|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AuthorizationManager
Generalized Authorization Manager Interface.
Replaces the legacy RealmMapping interface
RealmMapping
Method Summary | ||
---|---|---|
int |
authorize(Resource resource)
Authorize a resource Note: The implementation will try to derive the authenticated subject by some means |
|
int |
authorize(Resource resource,
Identity identity,
Permission permission)
Authorize access to the resource if the specified identity has the proper permissions. |
|
int |
authorize(Resource resource,
Subject subject)
Authorize a resource for an authenticated subject |
|
int |
authorize(Resource resource,
Subject subject,
Group roleGroup)
Authorize a resource given a Group of Principals representing roles |
|
int |
authorize(Resource resource,
Subject subject,
RoleGroup role)
Authorize a resource given a role |
|
boolean |
doesUserHaveRole(Principal principal,
Set<Principal> roles)
Validates the application domain roles to which the operational environment Principal belongs. |
|
|
getEntitlements(Class<T> clazz,
Resource resource,
Identity identity)
Instance Based Security Get all the entitlements assigned to the components of a Resource |
|
RoleGroup |
getSubjectRoles(Subject authenticatedSubject,
CallbackHandler cbh)
Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domain |
|
Group |
getTargetRoles(Principal targetPrincipal,
Map<String,Object> contextMap)
Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal |
|
Set<Principal> |
getUserRoles(Principal principal)
Deprecated. |
Methods inherited from interface org.jboss.security.BaseSecurityManager |
---|
getSecurityDomain |
Method Detail |
---|
int authorize(Resource resource) throws AuthorizationException
resource
- Resource to be authorized
AuthorizationException
int authorize(Resource resource, Subject subject) throws AuthorizationException
resource
- Resource to be authorizedsubject
- Authenticated Subject
AuthorizationException
int authorize(Resource resource, Subject subject, RoleGroup role) throws AuthorizationException
resource
- subject
- the authenticated subjectrole
- a role (which can be a nested role)
AuthorizationException
int authorize(Resource resource, Subject subject, Group roleGroup) throws AuthorizationException
resource
- subject
- the authenticated subjectroleGroup
-
AuthorizationException
int authorize(Resource resource, Identity identity, Permission permission) throws AuthorizationException
Authorize access to the resource if the specified identity has the proper permissions.
resource
- the Resource
being accessed.identity
- the Identity
trying to access the resource.permission
- the permissions required for access to be granted.
AuthorizationContext#PERMIT
if access has been granted; AuthorizationContext#DENY
otherwise.
AuthorizationException
- if an error occurs while authorizing access to the resource.<T> EntitlementHolder<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity) throws AuthorizationException
clazz
- Defines the class type of the entitlementsresource
- A Resource (Can be a Portal Resource, a Rules Resource)identity
- The Identity against whom the entitlements need to be generated
AuthorizationException
boolean doesUserHaveRole(Principal principal, Set<Principal> roles)
principal
- the caller principal as known in the operation environment.roles
- The SetRoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
authenticatedSubject
- cbh
- a CallbackHandler that can be used by the AuthorizationManager to obtain essentials such as
SecurityContext etc
@Deprecated Set<Principal> getUserRoles(Principal principal)
Group getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)
targetPrincipal
- Principal applicable in current domaincontextMap
- Read-Only Contextual Information that may be useful for the implementation in determining the
roles.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |