io.ballerina.messaging.broker.auth.authorization.authorizer.rdbms

Class DefaultAuthorizer

java.lang.Object

io.ballerina.messaging.broker.auth.authorization.authorizer.rdbms.DefaultAuthorizer

All Implemented Interfaces:

Authorizer

public class DefaultAuthorizer
extends Object
implements Authorizer

Class provides database based @Authorizer implementation.

Constructor Summary

Constructors

Constructor and Description
DefaultAuthorizer(DiscretionaryAccessController externalDacHandler, MandatoryAccessController macHandler, UserStore userStore)

Method Summary

Modifier and Type	Method and Description
boolean	addGroupsToResource(String resourceType, String resourceName, String action, List<String> groups) Allow given groups to access the givne resource.
void	addProtectedResource(String resourceType, String resourceName, boolean durable, String owner) Create auth resource.
boolean	authorize(String scopeName, String userId) Authorize user with given scope key.
boolean	authorize(String resourceType, String resourceName, String action, String userId) Authorize resource with given resource and action.
boolean	changeResourceOwner(String resourceType, String resourceName, String owner) Create auth resource.
void	deleteProtectedResource(String resourceType, String resourceName) Delete auth resource.
AuthResource	getAuthResource(String resourceType, String resourceName) Query auth resource.
void	initialize(io.ballerina.messaging.broker.common.StartupContext startupContext) Initialize authorization strategy based on given auth configuration, user store manager and data source.
boolean	removeGroupFromResource(String resourceType, String resourceName, String action, String group) Revoke access from the given group.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAuthorizer

public DefaultAuthorizer(DiscretionaryAccessController externalDacHandler,
                         MandatoryAccessController macHandler,
                         UserStore userStore)

Method Detail

initialize

public void initialize(io.ballerina.messaging.broker.common.StartupContext startupContext)
                throws Exception

Description copied from interface: Authorizer

Initialize authorization strategy based on given auth configuration, user store manager and data source.

Specified by:

initialize in interface Authorizer

Parameters:

startupContext - the startup context provides registered services for authProvider

Throws:

Exception

authorize

public boolean authorize(String scopeName,
                         String userId)
                  throws AuthException,
                         AuthServerException,
                         AuthNotFoundException

Description copied from interface: Authorizer

Authorize user with given scope key.

Specified by:

authorize in interface Authorizer

Parameters:

scopeName - a scope key

userId - an user identifier

Returns:

if authorised or not

Throws:

AuthException - throws if error occur during authorization

AuthServerException

AuthNotFoundException

authorize

public boolean authorize(String resourceType,
                         String resourceName,
                         String action,
                         String userId)
                  throws AuthException,
                         AuthServerException,
                         AuthNotFoundException

Description copied from interface: Authorizer

Authorize resource with given resource and action.

Specified by:

authorize in interface Authorizer

Parameters:

resourceType - resource Type

resourceName - resource

action - action

userId - user identifier

Returns:

if authorised or not

Throws:

AuthException - throws if error occur during authorization

AuthServerException

AuthNotFoundException

getAuthResource

public AuthResource getAuthResource(String resourceType,
                                    String resourceName)
                             throws AuthServerException,
                                    AuthNotFoundException

Description copied from interface: Authorizer

Query auth resource.

Specified by:

getAuthResource in interface Authorizer

Parameters:

resourceType - resource type

resourceName - resource name

Returns:

matching auth resource if exists, null otherwise

Throws:

AuthServerException - throws if error occurs while authorizing resource

AuthNotFoundException - throws if auth resource is not found

addProtectedResource

public void addProtectedResource(String resourceType,
                                 String resourceName,
                                 boolean durable,
                                 String owner)
                          throws AuthServerException

Description copied from interface: Authorizer

Create auth resource.

Specified by:

addProtectedResource in interface Authorizer

Parameters:

resourceType - resource type

resourceName - resource name

durable - is durable

owner - resource owner

Throws:

AuthServerException - throws if error occurs while authorizing resource

deleteProtectedResource

public void deleteProtectedResource(String resourceType,
                                    String resourceName)
                             throws AuthServerException,
                                    AuthNotFoundException

Description copied from interface: Authorizer

Delete auth resource.

Specified by:

deleteProtectedResource in interface Authorizer

Parameters:

resourceType - resource type

resourceName - resource name

Throws:

AuthServerException - throws if error occurs while authorizing resource

AuthNotFoundException - throws if auth resource is not found

addGroupsToResource

public boolean addGroupsToResource(String resourceType,
                                   String resourceName,
                                   String action,
                                   List<String> groups)
                            throws AuthServerException

Description copied from interface: Authorizer

Allow given groups to access the givne resource.

Specified by:

addGroupsToResource in interface Authorizer

Parameters:

resourceType - resource type

resourceName - resource name

action - action

groups - list of group to add

Returns:

true if group list add successfully

Throws:

AuthServerException - throws if error occurred while adding groups to resource

removeGroupFromResource

public boolean removeGroupFromResource(String resourceType,
                                       String resourceName,
                                       String action,
                                       String group)
                                throws AuthServerException,
                                       AuthNotFoundException

Description copied from interface: Authorizer

Revoke access from the given group.

Specified by:

removeGroupFromResource in interface Authorizer

Parameters:

resourceType - resource type

resourceName - resource name

action - action

group - group

Throws:

AuthServerException - throws if an server error occurred

AuthNotFoundException - throws if the resource is not found

changeResourceOwner

public boolean changeResourceOwner(String resourceType,
                                   String resourceName,
                                   String owner)
                            throws AuthServerException,
                                   AuthNotFoundException,
                                   AuthException

Description copied from interface: Authorizer

Create auth resource.

Specified by:

changeResourceOwner in interface Authorizer

Parameters:

resourceType - resource type

resourceName - resource name

owner - newOwner

Throws:

AuthServerException - throws if an server error occurred

AuthNotFoundException - throws if the resource is not found

AuthException