JBoss Security SPI - Aggregator 2.0.4.SP8

org.jboss.security
Interface AuthorizationManager

All Superinterfaces:
BaseSecurityManager

public interface AuthorizationManager
extends BaseSecurityManager

Generalized Authorization Manager Interface.

Replaces the legacy RealmMapping interface

Since:
Jan 2, 2006
Version:
$Revision: 80623 $
Author:
Anil Saldhana
See Also:
RealmMapping

Method Summary
 int authorize(Resource resource)
          Authorize a resource Note: The implementation will try to derive the authenticated subject by some means
 int authorize(Resource resource, Identity identity, Permission permission)
           Authorize access to the resource if the specified identity has the proper permissions.
 int authorize(Resource resource, Subject subject)
          Authorize a resource for an authenticated subject
 int authorize(Resource resource, Subject subject, Group roleGroup)
          Authorize a resource given a Group of Principals representing roles
 int authorize(Resource resource, Subject subject, RoleGroup role)
          Authorize a resource given a role
 boolean doesUserHaveRole(Principal principal, Set<Principal> roles)
          Validates the application domain roles to which the operational environment Principal belongs.
<T> EntitlementHolder<T>
getEntitlements(Class<T> clazz, Resource resource, Identity identity)
          Instance Based Security Get all the entitlements assigned to the components of a Resource
 RoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
          Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domain
 Group getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)
          Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal
 Set<Principal> getUserRoles(Principal principal)
          Deprecated.  
 
Methods inherited from interface org.jboss.security.BaseSecurityManager
getSecurityDomain
 

Method Detail

authorize

int authorize(Resource resource)
              throws AuthorizationException
Authorize a resource Note: The implementation will try to derive the authenticated subject by some means

Parameters:
resource - Resource to be authorized
Returns:
AuthorizationContext.PERMIT or AuthorizationContext.DENY
Throws:
AuthorizationException

authorize

int authorize(Resource resource,
              Subject subject)
              throws AuthorizationException
Authorize a resource for an authenticated subject

Parameters:
resource - Resource to be authorized
subject - Authenticated Subject
Returns:
AuthorizationContext.PERMIT or AuthorizationContext.DENY
Throws:
AuthorizationException

authorize

int authorize(Resource resource,
              Subject subject,
              RoleGroup role)
              throws AuthorizationException
Authorize a resource given a role

Parameters:
resource -
subject - the authenticated subject
role - a role (which can be a nested role)
Returns:
AuthorizationContext.PERMIT or AuthorizationContext.DENY
Throws:
AuthorizationException

authorize

int authorize(Resource resource,
              Subject subject,
              Group roleGroup)
              throws AuthorizationException
Authorize a resource given a Group of Principals representing roles

Parameters:
resource -
subject - the authenticated subject
roleGroup -
Returns:
Throws:
AuthorizationException

authorize

int authorize(Resource resource,
              Identity identity,
              Permission permission)
              throws AuthorizationException

Authorize access to the resource if the specified identity has the proper permissions.

Parameters:
resource - the Resource being accessed.
identity - the Identity trying to access the resource.
permission - the permissions required for access to be granted.
Returns:
AuthorizationContext#PERMIT if access has been granted; AuthorizationContext#DENY otherwise.
Throws:
AuthorizationException - if an error occurs while authorizing access to the resource.

getEntitlements

<T> EntitlementHolder<T> getEntitlements(Class<T> clazz,
                                         Resource resource,
                                         Identity identity)
                                     throws AuthorizationException
Instance Based Security Get all the entitlements assigned to the components of a Resource

Parameters:
clazz - Defines the class type of the entitlements
resource - A Resource (Can be a Portal Resource, a Rules Resource)
identity - The Identity against whom the entitlements need to be generated
Returns:
a Entitlements Wrapper
Throws:
AuthorizationException

doesUserHaveRole

boolean doesUserHaveRole(Principal principal,
                         Set<Principal> roles)
Validates the application domain roles to which the operational environment Principal belongs.

Parameters:
principal - the caller principal as known in the operation environment.
roles - The Set for the application domain roles that the principal is to be validated against.
Returns:
true if the principal has at least one of the roles in the roles set, false otherwise.

getSubjectRoles

RoleGroup getSubjectRoles(Subject authenticatedSubject,
                          CallbackHandler cbh)
Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domain

Parameters:
authenticatedSubject -
cbh - a CallbackHandler that can be used by the AuthorizationManager to obtain essentials such as SecurityContext etc
Returns:

getUserRoles

@Deprecated
Set<Principal> getUserRoles(Principal principal)
Deprecated. 

Return the set of domain roles the principal has been assigned.

Returns:
The Set for the application domain roles that the principal has been assigned.

getTargetRoles

Group getTargetRoles(Principal targetPrincipal,
                     Map<String,Object> contextMap)
Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal

Parameters:
targetPrincipal - Principal applicable in current domain
contextMap - Read-Only Contextual Information that may be useful for the implementation in determining the roles.
Returns:
roles from the target domain

JBoss Security SPI - Aggregator 2.0.4.SP8

Copyright © 2012 JBoss Inc.. All Rights Reserved.