org.openpermis.basic
Class BasicAuthorizationService

java.lang.Object
  extended by org.openpermis.basic.BasicAuthorizationService
All Implemented Interfaces:
AuthorizationService

public class BasicAuthorizationService
extends Object
implements AuthorizationService

An authorization service for a specific policy decision point and a specific subject repository.

Since:
0.3.0

Constructor Summary
BasicAuthorizationService(PolicyDecisionPoint policyDecisionPoint, SubjectRepository repository, Clock clock)
          Creates a authorization service for the specified policy.
 
Method Summary
 AccessDecision getAccessDecision(Subject subject, URI resource, String actionName, List<?> arguments)
          Decides whether a subject may be given access to a target and what obligations need to be fulfilled.
 AccessDecision getAccessDecision(URI identity, URI resource, String actionName, List<?> arguments)
          Decides whether a subject may be given access to a target and what obligations need to be fulfilled.
 Subject retrieveSubject(URI identity)
          Returns a subject whose identity matches the one specified.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BasicAuthorizationService

public BasicAuthorizationService(PolicyDecisionPoint policyDecisionPoint,
                                 SubjectRepository repository,
                                 Clock clock)
Creates a authorization service for the specified policy.

Parameters:
policyDecisionPoint - the PolicyDecisionPoint to determine access decisions.
repository - the SubjectRepository providing this PDP with information about its configured environment.
clock - the Clock service providing time.
Since:
0.1.0
Method Detail

getAccessDecision

public AccessDecision getAccessDecision(URI identity,
                                        URI resource,
                                        String actionName,
                                        List<?> arguments)
                                 throws AuthorizationServiceException
Description copied from interface: AuthorizationService
Decides whether a subject may be given access to a target and what obligations need to be fulfilled.

Specified by:
getAccessDecision in interface AuthorizationService
Parameters:
identity - a URI to identify the user requesting access and to provide the roles assigned to her.
resource - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
Returns:
an AccessDecision containing the decision and the obligations associated with the decision.
Throws:
AuthorizationServiceException - if the authorization service fails to make an access decision.
Since:
0.3.0

getAccessDecision

public AccessDecision getAccessDecision(Subject subject,
                                        URI resource,
                                        String actionName,
                                        List<?> arguments)
                                 throws AuthorizationServiceException
Description copied from interface: AuthorizationService
Decides whether a subject may be given access to a target and what obligations need to be fulfilled.

Specified by:
getAccessDecision in interface AuthorizationService
Parameters:
subject - a Subject to identify the user requesting access and to provide the roles assigned to her.
resource - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
Returns:
an AccessDecision containing the decision and the obligations associated with the decision.
Throws:
AuthorizationServiceException - if the authorization service fails to make an access decision.
Since:
0.3.0

retrieveSubject

public Subject retrieveSubject(URI identity)
                        throws AuthorizationServiceException
Description copied from interface: AuthorizationService
Returns a subject whose identity matches the one specified.

Specified by:
retrieveSubject in interface AuthorizationService
Parameters:
identity - a URI that identifies a subject.
Returns:
a Subject associating a person with her assigned roles. The returned subject is never null, but will have no assigned roles for unknown identities.
Throws:
AuthorizationServiceException - when the authorization service fails to retrieve roles for the specified identity.
Since:
0.3.0


PERMIS Role Based Access Control 0.3.0 (Build 14)
2009/05/08 09:06:10
Copyright (c) 2002-2007 Ergon Informatik AG