Using the SecurityService
Information
This explains basic usage of the Sakai SecurityService. This service is used to register new Authz (permission) groups.
- Trunk javadocs:
- Trunk source location: https://source.sakaiproject.org/svn/authz/trunk/
Accessing the SecurityService
- You can use Spring Framework to inject the service or use the cover
- Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
- Add the SecurityService bean to the bean for YourAppClass
<bean id="org.sakaiproject.yourapp.logic.YourAppClass" class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl"> <property name="securityService" ref="org.sakaiproject.authz.api.SecurityService" /> </bean>
- Add a variable and setter to YourAppClass to use the service in like so:
private SecurityService securityService; public void setSecurityService(SecurityService securityService) { this.securityService = securityService; }
- Add the SecurityService bean to the bean for YourAppClass
- Using the Component Manager to get the service
- Note: This is not the recommended method, you should be using Spring to inject the service
- Use the CM cover to get the service
import org.sakaiproject.component.cover.ComponentManager; import org.sakaiproject.authz.api.SecurityService; ... private SecurityService securityService; ... securityService = (SecurityService) ComponentManager.get(SecurityService.class);
Checking a user's permission (checking if a user has a certain permission) in a site
- Note: The reference could be a reference to any entity also
- Use the SiteService to get a site reference
- Use the SecurityService to check the permission (unlock) for the userId and reference
String siteRef = siteService.siteReference(siteId); // (1) if (securityService.unlock(userId, "tool.permission", siteRef)) { // (2) // do something since this user has permission }
- Note: If you are using less than Sakai 2.2.x/2.3 then you have to get a User object with the UserDirectoryService instead of using a userId string
Checking if a user has global super admin permissions
- Use the SecurityService to check if the user is a super admin
if (securityService.isSuperUser(userId)) { // do something since this user has super admin permission }
- Note: There is also a method that checks for the current User but this method calls the UserDirectoryService so it is slower