Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.security
Interface AuthorizationManager

All Superinterfaces:
BaseSecurityManager
public interface AuthorizationManager
extends BaseSecurityManager

Generalized Authorization Manager Interface.

Replaces the legacy RealmMapping interface

Since:
Jan 2, 2006
Version:
$Revision: 73909 $
Author:
Anil Saldhana
See Also:
org.jboss.security.RealmMapping

Method Summary
 int authorize(Resource resource)
          Authorize a resource Note: The implementation will try to derive the authenticated subject by some means
 int authorize(Resource resource, javax.security.auth.Subject subject)
          Authorize a resource for an authenticated subject
 int authorize(Resource resource, javax.security.auth.Subject subject, java.security.acl.Group roleGroup)
          Authorize a resource given a Group of Principals representing roles
 int authorize(Resource resource, javax.security.auth.Subject subject, RoleGroup role)
          Authorize a resource given a role
 boolean doesUserHaveRole(java.security.Principal principal, java.util.Set<java.security.Principal> roles)
          Validates the application domain roles to which the operational environment Principal belongs.
<T> EntitlementHolder<T>
getEntitlements(java.lang.Class<T> clazz, Resource resource, Identity identity)
          Instance Based Security Get all the entitlements assigned to the components of a Resource
 RoleGroup getSubjectRoles(javax.security.auth.Subject authenticatedSubject, javax.security.auth.callback.CallbackHandler cbh)
          Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domain
 java.security.acl.Group getTargetRoles(java.security.Principal targetPrincipal, java.util.Map<java.lang.String,java.lang.Object> contextMap)
          Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal
 java.util.Set<java.security.Principal> getUserRoles(java.security.Principal principal)
          Deprecated.  
 
Methods inherited from interface org.jboss.security.BaseSecurityManager
getSecurityDomain
 

Method Detail

authorize

int authorize(Resource resource)
              throws AuthorizationException
Authorize a resource Note: The implementation will try to derive the authenticated subject by some means

Parameters:
resource - Resource to be authorized
Returns:
AuthorizationContext.PERMIT or AuthorizationContext.DENY
Throws:
AuthorizationException

authorize

int authorize(Resource resource,
              javax.security.auth.Subject subject)
              throws AuthorizationException
Authorize a resource for an authenticated subject

Parameters:
resource - Resource to be authorized
subject - Authenticated Subject
Returns:
AuthorizationContext.PERMIT or AuthorizationContext.DENY
Throws:
AuthorizationException

authorize

int authorize(Resource resource,
              javax.security.auth.Subject subject,
              RoleGroup role)
              throws AuthorizationException
Authorize a resource given a role

Parameters:
resource -
subject - the authenticated subject
role - a role (which can be a nested role)
Returns:
AuthorizationContext.PERMIT or AuthorizationContext.DENY
Throws:
AuthorizationException

authorize

int authorize(Resource resource,
              javax.security.auth.Subject subject,
              java.security.acl.Group roleGroup)
              throws AuthorizationException
Authorize a resource given a Group of Principals representing roles

Parameters:
resource -
subject - the authenticated subject
roleGroup -
Returns:
Throws:
AuthorizationException

getEntitlements

<T> EntitlementHolder<T> getEntitlements(java.lang.Class<T> clazz,
                                         Resource resource,
                                         Identity identity)
                                     throws AuthorizationException
Instance Based Security Get all the entitlements assigned to the components of a Resource

Parameters:
clazz - Defines the class type of the entitlements
resource - A Resource (Can be a Portal Resource, a Rules Resource)
identity - The Identity against whom the entitlements need to be generated
Returns:
a Entitlements Wrapper
Throws:
AuthorizationException

doesUserHaveRole

boolean doesUserHaveRole(java.security.Principal principal,
                         java.util.Set<java.security.Principal> roles)
Validates the application domain roles to which the operational environment Principal belongs.

Parameters:
principal - the caller principal as known in the operation environment.
roles - The Set for the application domain roles that the principal is to be validated against.
Returns:
true if the principal has at least one of the roles in the roles set, false otherwise.

getSubjectRoles

RoleGroup getSubjectRoles(javax.security.auth.Subject authenticatedSubject,
                          javax.security.auth.callback.CallbackHandler cbh)
Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domain

Parameters:
authenticatedSubject -
cbh - a CallbackHandler that can be used by the AuthorizationManager to obtain essentials such as SecurityContext etc
Returns:

getUserRoles

java.util.Set<java.security.Principal> getUserRoles(java.security.Principal principal)
Deprecated. 

Return the set of domain roles the principal has been assigned.

Returns:
The Set for the application domain roles that the principal has been assigned.

getTargetRoles

java.security.acl.Group getTargetRoles(java.security.Principal targetPrincipal,
                                       java.util.Map<java.lang.String,java.lang.Object> contextMap)
Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal

Parameters:
targetPrincipal - Principal applicable in current domain
contextMap - Read-Only Contextual Information that may be useful for the implementation in determining the roles.
Returns:
roles from the target domain
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2008 JBoss Inc.. All Rights Reserved.