com.yahoo.athenz.zms

Class ZMSAuthorizer

java.lang.Object

com.yahoo.athenz.zms.ZMSAuthorizer

All Implemented Interfaces:

com.yahoo.athenz.auth.Authorizer, Closeable, AutoCloseable

public class ZMSAuthorizer
extends Object
implements com.yahoo.athenz.auth.Authorizer, Closeable

Field Summary

Fields

Modifier and Type	Field and Description
protected ZMSClient	client

Constructor Summary

Constructors

Constructor and Description
ZMSAuthorizer(String serviceDomain) Constructs a new ZMSAuthorizer object with the given resource service domain name.
ZMSAuthorizer(String endpoint, String serviceDomain) Constructs a new ZMSAuthorizer object with the given ZMS Server endpoint and given resource service domain name

Method Summary

Modifier and Type	Method and Description
boolean	access(String action, String resource, com.yahoo.athenz.auth.Principal principal, String trustDomain) Requests the ZMS to indicate whether or not the specific request for the specified resource with authentication details will be granted or not.
boolean	access(String action, String resource, String token, String trustDomain) Requests the ZMS to indicate whether or not the specific request for the specified resource with authentication details will be granted or not.
void	close() Close the ZMS Client object
void	setZMSClient(ZMSClient client) Set the authorizer to use the specified zms client object

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

client

protected ZMSClient client

Constructor Detail

ZMSAuthorizer

public ZMSAuthorizer(String serviceDomain)

Constructs a new ZMSAuthorizer object with the given resource service domain name. The url for ZMS Server is automatically retrieved from the athenz configuration file (zms_url field).

Parameters:

serviceDomain - resource service domain name

ZMSAuthorizer

public ZMSAuthorizer(String endpoint,
                     String serviceDomain)

Constructs a new ZMSAuthorizer object with the given ZMS Server endpoint and given resource service domain name

Parameters:

endpoint - ZMS Server url (e.g. http://server.athenzcompany.com:4443/zms/v1)

serviceDomain - resource service domain name

Method Detail

close

public void close()

Close the ZMS Client object

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

setZMSClient

public void setZMSClient(ZMSClient client)

Set the authorizer to use the specified zms client object

Parameters:

client - ZMSClient object to use for authorization checks

access

public boolean access(String action,
                      String resource,
                      String token,
                      String trustDomain)

Requests the ZMS to indicate whether or not the specific request for the specified resource with authentication details will be granted or not.

Parameters:

action - value of the action to be carried out (e.g. "UPDATE", "DELETE")

resource - resource value

token - either principal token (NToken) or role token (ZToken) that will be authenticated and checked for requested access

trustDomain - (optional - usually null) if the access checks involves cross domain check only check the specified trusted domain and ignore all others If the token is a role token, this argument must be null.

Returns:

boolean indicating whether or not the request will be granted or not

access

public boolean access(String action,
                      String resource,
                      com.yahoo.athenz.auth.Principal principal,
                      String trustDomain)

Requests the ZMS to indicate whether or not the specific request for the specified resource with authentication details will be granted or not.

Specified by:

access in interface com.yahoo.athenz.auth.Authorizer

Parameters:

action - value of the action to be carried out (e.g. "UPDATE", "DELETE")

resource - resource value

principal - principal object that will be authenticated and checked for requested access

trustDomain - (optional - usually null) if the access checks involves cross domain check only check the specified trusted domain and ignore all others

Returns:

boolean indicating whether or not the request will be granted or not