Interface AuthorizationManager

    • Method Detail

      • authorize

        int authorize​(Resource resource)
               throws AuthorizationException
        Authorize a resource Note: The implementation will try to derive the authenticated subject by some means
        Parameters:
        resource - Resource to be authorized
        Returns:
        AuthorizationContext.PERMIT or AuthorizationContext.DENY
        Throws:
        AuthorizationException
      • authorize

        int authorize​(Resource resource,
                      Subject subject)
               throws AuthorizationException
        Authorize a resource for an authenticated subject
        Parameters:
        resource - Resource to be authorized
        subject - Authenticated Subject
        Returns:
        AuthorizationContext.PERMIT or AuthorizationContext.DENY
        Throws:
        AuthorizationException
      • authorize

        int authorize​(Resource resource,
                      Subject subject,
                      RoleGroup role)
               throws AuthorizationException
        Authorize a resource given a role
        Parameters:
        resource -
        subject - the authenticated subject
        role - a role (which can be a nested role)
        Returns:
        AuthorizationContext.PERMIT or AuthorizationContext.DENY
        Throws:
        AuthorizationException
      • doesUserHaveRole

        boolean doesUserHaveRole​(Principal principal,
                                 Set<Principal> roles)
        Validates the application domain roles to which the operational environment Principal belongs.
        Parameters:
        principal - the caller principal as known in the operation environment.
        roles - The Set for the application domain roles that the principal is to be validated against.
        Returns:
        true if the principal has at least one of the roles in the roles set, false otherwise.
      • getSubjectRoles

        RoleGroup getSubjectRoles​(Subject authenticatedSubject,
                                  CallbackHandler cbh)
        Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domain
        Parameters:
        authenticatedSubject -
        cbh - a CallbackHandler that can be used by the AuthorizationManager to obtain essentials such as SecurityContext etc
        Returns:
      • getUserRoles

        Set<Principal> getUserRoles​(Principal principal)
        Return the set of domain roles the principal has been assigned.
        Returns:
        The Set for the application domain roles that the principal has been assigned.
      • getTargetRoles

        Group getTargetRoles​(Principal targetPrincipal,
                             Map<String,​Object> contextMap)
        Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal
        Parameters:
        targetPrincipal - Principal applicable in current domain
        contextMap - Read-Only Contextual Information that may be useful for the implementation in determining the roles.
        Returns:
        roles from the target domain