org.openpermis
Interface AuthorizationService

All Known Implementing Classes:
BasicAuthorizationService

public interface AuthorizationService

A service to perform authorization decisions.

Since:
0.3.0

Method Summary
 AccessDecision getAccessDecision(Subject subject, URI resource, String actionName, List<?> arguments)
          Decides whether a subject may be given access to a target and what obligations need to be fulfilled.
 AccessDecision getAccessDecision(URI subject, URI resource, String actionName, List<?> arguments)
          Decides whether a subject may be given access to a target and what obligations need to be fulfilled.
 Set<RoleDefinition> getRoleDefinitionsForSubject(Subject subject)
          Retrieves the roles that a subject currently holds.
 Set<RoleDefinition> getRoleDefinitionsForSubject(URI subject)
          Retrieves the roles that a subject currently holds.
 Subject retrieveSubject(URI identity)
          Returns a subject whose identity matches the one specified.
 

Method Detail

getAccessDecision

AccessDecision getAccessDecision(URI subject,
                                 URI resource,
                                 String actionName,
                                 List<?> arguments)
                                 throws AuthorizationServiceException
Decides whether a subject may be given access to a target and what obligations need to be fulfilled.

Parameters:
subject - a URI to identify the user requesting access and to provide the roles assigned to her.
resource - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
Returns:
an AccessDecision containing the decision and the obligations associated with the decision.
Throws:
AuthorizationServiceException - if the authorization service fails to make an access decision.
Since:
0.3.0

getAccessDecision

AccessDecision getAccessDecision(Subject subject,
                                 URI resource,
                                 String actionName,
                                 List<?> arguments)
                                 throws AuthorizationServiceException
Decides whether a subject may be given access to a target and what obligations need to be fulfilled.

Parameters:
subject - a Subject to identify the user requesting access and to provide the roles assigned to her.
resource - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
Returns:
an AccessDecision containing the decision and the obligations associated with the decision.
Throws:
AuthorizationServiceException - if the authorization service fails to make an access decision.
Since:
0.3.0

retrieveSubject

Subject retrieveSubject(URI identity)
                        throws AuthorizationServiceException
Returns a subject whose identity matches the one specified.

Parameters:
identity - a URI that identifies a subject.
Returns:
a Subject associating a person with her assigned roles. The returned subject is never null, but will have no assigned roles for unknown identities.
Throws:
AuthorizationServiceException - when the authorization service fails to retrieve roles for the specified identity.
Since:
0.3.0

getRoleDefinitionsForSubject

Set<RoleDefinition> getRoleDefinitionsForSubject(URI subject)
                                                 throws AuthorizationServiceException
Retrieves the roles that a subject currently holds.

Note: This method will only consider roles according to the current time stamp, therefore the resulting role definition list may vary depending on the current time and the validity of the role certificates when this method is called.

Parameters:
subject - a URI to identify the user for which to query its currently held roles.
Returns:
the set of roles held by the subject, never null but may be empty if the subject does not hold any roles.
Throws:
AuthorizationServiceException - when the authorization service fails to retrieve roles for the specified identity.
Since:
0.9.0

getRoleDefinitionsForSubject

Set<RoleDefinition> getRoleDefinitionsForSubject(Subject subject)
Retrieves the roles that a subject currently holds.

Note: This method will only consider roles according to the current time stamp, therefore the resulting role definition list may vary depending on the current time and the validity of the role certificates when this method is called.

Parameters:
subject - a Subject to identify the user for which to query its currently held roles.
Returns:
the set of roles held by the subject, never null but may be empty if the subject does not hold any roles.
Since:
0.9.0


OpenPermis Role Based Access Control 0.9.0 (Build 16)
2009/08/13 07:16:59
Copyright (c) 2002-2007 Ergon Informatik AG