Annotation Type SecuredEntity
-
@Inherited @Retention(RUNTIME) public @interface SecuredEntity
The SecuredEntity annotation can be used on gateway network service objects (services, service methods, intents) to secure access in a way that plays into the generic security configuration system in the gateway. All registered service objects are scanned for annotations. Anything with this annotation defined will be registered with the gateway security manager, and will be made configurable though the Security section of the gateway.This system provides a great deal of functionality. If nothing else is specified, the user will be able to Allow or Deny access to the class, method, or intent that this is applied to.
If this annotation provides a configPropDescriptionFactory, that will be used to build a UI based on DescriptiveProperties for options that can be set for the particular Identity. Then, when a call is made from that identity, the user configured settings will be built into a map, and included in the SecurityContext of the call. If a configFactory is specified, that will be used to build a configuration object instead of a simple map. This can be very convenient for the service implementation, because it can do things like call "myCustomObject.verifyAccess(...call specific parameters...)", instead of having to implement the logic itself. This allows better reuse of security code across different method calls.
-
-
Field Summary
Fields Modifier and Type Fields Description static DescriptiveProperty<SecuredEntity.AccessLevel>
ACCESS_LEVEL
All SecuredEntities at least have an access level, if nothing else.static java.lang.String
KEY_CLASS_CONFIG
The configuration of a security entity is stored in the Security Context under this key.static java.lang.String
KEY_METHOD_CONFIG
-
Required Element Summary
Required Elements Modifier and Type Required Element Description java.lang.String
id
An id that is used to link this annotated object to its configuration.
-
Optional Element Summary
Optional Elements Modifier and Type Optional Element Description java.lang.Class<? extends SecuredEntity.ConfigFactory>
configFactory
If specified, this factory will be used to create a configuration object out of the defined properties that will be set on the security context.java.lang.Class<? extends SecuredEntity.ConfigPropDescriptionFactory>
configPropDescriptionFactory
If this entity has config properties that can be set, this class generates the description of them.SecuredEntity.AccessLevel
defaultAccessLevel
Defines the default access level for the entity, which can be overridden in the security settings.java.lang.String
descKey
Bundle key for a description of this restriction.java.lang.String
nameKey
Bundle key for the name of this restriction.
-
-
-
Field Detail
-
ACCESS_LEVEL
static final DescriptiveProperty<SecuredEntity.AccessLevel> ACCESS_LEVEL
All SecuredEntities at least have an access level, if nothing else.
-
-
Element Detail
-
id
java.lang.String id
An id that is used to link this annotated object to its configuration. Usually is unique throughout the system, though entities that share the same id will share the same settings. However, only one instance of the config is used, so the best practice is to define the SecuredEntity on a marker interface, and then have all of the objects implement it, so that there is only a single actual definition. Is not displayed, so may be a UUID or other non-friendly string.
-
-
-
configPropDescriptionFactory
java.lang.Class<? extends SecuredEntity.ConfigPropDescriptionFactory> configPropDescriptionFactory
If this entity has config properties that can be set, this class generates the description of them.- Default:
- com.inductiveautomation.ignition.gateway.gan.security.SecuredEntity.DefaultConfigPropDescriptionFactory.class
-
-
-
configFactory
java.lang.Class<? extends SecuredEntity.ConfigFactory> configFactory
If specified, this factory will be used to create a configuration object out of the defined properties that will be set on the security context. If not specified, the configured properties will be set on the SecurityContext as a map.- Default:
- com.inductiveautomation.ignition.gateway.gan.security.SecuredEntity.DefaultConfigFactory.class
-
-
-
defaultAccessLevel
SecuredEntity.AccessLevel defaultAccessLevel
Defines the default access level for the entity, which can be overridden in the security settings.- Default:
- com.inductiveautomation.ignition.gateway.gan.security.SecuredEntity.AccessLevel.Allow
-
-