org.openpermis.policy
Interface Policy

All Superinterfaces:
Part, PolicyDecisionPoint, Serializable
All Known Subinterfaces:
PolicyBean
All Known Implementing Classes:
BasicPolicy

public interface Policy
extends Part, PolicyDecisionPoint

A policy decision point policy for role-based access control.

A policy defines two major sets of rules:

In order to be valid the following conditions must be met:

A policy defines role hierarchies. In order to be useful, polices must have at least one RoleHierarchy.

Since:
0.1.0

Method Summary
 AccessDecision getAccessDecision(Subject subject, URI resourceUri, String actionName, List<?> arguments, TimeStamp timeStamp)
          Decides whether a subject may be given access to a target and what obligations need to be fulfilled.
 boolean isPolicyConsistent(PartProblemReporter reporter)
          Check if this policy is consistent.
 
Methods inherited from interface org.openpermis.policy.Part
equals, hashCode, toString
 

Method Detail

isPolicyConsistent

boolean isPolicyConsistent(PartProblemReporter reporter)
Check if this policy is consistent.

Parameters:
reporter - optional callback where violations are reported, may be null if the caller is not interested in details about the violations.
Returns:
true if this policy is consistent, otherwise false.
Since:
0.9.0

getAccessDecision

AccessDecision getAccessDecision(Subject subject,
                                 URI resourceUri,
                                 String actionName,
                                 List<?> arguments,
                                 TimeStamp timeStamp)
                                 throws PolicyDecisionException
Description copied from interface: PolicyDecisionPoint
Decides whether a subject may be given access to a target and what obligations need to be fulfilled.

Specified by:
getAccessDecision in interface PolicyDecisionPoint
Parameters:
subject - a Subject to identify the user requesting access and to provide the roles assigned to her.
resourceUri - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
timeStamp - the time at which the action is executed.
Returns:
an AccessDecision containing the PDP's decision and the obligations associated with the decision.
Throws:
PolicyDecisionException - if the PDP fails to make an access decision.
Since:
0.3.0


OpenPermis Role Based Access Control 0.9.0 (Build 16)
2009/08/13 07:16:59
Copyright (c) 2002-2007 Ergon Informatik AG