--- /dev/null
+/*\r
+\r
+ Derby - Class org.apache.derby.iapi.sql.conn.Authorizer\r
+\r
+ Licensed to the Apache Software Foundation (ASF) under one or more\r
+ contributor license agreements. See the NOTICE file distributed with\r
+ this work for additional information regarding copyright ownership.\r
+ The ASF licenses this file to you under the Apache License, Version 2.0\r
+ (the "License"); you may not use this file except in compliance with\r
+ the License. You may obtain a copy of the License at\r
+\r
+ http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+ Unless required by applicable law or agreed to in writing, software\r
+ distributed under the License is distributed on an "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ See the License for the specific language governing permissions and\r
+ limitations under the License.\r
+\r
+ */\r
+\r
+package org.apache.derby.iapi.sql.conn;\r
+\r
+import org.apache.derby.iapi.sql.Activation;\r
+import org.apache.derby.iapi.error.StandardException;\r
+/**\r
+ The Authorizer verifies a connected user has the authorization \r
+ to perform a requested database operation using the current\r
+ connection.\r
+\r
+ <P>\r
+ Today no object based authorization is supported.\r
+ */\r
+public interface Authorizer\r
+{\r
+ /** SQL write (insert,update,delete) operation */\r
+ public static final int SQL_WRITE_OP = 0;\r
+ /** SQL SELECT operation */\r
+ public static final int SQL_SELECT_OP = 1;\r
+ /** Any other SQL operation */\r
+ public static final int SQL_ARBITARY_OP = 2;\r
+ /** SQL CALL/VALUE operation */\r
+ public static final int SQL_CALL_OP = 3;\r
+ /** SQL DDL operation */\r
+ public static final int SQL_DDL_OP = 4;\r
+ /** database property write operation */\r
+ public static final int PROPERTY_WRITE_OP = 5;\r
+ /** database jar write operation */ \r
+ public static final int JAR_WRITE_OP = 6;\r
+ \r
+ /* Privilege types for SQL standard (grant/revoke) permissions checking. */\r
+ public static final int NULL_PRIV = -1;\r
+ public static final int SELECT_PRIV = 0;\r
+ public static final int UPDATE_PRIV = 1;\r
+ public static final int REFERENCES_PRIV = 2;\r
+ public static final int INSERT_PRIV = 3;\r
+ public static final int DELETE_PRIV = 4;\r
+ public static final int TRIGGER_PRIV = 5;\r
+ public static final int EXECUTE_PRIV = 6;\r
+ public static final int PRIV_TYPE_COUNT = 7;\r
+\r
+ /* Used to check who can create schemas or who can modify objects in schema */\r
+ public static final int CREATE_SCHEMA_PRIV = 16;\r
+ public static final int MODIFY_SCHEMA_PRIV = 17;\r
+ public static final int DROP_SCHEMA_PRIV = 18;\r
+ \r
+ /**\r
+ * The system authorization ID is defined by the SQL2003 spec as the grantor\r
+ * of privileges to object owners.\r
+ */\r
+ public static final String SYSTEM_AUTHORIZATION_ID = "_SYSTEM";\r
+\r
+ /**\r
+ * The public authorization ID is defined by the SQL2003 spec as implying all users.\r
+ */\r
+ public static final String PUBLIC_AUTHORIZATION_ID = "PUBLIC";\r
+\r
+ /**\r
+ Verify the connected user is authorized to perform the requested\r
+ operation.\r
+\r
+ This variation should only be used with operations that do not use tables\r
+ or routines. If the operation involves tables or routines then use the\r
+ variation of the authorize method that takes an Activation parameter. The\r
+ activation holds the table, column, and routine lists.\r
+\r
+ @param operation the enumeration code for the requsted operation.\r
+\r
+ @exception StandardException Thrown if the operation is not allowed\r
+ */\r
+ public void authorize( int operation) throws StandardException;\r
+ \r
+ /**\r
+ Verify the connected user is authorized to perform the requested\r
+ operation.\r
+\r
+ @param activation holds the list of tables, columns, and routines used.\r
+ @param operation the enumeration code for the requsted operation.\r
+\r
+ @exception StandardException Thrown if the operation is not allowed\r
+ */\r
+ public void authorize(Activation activation, int operation)\r
+ throws StandardException;\r
+\r
+ /**\r
+ Get the Authorization ID for this Authorizer.\r
+ */\r
+ public String getAuthorizationId();\r
+\r
+ /**\r
+ Get the readOnly status for this authorizer's connection.\r
+ */\r
+ public boolean isReadOnlyConnection();\r
+\r
+ /**\r
+ Set the readOnly status for this authorizer's connection.\r
+ @param on true means set the connection to read only mode,\r
+ false means set the connection to read wrte mode.\r
+ @param authorize true means to verify the caller has authority\r
+ to set the connection and false means do not check. \r
+ @exception StandardException Oops not allowed.\r
+ */\r
+ public void setReadOnlyConnection(boolean on, boolean authorize)\r
+ throws StandardException;\r
+\r
+ /**\r
+ Refresh this authorizer to reflect a change in the database\r
+ permissions.\r
+ \r
+ @exception AuthorizerSessionException Connect permission gone.\r
+ @exception StandardException Oops.\r
+ */\r
+ public void refresh() throws StandardException; \r
+}\r