. If an {@link AccessController} has
|
||||||
* manner of events, but certain objects may wish to implement more
|
* been specified for this object, it will be used to determine
|
||||||
* fine grained access control.
|
* whether or not to allow the even dispatch. If no controller is set,
|
||||||
|
* all events are allowed.
|
||||||
*
|
*
|
||||||
* @param event the event that will be dispatched, object permitting.
|
* @param event the event that will be dispatched, object permitting.
|
||||||
*
|
*
|
||||||
@@ -289,7 +316,11 @@ public class DObject
|
|||||||
*/
|
*/
|
||||||
public boolean checkPermissions (DEvent event)
|
public boolean checkPermissions (DEvent event)
|
||||||
{
|
{
|
||||||
return true;
|
if (_controller != null) {
|
||||||
|
return _controller.allowDispatch(this, event);
|
||||||
|
} else {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -648,6 +679,10 @@ public class DObject
|
|||||||
/** A reference to our object manager. */
|
/** A reference to our object manager. */
|
||||||
protected DObjectManager _omgr;
|
protected DObjectManager _omgr;
|
||||||
|
|
||||||
|
/** The entity that tells us if an event or subscription request
|
||||||
|
* should be allowed. */
|
||||||
|
protected AccessController _controller;
|
||||||
|
|
||||||
/** A list of outstanding locks. */
|
/** A list of outstanding locks. */
|
||||||
protected Object[] _locks;
|
protected Object[] _locks;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user