001 /**
002 * Copyright 2005-2013 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.rice.kew.framework.document.security;
017
018 import org.kuali.rice.core.api.exception.RiceIllegalArgumentException;
019 import org.kuali.rice.kew.api.KewApiConstants;
020 import org.kuali.rice.kew.framework.KewFrameworkServiceLocator;
021
022 import javax.jws.WebMethod;
023 import javax.jws.WebParam;
024 import javax.jws.WebResult;
025 import javax.jws.WebService;
026 import javax.jws.soap.SOAPBinding;
027 import javax.xml.bind.annotation.XmlElement;
028 import javax.xml.bind.annotation.XmlElementWrapper;
029 import java.util.List;
030
031 /**
032 * A remotable service which handles processing of a client application's custom security processing of workflow
033 * documents.
034 *
035 * @author Kuali Rice Team (rice.collab@kuali.org)
036 */
037 @WebService(name = KewFrameworkServiceLocator.DOCUMENT_SECURITY_HANDLER_SERVICE, targetNamespace = KewApiConstants.Namespaces.KEW_NAMESPACE_2_0)
038 @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED)
039 public interface DocumentSecurityHandlerService {
040
041 /**
042 * Returns a list of document ids from the given list of document security directives for which the principal with
043 * the given principal id is allowed to view. Any document which is passed to this method as part of a document
044 * security directive which is not included in the list of document ids that is returned from this method should
045 * <strong>not</strong> be presented to the principal with the given principal id.
046 *
047 * <p>This method essentially invokes
048 * {@link DocumentSecurityAttribute#isAuthorizedForDocument(String, org.kuali.rice.kew.api.document.Document)}
049 * method for each of the security attributes supplied in the document security directives, passing the associated
050 * list of document ids.</p>
051 *
052 * @param principalId the id of the principal against which to perform the authorization
053 * @param documentSecurityDirectives the list of security directives which define the documents which should be
054 * checked for authorization and the name of the {@code DocumentSecurityAttribute} extensions against which to
055 * execute the authorization check.
056 *
057 * @return the list of document ids from the given document security directives for which the given principal is
058 * authorized, if a null or empty list is returned, that means that the given principal is not authorized to view
059 * information about any of the documents
060 *
061 * @throws RiceIllegalArgumentException if the given principalId is a null or blank value
062 * @throws RiceIllegalArgumentException if any of the security attributes defined in the given list of security
063 * directives cannot be located or loaded
064 */
065 @WebMethod(operationName = "getAuthorizedDocumentIds")
066 @WebResult(name = "authorizedDocumentIds")
067 @XmlElementWrapper(name = "authorizedDocumentIds", required = true)
068 @XmlElement(name = "documentId", required = false)
069 List<String> getAuthorizedDocumentIds(
070 @WebParam(name = "principalId") String principalId,
071 @WebParam(name = "documents") List<DocumentSecurityDirective> documentSecurityDirectives)
072 throws RiceIllegalArgumentException;
073
074 }