Package org.apache.derby.iapi.sql.conn
Interface Authorizer
- All Known Implementing Classes:
GenericAuthorizer
public interface Authorizer
The Authorizer verifies a connected user has the authorization
to perform a requested database operation using the current
connection.
Today no object based authorization is supported.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final int
static final int
static final int
static final int
static final int
static final int
static final int
static final int
database jar write operationstatic final int
static final int
static final int
static final int
static final int
database property write operationstatic final String
The public authorization ID is defined by the SQL2003 spec as implying all users.static final int
static final int
static final int
Any other SQL operationstatic final int
SQL CALL/VALUE operationstatic final int
SQL DDL operationstatic final int
SQL SELECT operationstatic final int
SQL write (insert,update,delete) operationstatic final String
The system authorization ID is defined by the SQL2003 spec as the grantor of privileges to object owners.static final int
static final int
static final int
-
Method Summary
Modifier and TypeMethodDescriptionvoid
authorize
(int operation) Verify the connected user is authorized to perform the requested operation.void
authorize
(List<StatementPermission> requiredPermissionsList, Activation activation) Verify the connected user possesses the indicated permissionsvoid
authorize
(Activation activation, int operation) Verify the connected user is authorized to perform the requested operation.boolean
Get the readOnly status for this authorizer's connection.void
refresh()
Refresh this authorizer to reflect a change in the database permissions.void
setReadOnlyConnection
(boolean on, boolean authorize) Set the readOnly status for this authorizer's connection.
-
Field Details
-
SQL_WRITE_OP
static final int SQL_WRITE_OPSQL write (insert,update,delete) operation- See Also:
-
SQL_SELECT_OP
static final int SQL_SELECT_OPSQL SELECT operation- See Also:
-
SQL_ARBITARY_OP
static final int SQL_ARBITARY_OPAny other SQL operation- See Also:
-
SQL_CALL_OP
static final int SQL_CALL_OPSQL CALL/VALUE operation- See Also:
-
SQL_DDL_OP
static final int SQL_DDL_OPSQL DDL operation- See Also:
-
PROPERTY_WRITE_OP
static final int PROPERTY_WRITE_OPdatabase property write operation- See Also:
-
JAR_WRITE_OP
static final int JAR_WRITE_OPdatabase jar write operation- See Also:
-
NULL_PRIV
static final int NULL_PRIV- See Also:
-
SELECT_PRIV
static final int SELECT_PRIV- See Also:
-
UPDATE_PRIV
static final int UPDATE_PRIV- See Also:
-
REFERENCES_PRIV
static final int REFERENCES_PRIV- See Also:
-
INSERT_PRIV
static final int INSERT_PRIV- See Also:
-
DELETE_PRIV
static final int DELETE_PRIV- See Also:
-
TRIGGER_PRIV
static final int TRIGGER_PRIV- See Also:
-
EXECUTE_PRIV
static final int EXECUTE_PRIV- See Also:
-
USAGE_PRIV
static final int USAGE_PRIV- See Also:
-
MIN_SELECT_PRIV
static final int MIN_SELECT_PRIV- See Also:
-
PRIV_TYPE_COUNT
static final int PRIV_TYPE_COUNT- See Also:
-
CREATE_SCHEMA_PRIV
static final int CREATE_SCHEMA_PRIV- See Also:
-
MODIFY_SCHEMA_PRIV
static final int MODIFY_SCHEMA_PRIV- See Also:
-
DROP_SCHEMA_PRIV
static final int DROP_SCHEMA_PRIV- See Also:
-
CREATE_ROLE_PRIV
static final int CREATE_ROLE_PRIV- See Also:
-
DROP_ROLE_PRIV
static final int DROP_ROLE_PRIV- See Also:
-
SYSTEM_AUTHORIZATION_ID
The system authorization ID is defined by the SQL2003 spec as the grantor of privileges to object owners.- See Also:
-
PUBLIC_AUTHORIZATION_ID
The public authorization ID is defined by the SQL2003 spec as implying all users.- See Also:
-
-
Method Details
-
authorize
Verify the connected user is authorized to perform the requested operation. This variation should only be used with operations that do not use tables or routines. If the operation involves tables or routines then use the variation of the authorize method that takes an Activation parameter. The activation holds the table, column, and routine lists.- Parameters:
operation
- the enumeration code for the requsted operation.- Throws:
StandardException
- Thrown if the operation is not allowed
-
authorize
Verify the connected user is authorized to perform the requested operation.- Parameters:
activation
- holds the list of tables, columns, and routines used.operation
- the enumeration code for the requsted operation.- Throws:
StandardException
- Thrown if the operation is not allowed
-
authorize
void authorize(List<StatementPermission> requiredPermissionsList, Activation activation) throws StandardException Verify the connected user possesses the indicated permissions- Parameters:
requiredPermissionsList
- the required permissionsactivation
- holds the execution logic- Throws:
StandardException
- Thrown if the operation is not allowed
-
isReadOnlyConnection
boolean isReadOnlyConnection()Get the readOnly status for this authorizer's connection. -
setReadOnlyConnection
Set the readOnly status for this authorizer's connection.- Parameters:
on
- true means set the connection to read only mode, false means set the connection to read wrte mode.authorize
- true means to verify the caller has authority to set the connection and false means do not check.- Throws:
StandardException
- Oops not allowed.
-
refresh
Refresh this authorizer to reflect a change in the database permissions.- Throws:
StandardException
- Oops.
-