org.openpermis.basic
Class BasicAuthorizationService

java.lang.Object
  extended by org.openpermis.basic.BasicAuthorizationService
All Implemented Interfaces:
AuthorizationService

public class BasicAuthorizationService
extends Object
implements AuthorizationService

An authorization service for a specific policy decision point and a specific subject finder.

Since:
0.3.0

Constructor Summary
BasicAuthorizationService(PolicyDecisionPoint policyDecisionPoint, SubjectFinder finder, Clock clock)
          Creates a authorization service for the specified policy.
 
Method Summary
 AccessDecision getAccessDecision(Subject subject, URI resource, String actionName, List<?> arguments)
          Decides whether a subject may be given access to a target and what obligations need to be fulfilled.
 AccessDecision getAccessDecision(URI identity, URI resource, String actionName, List<?> arguments)
          Decides whether a subject may be given access to a target and what obligations need to be fulfilled.
 Set<RoleDefinition> getRoleDefinitionsForSubject(Subject subject)
          Retrieves the roles that a subject currently holds.
 Set<RoleDefinition> getRoleDefinitionsForSubject(URI identity)
          Retrieves the roles that a subject currently holds.
 Subject retrieveSubject(URI identity)
          Returns a subject whose identity matches the one specified.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BasicAuthorizationService

public BasicAuthorizationService(PolicyDecisionPoint policyDecisionPoint,
                                 SubjectFinder finder,
                                 Clock clock)
Creates a authorization service for the specified policy.

Parameters:
policyDecisionPoint - the PolicyDecisionPoint to determine access decisions.
finder - the SubjectFinder providing this PDP with information about its configured environment.
clock - the Clock service providing time.
Since:
0.1.0
Method Detail

getAccessDecision

public AccessDecision getAccessDecision(URI identity,
                                        URI resource,
                                        String actionName,
                                        List<?> arguments)
                                 throws AuthorizationServiceException
Description copied from interface: AuthorizationService
Decides whether a subject may be given access to a target and what obligations need to be fulfilled.

Specified by:
getAccessDecision in interface AuthorizationService
Parameters:
identity - a URI to identify the user requesting access and to provide the roles assigned to her.
resource - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
Returns:
an AccessDecision containing the decision and the obligations associated with the decision.
Throws:
AuthorizationServiceException - if the authorization service fails to make an access decision.
Since:
0.3.0

getAccessDecision

public AccessDecision getAccessDecision(Subject subject,
                                        URI resource,
                                        String actionName,
                                        List<?> arguments)
                                 throws AuthorizationServiceException
Description copied from interface: AuthorizationService
Decides whether a subject may be given access to a target and what obligations need to be fulfilled.

Specified by:
getAccessDecision in interface AuthorizationService
Parameters:
subject - a Subject to identify the user requesting access and to provide the roles assigned to her.
resource - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
Returns:
an AccessDecision containing the decision and the obligations associated with the decision.
Throws:
AuthorizationServiceException - if the authorization service fails to make an access decision.
Since:
0.3.0

retrieveSubject

public Subject retrieveSubject(URI identity)
                        throws AuthorizationServiceException
Description copied from interface: AuthorizationService
Returns a subject whose identity matches the one specified.

Specified by:
retrieveSubject in interface AuthorizationService
Parameters:
identity - a URI that identifies a subject.
Returns:
a Subject associating a person with her assigned roles. The returned subject is never null, but will have no assigned roles for unknown identities.
Throws:
AuthorizationServiceException - when the authorization service fails to retrieve roles for the specified identity.
Since:
0.3.0

getRoleDefinitionsForSubject

public Set<RoleDefinition> getRoleDefinitionsForSubject(URI identity)
                                                 throws AuthorizationServiceException
Description copied from interface: AuthorizationService
Retrieves the roles that a subject currently holds.

Note: This method will only consider roles according to the current time stamp, therefore the resulting role definition list may vary depending on the current time and the validity of the role certificates when this method is called.

Specified by:
getRoleDefinitionsForSubject in interface AuthorizationService
Parameters:
identity - a URI to identify the user for which to query its currently held roles.
Returns:
the set of roles held by the subject, never null but may be empty if the subject does not hold any roles.
Throws:
AuthorizationServiceException - when the authorization service fails to retrieve roles for the specified identity.
Since:
0.9.0

getRoleDefinitionsForSubject

public Set<RoleDefinition> getRoleDefinitionsForSubject(Subject subject)
Description copied from interface: AuthorizationService
Retrieves the roles that a subject currently holds.

Note: This method will only consider roles according to the current time stamp, therefore the resulting role definition list may vary depending on the current time and the validity of the role certificates when this method is called.

Specified by:
getRoleDefinitionsForSubject in interface AuthorizationService
Parameters:
subject - a Subject to identify the user for which to query its currently held roles.
Returns:
the set of roles held by the subject, never null but may be empty if the subject does not hold any roles.
Since:
0.9.0


OpenPermis Role Based Access Control 0.9.0 (Build 16)
2009/08/13 07:16:59
Copyright (c) 2002-2007 Ergon Informatik AG