|
![]() |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.openpermis.basic.BasicAuthorizationService
public class BasicAuthorizationService
An authorization service for a specific policy decision point and a specific subject finder.
Constructor Summary | |
---|---|
BasicAuthorizationService(PolicyDecisionPoint policyDecisionPoint,
SubjectFinder finder,
Clock clock)
Creates a authorization service for the specified policy. |
Method Summary | |
---|---|
AccessDecision |
getAccessDecision(Subject subject,
URI resource,
String actionName,
List<?> arguments)
Decides whether a subject may be given access to a target and what obligations need to be fulfilled. |
AccessDecision |
getAccessDecision(URI identity,
URI resource,
String actionName,
List<?> arguments)
Decides whether a subject may be given access to a target and what obligations need to be fulfilled. |
Set<RoleDefinition> |
getRoleDefinitionsForSubject(Subject subject)
Retrieves the roles that a subject currently holds. |
Set<RoleDefinition> |
getRoleDefinitionsForSubject(URI identity)
Retrieves the roles that a subject currently holds. |
Subject |
retrieveSubject(URI identity)
Returns a subject whose identity matches the one specified. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public BasicAuthorizationService(PolicyDecisionPoint policyDecisionPoint, SubjectFinder finder, Clock clock)
policyDecisionPoint
- the PolicyDecisionPoint
to determine access decisions.finder
- the SubjectFinder
providing this PDP with
information about its configured environment.clock
- the Clock
service providing time.Method Detail |
---|
public AccessDecision getAccessDecision(URI identity, URI resource, String actionName, List<?> arguments) throws AuthorizationServiceException
AuthorizationService
getAccessDecision
in interface AuthorizationService
identity
- a URI
to identify the user requesting access and to provide
the roles assigned to her.resource
- a URI
to identify the resource that the subject wants to access.actionName
- the name of the action that the subject wants to perform on the resource.arguments
- an optional list of arguments for the action that the subject wants to
perform on the resource.
AccessDecision
containing the decision and the
obligations associated with the decision.
AuthorizationServiceException
- if the authorization service fails to make an access
decision.public AccessDecision getAccessDecision(Subject subject, URI resource, String actionName, List<?> arguments) throws AuthorizationServiceException
AuthorizationService
getAccessDecision
in interface AuthorizationService
subject
- a Subject
to identify the user requesting access and to provide
the roles assigned to her.resource
- a URI
to identify the resource that the subject wants to access.actionName
- the name of the action that the subject wants to perform on the resource.arguments
- an optional list of arguments for the action
that the subject wants to perform on the resource.
AccessDecision
containing the decision and the
obligations associated with the decision.
AuthorizationServiceException
- if the authorization service fails to make an access
decision.public Subject retrieveSubject(URI identity) throws AuthorizationServiceException
AuthorizationService
retrieveSubject
in interface AuthorizationService
identity
- a URI
that identifies a subject.
Subject
associating a person with her assigned roles. The returned
subject is never null
, but will have no assigned roles for unknown identities.
AuthorizationServiceException
- when the authorization service fails to retrieve roles
for the specified identity.public Set<RoleDefinition> getRoleDefinitionsForSubject(URI identity) throws AuthorizationServiceException
AuthorizationService
Note: This method will only consider roles according to the current time stamp, therefore the resulting role definition list may vary depending on the current time and the validity of the role certificates when this method is called.
getRoleDefinitionsForSubject
in interface AuthorizationService
identity
- a URI
to identify the user for which to query its currently
held roles.
null
but may be empty if
the subject does not hold any roles.
AuthorizationServiceException
- when the authorization service fails to retrieve roles
for the specified identity.public Set<RoleDefinition> getRoleDefinitionsForSubject(Subject subject)
AuthorizationService
Note: This method will only consider roles according to the current time stamp, therefore the resulting role definition list may vary depending on the current time and the validity of the role certificates when this method is called.
getRoleDefinitionsForSubject
in interface AuthorizationService
subject
- a Subject
to identify the user for which to query its currently
held roles.
null
but may be empty if
the subject does not hold any roles.
|
![]() |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
OpenPermis Role Based Access Control 0.9.0 (Build 16)
2009/08/13 07:16:59
Copyright (c) 2002-2007 Ergon Informatik AG