User's Manual
Chapter 10.
Kernel Tutorial
This chapter discusses how to use permissioning and domain objects, answers frequently-asked ques-
tions about the WAF security mechanisms and API, and touches on extending the authentication
system. Please refer to Chapter 3 WAF Component: Kernel for more information about the concepts
used in these tutorials.
10.1. Permissions Tutorial
10.1.1. Granting Access
Granting access to a party is accomplished by creating a PermissionDescriptor and passing it to
PermissionService.grantPermission. The following example grants read privilege on MyAC-
SObject 50 to Group 5:
import com.arsdigita.kernel.permissions.PermissionService;
import com.arsdigita.kernel.permissions.PermissionDescriptor;
import com.arsdigita.kernel.permissions.PrivilegeDescriptor;
import com.arsdigita.persistence.OID;
OID acsObject = new OID("example.MyACSObject",
new BigDecimal(50));
OID party = new OID("com.arsdigita.kernel.Group", new BigDecimal(5));
PermissionDescriptor perm =
new PermissionDescriptor(PrivilegeDescriptor.READ,
acsObject, party);
PermissionService.grantPermission(perm);
The next example grants admin privilege on all objects to User 100:
import com.arsdigita.kernel.permissions.PermissionService;
import com.arsdigita.kernel.permissions.UniversalPermissionDescriptor;
import com.arsdigita.kernel.permissions.PrivilegeDescriptor;
import com.arsdigita.persistence.OID;
OID party = new OID("com.arsdigita.kernel.User", new BigDecimal(100));
PermissionDescriptor perm =
new UniversalPermissionDescriptor(PrivilegeDescriptor.ADMIN,
party);
PermissionService.grantPermission(perm);