Authorization Class
- public class Authorization
extends Object
The Authorization class provides runtime methods
for security policy checks.
The runtime authorization checks utilize the
SecurityServiceManager to retrieve the RoleManager
and AuthorizationManager. These managers perform
runtime checks against all configured Authorization
and RoleMapping providers while determining applicable
roles and policies.
-
Hierarchy
-
Object
Authorization
public static Map |
-
getRoles (P13nResource aResource, P13nContextHandler aRequestContext)
- Evaluates and returns the role names for which the current user
evaluates truely.
|
public static Map |
-
getRoles (P13nResource aResource)
- Evaluates and returns the role names for which the current user
evaluates truely.
|
public static boolean |
-
isAccessAllowed (P13nResource aResource)
- Evaluates whether access is allowed to an application resource.
|
public static boolean |
-
isAccessAllowed (P13nResource aResource, P13nContextHandler aRequestContext)
- Evaluates whether access is allowed to an application resource.
|
public static boolean |
-
isAccessAllowed (Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies)
- Evaluates whether access is allowed to an application resource.
|
public static boolean |
-
isAccessAllowed (P13nResource aResource, boolean inheritSecurityPolicies)
- Evaluates whether access is allowed to an application resource.
|
public static boolean |
-
isAccessAllowed (P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies)
- Evaluates whether access is allowed to an application resource.
|
public static boolean |
-
isAccessAllowed (Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext)
- Evaluates whether access is allowed to an application resource.
|
public static boolean |
-
isAccessAllowed (Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, Map roles)
- Evaluates whether access is allowed to an application resource
for the given roles.
|
public static boolean |
-
isAccessAllowed (P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies, Map roles)
- Evaluates whether access is allowed to an application resource for the
given roles.
|
public static boolean |
-
isAccessAllowed (P13nResource aResource, P13nContextHandler aRequestContext, Map roles)
- Evaluates whether access is allowed to an application resource.
|
public static boolean |
-
isAccessAllowed (Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies, Map roles)
- Evaluates whether access is allowed to an application resource.
|
public static boolean |
-
isProtectedResource (P13nResource aResource)
- Evaluates whether the given resource is protected by a
security policy.
|
public static boolean |
-
isUserInRole (String aRoleName, P13nResource aResource, P13nContextHandler aRequestContext)
- Evaluates whether the current user is in a give role
|
public static boolean |
-
isUserInRole (String aRoleName, Map aRoleMap)
- Evaluates whether the current user is in a given
precomputed Map of role names.
|
Methods from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Authorization
public Authorization()
getRoles(P13nResource, P13nContextHandler) Method
public static Map
getRoles(P13nResource
aResource,
P13nContextHandler
aRequestContext)
Evaluates and returns the role names for which the current user
evaluates truely. Potential roles are determine by the
type of P13nResource subclass passed to this method
Parameters
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
Returns
- A Map of role name strings.
getRoles(P13nResource) Method
public static Map
getRoles(P13nResource
aResource)
Evaluates and returns the role names for which the current user
evaluates truely. Potential roles are determine by the
type of P13nResource subclass passed to this method.
Note that the P13nContextHandler
will be retrieved internally in this method.
Parameters
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
Returns
- A Map of role name strings.
isAccessAllowed(P13nResource) Method
public static boolean isAccessAllowed(P13nResource
aResource)
Evaluates whether access is allowed to an application resource.
If no security policy is found for the requested resource,
a "grant" is returned. Note that the P13nContextHandler
will be retrieved internally in this method.
Parameters
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
Returns
- True if access is allowed, otherwise false.
isAccessAllowed(P13nResource, P13nContextHandler) Method
public static boolean isAccessAllowed(P13nResource
aResource,
P13nContextHandler
aRequestContext)
Evaluates whether access is allowed to an application resource.
If no security policy is found for the requested resource,
a "grant" is returned.
Parameters
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
Returns
- True if access is allowed, otherwise false.
isAccessAllowed(Subject, P13nResource, P13nContextHandler, boolean) Method
public static boolean isAccessAllowed(Subject
aSubject,
P13nResource
aResource,
P13nContextHandler
aRequestContext,
boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource.
Allows all inherited security policies to be considered until
a "grant" decision is returned, or until there are no more
polices to be evaluated. If no security policy is found for the
requested resource, a "deny" is returned.
