OACC v2.0.0-rc.2

Release date: 2015-03-23

Summary of changes in this release:

• replaces the checked AccessControlException with hierarchy of unchecked exceptions
• enhances permission verification API with boolean has-permission methods and updates all verification methods to accept multiple permissions, as well as to consistently provide overloaded versions with optional accessorResource and/or domainName arguments
• renames getResourcesByResourcePermissions() to getResourcesByResourcePermissionsAndDomain() when it takes a domainName argument
• updates method signatures to always place domainName parameter directly after resourceClassName parameter, where applicable
• updates resource getters (getResourcesByResourcePermissions and getAccessorResourcesByResourcePermissions) to accept multiple permissions
• adds resource class and domain as arguments to AuthenticationProvider.validateCredentials() for more context
• adds parameter validation to API methods to assert that accessor resource arguments reference an existing resource
• refactors parameter validation in API methods to be slightly more consistent by validating in the order of the method signature
• fixes several bugs, as described in more detail below
• updates test suite for the aforementioned API changes
• updates Javadoc comments with the aforementioned API changes

Summary of API changes:

• Exception handling
  • replaces the checked AccessControlException with more nuanced hierarchy of unchecked exceptions (including more structured and consistent exception messages)
• Permission verification
  • changes the assert methods based on a redesign that makes them consistent with the effective permission getters: now assert methods for each type of permission are overloaded with optional accessor resource and/or domain name arguments
  • introduces new kind of permission verification method: the has-permission method, which returns a boolean instead of throwing an exception; there is a has-permission method as an alternative for each of the assert methods
  • updates the assert and has-permission methods to accept permissions as (one or more) varargs, instead of a just single permission
• Method signatures
  • updates method signatures to always place domainName parameter directly after resourceClassName parameter, where applicable
  • updates resource getters (getResourcesByResourcePermissions and getAccessorResourcesByResourcePermissions) to accept permissions as (one or more) varargs, instead of just a single permission
  • renames the getResourcesByResourcePermissions-methods with a domain name argument to getResourcesByResourcePermissionsAndDomain, to distinguish them from the getResourcesByResourcePermissions-methods without a domain name argument, which return results across all domains
  • adds resource class and domain as arguments to AuthenticationProvider.validateCredentials() for more context
• Parameter validation
  • adds parameter validation to API methods to assert that accessor resource arguments reference an existing resource
  • refactors method parameter validation to be slightly more consistent by validating in the order of the method signature

Bug fixes:

• fixes internal permission validation method to ensure RESET_CREDENTIALS and IMPERSONATE are only valid for authenticatable resource classes
• fixes setResourcePermissions() to prevent an INHERIT cycle from a resource to itself
• fixes createResource() to now assert session is authenticated when called without domain name arguments (because it will implicitly use the session resource domain in those cases)
• fixes internal has-permission helper methods to remove redundant check for global permissions after checking effective permissions

Corresponding oacc-db release:
The version of the oacc-db database configuration scripts to be used with this release can be found here.