1 /** 2 * Copyright 2005-2012 The Kuali Foundation 3 * 4 * Licensed under the Educational Community License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.opensource.org/licenses/ecl2.php 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package org.kuali.rice.kew.framework.document.security; 17 18 import org.kuali.rice.core.api.exception.RiceIllegalArgumentException; 19 import org.kuali.rice.kew.api.KewApiConstants; 20 import org.kuali.rice.kew.framework.KewFrameworkServiceLocator; 21 22 import javax.jws.WebMethod; 23 import javax.jws.WebParam; 24 import javax.jws.WebResult; 25 import javax.jws.WebService; 26 import javax.jws.soap.SOAPBinding; 27 import javax.xml.bind.annotation.XmlElement; 28 import javax.xml.bind.annotation.XmlElementWrapper; 29 import java.util.List; 30 31 /** 32 * A remotable service which handles processing of a client application's custom security processing of workflow 33 * documents. 34 * 35 * @author Kuali Rice Team (rice.collab@kuali.org) 36 */ 37 @WebService(name = KewFrameworkServiceLocator.DOCUMENT_SECURITY_HANDLER_SERVICE, targetNamespace = KewApiConstants.Namespaces.KEW_NAMESPACE_2_0) 38 @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED) 39 public interface DocumentSecurityHandlerService { 40 41 /** 42 * Returns a list of document ids from the given list of document security directives for which the principal with 43 * the given principal id is allowed to view. Any document which is passed to this method as part of a document 44 * security directive which is not included in the list of document ids that is returned from this method should 45 * <strong>not</strong> be presented to the principal with the given principal id. 46 * 47 * <p>This method essentially invokes 48 * {@link DocumentSecurityAttribute#isAuthorizedForDocument(String, org.kuali.rice.kew.api.document.Document)} 49 * method for each of the security attributes supplied in the document security directives, passing the associated 50 * list of document ids.</p> 51 * 52 * @param principalId the id of the principal against which to perform the authorization 53 * @param documentSecurityDirectives the list of security directives which define the documents which should be 54 * checked for authorization and the name of the {@code DocumentSecurityAttribute} extensions against which to 55 * execute the authorization check. 56 * 57 * @return the list of document ids from the given document security directives for which the given principal is 58 * authorized, if a null or empty list is returned, that means that the given principal is not authorized to view 59 * information about any of the documents 60 * 61 * @throws RiceIllegalArgumentException if the given principalId is a null or blank value 62 * @throws RiceIllegalArgumentException if any of the security attributes defined in the given list of security 63 * directives cannot be located or loaded 64 */ 65 @WebMethod(operationName = "getAuthorizedDocumentIds") 66 @WebResult(name = "authorizedDocumentIds") 67 @XmlElementWrapper(name = "authorizedDocumentIds", required = true) 68 @XmlElement(name = "documentId", required = false) 69 List<String> getAuthorizedDocumentIds( 70 @WebParam(name = "principalId") String principalId, 71 @WebParam(name = "documents") List<DocumentSecurityDirective> documentSecurityDirectives) 72 throws RiceIllegalArgumentException; 73 74 }