com.sun.faban.harness.security
Class AccessController

java.lang.Object
  extended by com.sun.faban.harness.security.AccessController

public class AccessController
extends Object

The access controller that gets checked for accessing Faban resources in secure mode. It represents the access rules for accessing Faban. Due to the ever-changing number of Faban resources, we found the java.security.acl package not very suitable for Faban access control and therefore we implement our own simplified version.


Constructor Summary
AccessController()
           
 
Method Summary
static boolean isKillAllowed(String cliUser, String resource)
          Checks whether the CLI user (no subject) us allowed to kill tge run.
static boolean isKillAllowed(Subject user, String resource)
          Checks whether the user is allowed to kill the run.
static boolean isManageAllowed(Subject user)
          Checks whether the user is allowed to manage at least one benchmark.
static boolean isManageAllowed(Subject user, String resource)
          Checks whether the user is allowed to manage the given benchmark.
static boolean isRigManageAllowed(Subject user)
          Checks whether the user is allowed to manage the rig, such as stopping or restarting run queues.
static boolean isSubmitAllowed(Subject user)
          Checks whether the user can submit runs in at least one of the deployed benchmarks.
static boolean isSubmitAllowed(Subject user, String resource)
          Checks whether the user can submit runs for the given benchmark.
static boolean isViewAllowed(Subject user)
          Checks whether the user can view at least one run result.
static boolean isViewAllowed(Subject user, String resource)
          Checks whether the user can view the given run result.
static boolean isWriteAllowed(Subject user)
          Checks whether the user is allowed to add comments to at least one run.
static boolean isWriteAllowed(Subject user, String resource)
          Checks whether the user is allowed to add comments on the given run.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AccessController

public AccessController()
Method Detail

isSubmitAllowed

public static boolean isSubmitAllowed(Subject user)
Checks whether the user can submit runs in at least one of the deployed benchmarks.

Parameters:
user - The user in question
Returns:
True, if allowed to submit runs, false otherwise

isSubmitAllowed

public static boolean isSubmitAllowed(Subject user,
                                      String resource)
Checks whether the user can submit runs for the given benchmark.

Parameters:
user - The user in question
resource - The benchmark short name
Returns:
True, if allowed to submit runs, false otherwise

isViewAllowed

public static boolean isViewAllowed(Subject user)
Checks whether the user can view at least one run result.

Parameters:
user - The user in question
Returns:
True, if allowed to view results, false otherwise

isViewAllowed

public static boolean isViewAllowed(Subject user,
                                    String resource)
Checks whether the user can view the given run result.

Parameters:
user - The user in question
resource - The run id of the run
Returns:
True, if allowed to view results, false otherwise

isRigManageAllowed

public static boolean isRigManageAllowed(Subject user)
Checks whether the user is allowed to manage the rig, such as stopping or restarting run queues.

Parameters:
user - The user in question
Returns:
True, if allowed to manage the rig, false otherwise.

isManageAllowed

public static boolean isManageAllowed(Subject user)
Checks whether the user is allowed to manage at least one benchmark.

Parameters:
user - The user in question
Returns:
True, if allowed to manage a benchmark, false otherwise

isManageAllowed

public static boolean isManageAllowed(Subject user,
                                      String resource)
Checks whether the user is allowed to manage the given benchmark.

Parameters:
user - The user in question
resource - The short name of the benchmark
Returns:
True, if allowed to manage the benchmark, false otherwise

isWriteAllowed

public static boolean isWriteAllowed(Subject user)
Checks whether the user is allowed to add comments to at least one run.

Parameters:
user - The user in question
Returns:
True, if allowed to add comments, false otherwise

isWriteAllowed

public static boolean isWriteAllowed(Subject user,
                                     String resource)
Checks whether the user is allowed to add comments on the given run.

Parameters:
user - The user in question
resource - The run id of the run
Returns:
True, if allowed to add comments to this run, false otherwise

isKillAllowed

public static boolean isKillAllowed(Subject user,
                                    String resource)
Checks whether the user is allowed to kill the run.

Parameters:
user - The user in question
resource - The run id of the run in the queue
Returns:
True if allowed to remove the run from the queue, false otherwise

isKillAllowed

public static boolean isKillAllowed(String cliUser,
                                    String resource)
Checks whether the CLI user (no subject) us allowed to kill tge run.

Parameters:
cliUser - The user name of the CLI user
resource - The referenced resource
Returns:
True if allowed, false otherwise