Rules for applying customized security API

The following are rules for applying customized security API:

• AuthenticationProvider is a core interface and must be implemented. It is first loaded when JReport Enterprise Server loads a customized security API.
• There are dependency relationships among some interfaces:

  Interfaces PermissionProvider and PrivilegeProvider depend on the corresponding principal interface provider. For example, the prerequisite for applying a customized UserPermissionProvider is that a customized UserProvider has been applied.

  Interface RelationProvider depends on both the corresponding principal interfaces. For example, the prerequisite for applying a customized GroupUserRelationProvider is that a customized UserProvider and GroupProvider have been applied.

• If you partly implement the security API, the JReport Enterprise Server will automatically provide implementation of some missed but required interfaces, in order to build an integrated security system. Below are the rules:
  • If customized implementations of Providers have not been applied, the JReport Enterprise Server will apply built-in implementations of these Providers, including: AuthorizationProvider, UserProvider, GroupProvider, RoleProvider, GroupUserRelationProvider, RoleGroupRelationProvider, and RoleUserRelationProvider.
  • If you have applied a PermissionProvider or PrivilegeProvider, but not applied an AuthorizationProvider, the JReport Enterprise Server will apply the built-in implementation of the AuthorizationProvider.
• If you have applied an AuthorizationProvider, but not applied a PermissionProvider or PrivilegeProvider, for example, UserPermissionProvider or UserPrivilegeProvider, the JReport Enterprise Server will not apply the built-in implementation of the PermissionProvider or PrivilegeProvider.