Dashboard > WG: Programmer's Cafe > ... > Sakai Framework Tips > Using the SecurityService
  WG: Programmer's Cafe Log In | Signup View a printable version of the current page.  
  Using the SecurityService
 Browse Space
Added by Aaron Zeckoski, last edited by Aaron Zeckoski on Nov 06, 2006  (view change)
Labels: 
(None)

Information

This explains basic usage of the Sakai SecurityService. This service is used to register new Authz (permission) groups.

Accessing the SecurityService

  • You can use Spring Framework to inject the service or use the cover
  1. Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
    1. Add the SecurityService bean to the bean for YourAppClass 
      <bean id="org.sakaiproject.yourapp.logic.YourAppClass"
		class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl">
	<property name="securityService"
		ref="org.sakaiproject.authz.api.SecurityService" />
</bean>
    2. Add a variable and setter to YourAppClass to use the service in like so: 
      private SecurityService securityService;
public void setSecurityService(SecurityService securityService) {
	this.securityService = securityService;
}
  2. Using the cover to get the service
    • Note: This is not the recommended method, you should be using Spring to inject the service
    1. Setup a variable to hold the instance from the cover 
      private SecurityService securityService;
    2. Get access to the service using the cover 
      securityService = org.sakaiproject.authz.cover.SecurityService.getInstance();

Checking a user's permission (checking if a user has a certain permission) in a site

  • Note: The reference could be a reference to any entity also
  1. Use the SiteService to get a site reference
  2. Use the SecurityService to check the permission (unlock) for the userId and reference 
    String siteRef = siteService.siteReference(siteId); // (1)
if (securityService.unlock(userId, "tool.permission", siteRef)) { // (2)
	// do something since this user has permission
}
    • Note: If you are using less than Sakai 2.2.x/2.3 then you have to get a User object with the UserDirectoryService instead of using a userId string

Checking if a user has global super admin permissions

  1. Use the SecurityService to check if the user is a super admin 
    if (securityService.isSuperUser(userId)) {
	// do something since this user has super admin permission
}
    • Note: There is also a method that checks for the current User but this method calls the UserDirectoryService so it is slower

Comments  (Hide)

Advice, it helps to really read these docs! They are great! But too bad they don't pop up in the javadocs when using Eclipse, because while passing around Strings is flexible and all, using a String for a siteId and using a String for a siteRef confuses new programmers like me. While the SecurityService javadoc tag does say "The resource reference string", I figured heck, I've got the unique id for the site, what else could it be talking about.

So, if you want to use the security service, really do get a siteRef first.

Finally, I wish that the security service would die a horrible death, rather than just spitting out a warning that is not helpful to someone with nearly zero knowledge of the code:

Feb 7, 2008 2:25:19 PM org.sakaiproject.authz.impl.DbAuthzGroupService$DbStorage isAllowed
WARNING: isAllowed(): called with no realms: lock: site.upd user: 11c3002b-1033-4243-802b-69838d5abf3e

Posted by James Marca at Feb 07, 2008 17:49
Site running on a free Atlassian Confluence Open Source Project License granted to Sakai Foundation. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.5 Build:#811 Jul 25, 2007) - Bug/feature request - Contact Administrators