Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
AuthorizationService |
|
| 1.0;1 |
1 | /* | |
2 | * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport | |
3 | * (http://www.vbs.admin.ch) | |
4 | * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch) | |
5 | * All rights reserved. | |
6 | * | |
7 | * Licensed under the Open Permis License which accompanies this distribution, | |
8 | * and is available at http://www.openpermis.org/BSDlicenceKent.txt | |
9 | */ | |
10 | package org.openpermis; | |
11 | ||
12 | import java.net.URI; | |
13 | import java.util.List; | |
14 | ||
15 | import org.openpermis.policy.AccessDecision; | |
16 | ||
17 | ||
18 | /** | |
19 | * A service to perform authorization decisions. | |
20 | * @since 0.3.0 | |
21 | */ | |
22 | public interface AuthorizationService { | |
23 | ||
24 | //---- Methods | |
25 | ||
26 | /** | |
27 | * Decides whether a subject may be given access to a target and what obligations | |
28 | * need to be fulfilled. | |
29 | * @param subject a {@link URI} to identify the user requesting access and to provide | |
30 | * the roles assigned to her. | |
31 | * @param resource a {@link URI} to identify the resource that the subject wants to access. | |
32 | * @param actionName the name of the action that the subject wants to perform on the resource. | |
33 | * @param arguments an optional list of arguments for the action that the subject wants to | |
34 | * perform on the resource. | |
35 | * @return an {@link AccessDecision} containing the decision and the | |
36 | * obligations associated with the decision. | |
37 | * @throws AuthorizationServiceException if the authorization service fails to make an access | |
38 | * decision. | |
39 | * @since 0.3.0 | |
40 | */ | |
41 | public AccessDecision getAccessDecision ( | |
42 | URI subject, | |
43 | URI resource, | |
44 | String actionName, | |
45 | List<?> arguments | |
46 | ) | |
47 | throws AuthorizationServiceException; | |
48 | ||
49 | /** | |
50 | * Decides whether a subject may be given access to a target and what obligations | |
51 | * need to be fulfilled. | |
52 | * @param subject a {@link Subject} to identify the user requesting access and to provide | |
53 | * the roles assigned to her. | |
54 | * @param resource a {@link URI} to identify the resource that the subject wants to access. | |
55 | * @param actionName the name of the action that the subject wants to perform on the resource. | |
56 | * @param arguments an optional list of arguments for the action | |
57 | * that the subject wants to perform on the resource. | |
58 | * @return an {@link AccessDecision} containing the decision and the | |
59 | * obligations associated with the decision. | |
60 | * @throws AuthorizationServiceException if the authorization service fails to make an access | |
61 | * decision. | |
62 | * @since 0.3.0 | |
63 | */ | |
64 | public AccessDecision getAccessDecision ( | |
65 | Subject subject, | |
66 | URI resource, | |
67 | String actionName, | |
68 | List<?> arguments | |
69 | ) | |
70 | throws AuthorizationServiceException; | |
71 | ||
72 | /** | |
73 | * Returns a subject whose identity matches the one specified. | |
74 | * @param identity a {@link URI} that identifies a subject. | |
75 | * @return a {@link Subject} associating a person with her assigned roles. The returned | |
76 | * subject is never <code>null</code>, but will have no assigned roles for unknown identities. | |
77 | * @throws AuthorizationServiceException when the authorization service fails to retrieve roles | |
78 | * for the specified identity. | |
79 | * @since 0.3.0 | |
80 | */ | |
81 | public Subject retrieveSubject (URI identity) throws AuthorizationServiceException; | |
82 | ||
83 | ||
84 | } |