Security

Complete a security extension class

We will present here a simple example of the realization of a security extension class. It will allow you to manage a specific function of rights management for the restitution of indexed documents.

Basic security extension class

com.axemble.axvdocsearch.extensions.implementation.ISecurityExtension.VDocSecurityExtension: this class uses SDK security management to filter search results. We are going to inherit from this class to create our own security class.

com.axemble.axvdocsearch.extensions.implementation.security.VDocSecurityExtension: this class uses SDK security management to filter search results. We are going to inherit from this class to create our own security class.

The context of this interface

Here you will have in context:

  • Some parameters
  • The logged in user
  • The Search object which will bring together all the configuration established in the XML file

IsAllowed Method

This is the one and only interface method. It allows you to set whether a given user will have the right to view or not a document retrieved from the index.

You will have all the necessary information in the Document and you will be able to develop your security functionality and return a Boolean value.

A very simple example of an extension security class

package com.moovapps;

import com.axemble.axvdocsearch.core.beans.Document;
import com.axemble.axvdocsearch.extensions.implementation.ISecurityExtension.VDocSecurityExtension;
import com.axemble.vdoc.sdk.Modules;
import com.axemble.vdoc.sdk.interfaces.IGroup;
import com.axemble.vdoc.sdk.interfaces.IOrganization;
import com.axemble.vdoc.sdk.modules.IDirectoryModule;
import com.axemble.vdoc.sdk.modules.IPortalModule;

public class ExempleVDocSecurityExtension extends VDocSecurityExtension {
	/** the default class logger */
	private static com.axemble.vdoc.sdk.utils.Logger log = com.axemble.vdoc.sdk.utils.Logger.getLogger(ExempleVDocSecurityExtension.class);

	@Override
	public boolean isAllowed(Document document) throws Exception 	{
		IPortalModule portalModule = Modules.getPortalModule();
		IDirectoryModule directoryModule = Modules.getDirectoryModule();
		IOrganization iOrganization = directoryModule.getOrganization(portalModule.getContextByLogin("sysadmin"), "DefaultOrganization");
		IGroup iGroup = directoryModule.getGroup(portalModule.getContextByLogin("sysadmin"), iOrganization, "grpA");

		try 		{
			// we only show the result to the members of the "grpA" and to the sysadmin
			if (user.isSysadmin()) {
				return true;
			} else if (user.isMemberOf(iGroup, false)) {
				return true;
			}
		} catch (Exception e) {
			log.error(e);
		} finally {
			Modules.releaseModule(portalModule);
			Modules.releaseModule(directoryModule);
		}
		return false;
	}
}
package com.moovapps;

import com.axemble.axvdocsearch.core.beans.Document;
import com.axemble.axvdocsearch.extensions.implementation.security.VDocSecurityExtension;
import com.axemble.vdoc.sdk.Modules;
import com.axemble.vdoc.sdk.interfaces.IGroup;
import com.axemble.vdoc.sdk.interfaces.IOrganization;
import com.axemble.vdoc.sdk.modules.IDirectoryModule;
import com.axemble.vdoc.sdk.modules.IPortalModule;

public class ExempleVDocSecurityExtension extends VDocSecurityExtension {
	/** the default class logger */
	private static com.axemble.vdoc.sdk.utils.Logger log = com.axemble.vdoc.sdk.utils.Logger.getLogger(ExempleVDocSecurityExtension.class);

	@Override
	public boolean isAllowed(Document document) throws Exception 	{
		IPortalModule portalModule = Modules.getPortalModule();
		IDirectoryModule directoryModule = Modules.getDirectoryModule();
		IOrganization iOrganization = directoryModule.getOrganization(portalModule.getContextByLogin("sysadmin"), "DefaultOrganization");
		IGroup iGroup = directoryModule.getGroup(portalModule.getContextByLogin("sysadmin"), iOrganization, "grpA");

		try 		{
			// we only show the result to the members of the "grpA" and to the sysadmin
			if (user.isSysadmin()) {
				return true;
			} else if (user.isMemberOf(iGroup, false)) {
				return true;
			}
		} catch (Exception e) {
			log.error(e);
		} finally {
			Modules.releaseModule(portalModule);
			Modules.releaseModule(directoryModule);
		}
		return false;
	}
}

An example of XML configuration

Here is a possible XML configuration:

<search name="SubWorkFlowInstanceTableSearch"
    label="LG_SubWorkFlowInstanceTableSearch" 
    sourceIndexes="SubWorkFlowInstanceTableIndex" 
    extension="" 
    securityExtension="com.vdoc.ExempleVDocSecurityExtension" 
    fullTextInput="true" 
    defaultViewRowsPerPage="10" 
    linkable="true" 
    autoExecuteSearch="true">
    
    <customtag name="ChText2" type="text" label="ChText2"/>
    <customtag name="nombre" type="number" label="nombre"/>

    <view linksTarget="_blank" toolTips="" showReference="true" showTitle="false">
        <column name="ChText2" type="text"  label="ChText2" />
        <column name="nombre" type="number" label="nombre" />
    </view>
</search>

Source : https://wiki.myvdoc.net/xwiki/bin/view/Dev+Floor/HowToMakeASecurityExtension