Information
This explains basic usage of the Sakai SecurityService. This service is used to register new Authz (permission) groups.
- Trunk javadocs:
- Trunk source location: https://source.sakaiproject.org/svn/authz/trunk/
Accessing the SecurityService
- You can use Spring Framework to inject the service or use the cover
- Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
- Add the SecurityService bean to the bean for YourAppClass
<bean id="org.sakaiproject.yourapp.logic.YourAppClass" class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl"> <property name="securityService" ref="org.sakaiproject.authz.api.SecurityService" /> </bean>
- Add a variable and setter to YourAppClass to use the service in like so:
private SecurityService securityService; public void setSecurityService(SecurityService securityService) { this.securityService = securityService; }
- Add the SecurityService bean to the bean for YourAppClass
- Using the cover to get the service
- Note: This is not the recommended method, you should be using Spring to inject the service
- Setup a variable to hold the instance from the cover
private SecurityService securityService; - Get access to the service using the cover
securityService = org.sakaiproject.authz.cover.SecurityService.getInstance();
Checking a user's permission (checking if a user has a certain permission) in a site
- Note: The reference could be a reference to any entity also
- Use the SiteService to get a site reference
- Use the SecurityService to check the permission (unlock) for the userId and reference
String siteRef = siteService.siteReference(siteId); // (1) if (securityService.unlock(userId, "tool.permission", siteRef)) { // (2) // do something since this user has permission }
- Note: If you are using less than Sakai 2.2.x/2.3 then you have to get a User object with the UserDirectoryService instead of using a userId string
Checking if a user has global super admin permissions
- Use the SecurityService to check if the user is a super admin
if (securityService.isSuperUser(userId)) { // do something since this user has super admin permission }
- Note: There is also a method that checks for the current User but this method calls the UserDirectoryService so it is slower
Comments (1)
Feb 07, 2008
James Marca says:
Advice, it helps to really read these docs! They are great! But too bad they don...Advice, it helps to really read these docs! They are great! But too bad they don't pop up in the javadocs when using Eclipse, because while passing around Strings is flexible and all, using a String for a siteId and using a String for a siteRef confuses new programmers like me. While the SecurityService javadoc tag does say "The resource reference string", I figured heck, I've got the unique id for the site, what else could it be talking about.
So, if you want to use the security service, really do get a siteRef first.
Finally, I wish that the security service would die a horrible death, rather than just spitting out a warning that is not helpful to someone with nearly zero knowledge of the code:
Feb 7, 2008 2:25:19 PM org.sakaiproject.authz.impl.DbAuthzGroupService$DbStorage isAllowed
WARNING: isAllowed(): called with no realms: lock: site.upd user: 11c3002b-1033-4243-802b-69838d5abf3e