PrincipalManager question.

Hi,
I have 1 quick question.

If I want to determine if the an Authorizable has a Principal  
(presumably witht the PrincipalManager), is there a way of doing this  
with the DefaultSecurityManager in JR15 and later, other than  
iterating through all the possible principals and searching for a match.
We have uses that have a lot of principals, and getting them and  
iterating is inefficient (IMHO), I would like to be able to perform a  
search

eg
/**
  * @param myPrincipal the principal to be checked
  * @param candidatePrincipal the principal that we are checking to  
see if myPrincipal has
  * @retrun true if myPrincipal has candidatePrincipal, false otherwise
  */
boolean principalManager.hasPrincipal(Principal myPrincipal, Principal  
candidatePrincipal)

Ideally I would like that to propagate through to the  
PrincipalProviders as this is really an search query that could be  
expensive.

Is there a way of achinving this *without* changing anyhing inside  
JR15 ?

Ian

hi ian

> If I want to determine if the an Authorizable has a Principal

what do you mean by "if an authorizable has a principal"?

in case you are referring to the fact that an authorizable
can have more than a single principal associated with it
there something like Authorizable#getPrincipals in the api.

see also Authorizable#addReferee and #removeReferee.

regards
angela

On 1 Jul 2009, at 13:59, Angela Schreiber wrote:

> hi ian
>
>> If I want to determine if the an Authorizable has a Principal
>
> what do you mean by "if an authorizable has a principal"?

I need to answer the question.

Is userA a member of groupB either directly or indirectly.

userA is a member of about 100 groups, the group hierarchy is several  
levels deep and some of the principals are come from custom  
PrincipalProvider implementations.


>
> in case you are referring to the fact that an authorizable
> can have more than a single principal associated with it
> there something like Authorizable#getPrincipals in the api.
>
> see also Authorizable#addReferee and #removeReferee.

thank you
Ian

> I need to answer the question.
>
> Is userA a member of groupB either directly or indirectly.
>
> userA is a member of about 100 groups, the group hierarchy is several
> levels deep and

group membership can be discovered using

Authorizable#memberOf()
Authorizable#declaredMemberOf()

> some of the principals are come from custom
> PrincipalProvider implementations.

if i'm not mistaken you can configure multiple principalproviders.

if an authorizable has multiple principals (!= group
membership) then Authorizable#getPrincipals() is the thing
you are looking for.

The principal(s) of an authorizable are retrieved from the
principalmanager that in the default setup has been created
using the configured providers.

angela

On 2 Jul 2009, at 09:31, Angela Schreiber wrote:

>
>> I need to answer the question.
>> Is userA a member of groupB either directly or indirectly.
>> userA is a member of about 100 groups, the group hierarchy is  
>> several levels deep and
>
> group membership can be discovered using
>
> Authorizable#memberOf()


makes sense

What I need is
Group#isMember(Authorizable)

Question answered, thank you (I cant believe I was so stupid not to  
see that)
Ian

> Authorizable#declaredMemberOf()
>
>> some of the principals are come from custom PrincipalProvider  
>> implementations.
>
> if i'm not mistaken you can configure multiple principalproviders.
>
> if an authorizable has multiple principals (!= group
> membership)

!= group membership was my mistake.

> then Authorizable#getPrincipals() is the thing
> you are looking for.
>
> The principal(s) of an authorizable are retrieved from the  
> principalmanager that in the default setup has been created
> using the configured providers.
>
> angela

> Question answered, thank you (I cant believe I was so stupid not to see
> that)

perfect. thanks for reporting back.