Interface ACLProvider

  • All Known Implementing Classes:
    ACLProviderImpl, RoleBasedACLProviderImpl

    public interface ACLProvider

    An ACLProvider is responsible for the management of the ACLs associated to the resources being protected. Implementations of this interface will typically interact with some sort of repository, where the ACLs are stored.

    Author:
    Stefan Guilhen, Anil.Saldhana@redhat.com
    • Method Detail

      • initialize

        void initialize​(Map<String,​Object> sharedState,
                        Map<String,​Object> options)
        Initialize the provider
        Parameters:
        sharedState - Shared State
        options - Options
      • getEntitlements

        <T> Set<T> getEntitlements​(Class<T> clazz,
                                   Resource resource,
                                   Identity identity)
                            throws AuthorizationException

        For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc. Now the Portal page can be the resource and for a given identity, the entitlements would be the subset of these 10 components to which the identity has access

        Type Parameters:
        T -
        Parameters:
        resource -
        identity -
        Returns:
        Throws:
        AuthorizationException
      • isAccessGranted

        boolean isAccessGranted​(Resource resource,
                                Identity identity,
                                ACLPermission permission)
                         throws AuthorizationException

        Checks if the given identity has the permissions needed to access the specified resource. This involves finding the ACL associated with the resource and consulting the ACL to determine if access should be granted or not to the identity.

        Parameters:
        resource - the Resource being accessed.
        identity - the Identity trying to access the resource.
        permission - the permissions needed to access the resource.
        Returns:
        true if the identity has enough permissions to access the resource; false otherwise.
        Throws:
        AuthorizationException - if no ACL can be found for the specified resource.
      • getPersistenceStrategy

        ACLPersistenceStrategy getPersistenceStrategy()

        Obtains the ACLPersistenceStrategy associated with this provider.

        Returns:
        a reference to the ACLPersistenceStrategy used by this provider.
      • setPersistenceStrategy

        void setPersistenceStrategy​(ACLPersistenceStrategy strategy)

        Sets the persistence strategy to be used by this provider.

        Parameters:
        strategy - a reference to the ACLPersistenceStrategy to be used.
      • tearDown

        boolean tearDown()
        Give an opportunity for the provider to finalize the operations
        Returns: