Permission Class for Your Application

Definition

Permission class for checking permissions in your application. This class extends the abstract java.security.Permission class.

Use

Implement this permission class to check for authorizations in your application. You have two options for implementing this class:

·        You can implement a permission class that extends one of the predefined classes provided by the UME.

·        You can implement a permission class that extends the java.security.BasicPermission class. In this case, you also have to implement the corresponding constructors and methods.

Implementation Using Predefined Classes

We provide several predefined classes that you can use instead of implementing these constructors and methods directly. See the table below:

Predefined Permissions

Permission

Definition

NamePermission

This permission class maps a permission name to a single action, for example:

Name=”ViewReservation”
Name=”CreateReservation”
Name=”CancelReservation”

ActionPermission

This permission class maps a permission name to multiple actions, for example:

Name=”Reservation”, Action=”view”
Name=”Reservation”, Action=”create”
Name=”Reservation”, Action=”cancel”

ValuePermission

This permission class maps a permission name to a value, for example:

Name=”Value”, Action=”25”
Name=”Min”, Action=”>50”
Name=”Max”, Action=”<100”

Implementation Using BasicPermission

If you do not use one of these predefined permission classes, implement a class that extends the java.security.BasicPermission class. In this case, you have to implement the constructors and the abstract methods accordingly.

·        Constructors

In your class, implement both constructors from the BasicPermission class. These are Name (string name)and Name (string name, string action).

·        Methods

The most important method that applies to your application’s permission class is implies (permission perm).

See the documentation for java.security.BasicPermission and java.security.Permission class for a complete list of the available methods.

Integration

Checking the Permissions

To check the permissions in your code, you can use either of the following methods:

·        checkPermission()

Checks whether the user is allowed to do the specific operation. If not, this is logged and an exception is thrown. Use this method to enforce that the user has the permission before performing a specific task.

·        hasPermission()

Similar to checkPermission(), but this method returns true or false instead of throwing an exception. Also, no logging occurs. Use this method to make decisions based on permissions, but without causing errors, for example, to hide areas on a page.

Example

See the following examples:

Example 1: Name Permission

package com.sap.engine.examples.permissions;
    
import com.sap.security.api.permissions.NamePermission;
    
public class TestPermission extends NamePermission {
    
    
public TestPermission(String name)
    {
        
super(name, null);
    }
}

Example 2: Action Permission

package com.sap.engine.examples.permissions;
    
import com.sap.security.api.permissions.ActionPermission;
    
public class TestPermission extends ActionPermission {
    
    
public TestPermission(String name, String action)
    {
        
super(name, action);
    }
}

Example 3: Checking an Action Permission using checkPermission

      try {

         user.checkPermission(new TestPermission("Reservation", "create"));

 

         <code to execute if successful>;

     

      } catch (AccessControlException e) {

         <error handling>;

      }