Package org.jboss.security
Interface AuthorizationManager
-
- All Superinterfaces:
BaseSecurityManager
- All Known Implementing Classes:
JBossAuthorizationManager
public interface AuthorizationManager extends BaseSecurityManager
Generalized Authorization Manager Interface.
Replaces the legacy RealmMapping interface- Since:
- Jan 2, 2006
- Version:
- $Revision$
- Author:
- Anil Saldhana
- See Also:
RealmMapping
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description int
authorize(Resource resource)
Authorize a resource Note: The implementation will try to derive the authenticated subject by some meansint
authorize(Resource resource, Subject subject)
Authorize a resource for an authenticated subjectint
authorize(Resource resource, Subject subject, Group roleGroup)
Authorize a resource given a Group of Principals representing rolesint
authorize(Resource resource, Subject subject, RoleGroup role)
Authorize a resource given a roleboolean
doesUserHaveRole(Principal principal, Set<Principal> roles)
Validates the application domain roles to which the operational environment Principal belongs.RoleGroup
getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domainGroup
getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)
Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principalSet<Principal>
getUserRoles(Principal principal)
Return the set of domain roles the principal has been assigned.-
Methods inherited from interface org.jboss.security.BaseSecurityManager
getSecurityDomain
-
-
-
-
Method Detail
-
authorize
int authorize(Resource resource) throws AuthorizationException
Authorize a resource Note: The implementation will try to derive the authenticated subject by some means- Parameters:
resource
- Resource to be authorized- Returns:
- AuthorizationContext.PERMIT or AuthorizationContext.DENY
- Throws:
AuthorizationException
-
authorize
int authorize(Resource resource, Subject subject) throws AuthorizationException
Authorize a resource for an authenticated subject- Parameters:
resource
- Resource to be authorizedsubject
- Authenticated Subject- Returns:
- AuthorizationContext.PERMIT or AuthorizationContext.DENY
- Throws:
AuthorizationException
-
authorize
int authorize(Resource resource, Subject subject, RoleGroup role) throws AuthorizationException
Authorize a resource given a role- Parameters:
resource
-subject
- the authenticated subjectrole
- a role (which can be a nested role)- Returns:
- AuthorizationContext.PERMIT or AuthorizationContext.DENY
- Throws:
AuthorizationException
-
authorize
int authorize(Resource resource, Subject subject, Group roleGroup) throws AuthorizationException
Authorize a resource given a Group of Principals representing roles- Parameters:
resource
-subject
- the authenticated subjectroleGroup
-- Returns:
- Throws:
AuthorizationException
-
doesUserHaveRole
boolean doesUserHaveRole(Principal principal, Set<Principal> roles)
Validates the application domain roles to which the operational environment Principal belongs.- Parameters:
principal
- the caller principal as known in the operation environment.roles
- The Setfor the application domain roles that the principal is to be validated against. - Returns:
- true if the principal has at least one of the roles in the roles set, false otherwise.
-
getSubjectRoles
RoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domain- Parameters:
authenticatedSubject
-cbh
- a CallbackHandler that can be used by the AuthorizationManager to obtain essentials such as SecurityContext etc- Returns:
-
getUserRoles
Set<Principal> getUserRoles(Principal principal)
Return the set of domain roles the principal has been assigned.- Returns:
- The Set
for the application domain roles that the principal has been assigned.
-
getTargetRoles
Group getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)
Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal- Parameters:
targetPrincipal
- Principal applicable in current domaincontextMap
- Read-Only Contextual Information that may be useful for the implementation in determining the roles.- Returns:
- roles from the target domain
-
-