Parameters
-
aSubject
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aResource
- The optional subject to check access for. If
not provided, current subject on request will be used.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
-
inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).
Returns
- True if access is allowed, otherwise false.
isAccessAllowed(P13nResource, boolean) Method
public static boolean isAccessAllowed(P13nResource
aResource,
boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource.
Allows all inherited security policies to be considered until
a "grant" decision is returned, or until there are no more
polices to be evaluated. If no security policy is found for the
requested resource, a "deny" is returned. Note that the P13nContextHandler
will be retrieved internally in this method.
Parameters
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).
Returns
- True if access is allowed, otherwise false.
isAccessAllowed(P13nResource, P13nContextHandler, boolean) Method
public static boolean isAccessAllowed(P13nResource
aResource,
P13nContextHandler
aRequestContext,
boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource.
Allows all inherited security policies to be considered until
a "grant" decision is returned, or until there are no more
polices to be evaluated. If no security policy is found for the
requested resource, a "deny" is returned.
Parameters
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
-
inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).
Returns
- True if access is allowed, otherwise false.
isAccessAllowed(Subject, P13nResource, P13nContextHandler) Method
public static boolean isAccessAllowed(Subject
aSubject,
P13nResource
aResource,
P13nContextHandler
aRequestContext)
Evaluates whether access is allowed to an application resource.
If no security policy is found for the
requested resource, a "grant" is returned.
Parameters
-
aSubject
- The Subject to consider access for.
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
Returns
- True if access is allowed, otherwise false.
isAccessAllowed(Subject, P13nResource, P13nContextHandler, Map) Method
public static boolean isAccessAllowed(Subject
aSubject,
P13nResource
aResource,
P13nContextHandler
aRequestContext,
Map
roles)
Evaluates whether access is allowed to an application resource
for the given roles.
If no security policy is found for the
requested resource, a "grant" is returned.
Parameters
-
aSubject
- The Subject to consider access for.
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
-
roles
- A Map of role name strings for which the policies are
to be evaluated.
Returns
- True if access is allowed, otherwise false.
isAccessAllowed(P13nResource, P13nContextHandler, boolean, Map) Method
public static boolean isAccessAllowed(P13nResource
aResource,
P13nContextHandler
aRequestContext,
boolean inheritSecurityPolicies,
Map
roles)
Evaluates whether access is allowed to an application resource for the
given roles. Allows all inherited security policies to be considered
until a "grant" decision is returned, or until there are no more
polices to be evaluated. If no security policy is found for the
requested resource, a "deny" is returned.
Parameters
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
-
inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).
-
roles
- A Map of role name strings for which the policies are
to be evaluated.
Returns
- True if access is allowed, otherwise false.
isAccessAllowed(P13nResource, P13nContextHandler, Map) Method
public static boolean isAccessAllowed(P13nResource
aResource,
P13nContextHandler
aRequestContext,
Map
roles)
Evaluates whether access is allowed to an application resource.
If no security policy is found for the requested resource,
a "grant" is returned.
Parameters
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
-
roles
- A map of role name strings for which the policies are
to be evaluated.
Returns
- True if access is allowed, otherwise false.
isAccessAllowed(Subject, P13nResource, P13nContextHandler, boolean, Map) Method
public static boolean isAccessAllowed(Subject
aSubject,
P13nResource
aResource,
P13nContextHandler
aRequestContext,
boolean inheritSecurityPolicies,
Map
roles)
Evaluates whether access is allowed to an application resource.
Allows all inherited security policies to be considered until
a "grant" decision is returned, or until there are no more
polices to be evaluated. If no security policy is found for the
requested resource, a "deny" is returned.
Parameters
-
aSubject
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aResource
- The optional subject to check access for. If
not provided, current subject on request will be used.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
-
inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).
-
roles
- List of roles
Returns
- True if access is allowed, otherwise false.
isProtectedResource(P13nResource) Method
public static boolean isProtectedResource(P13nResource
aResource)
Evaluates whether the given resource is protected by a
security policy. This check does not call the RoleMappers
so it does not actually evaluate/execute the Security Policy,
making it an efficient pre-check.
Parameters
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
Returns
- True if resource has an scoped/inherited security policy.
isUserInRole(String, P13nResource, P13nContextHandler) Method
public static boolean isUserInRole(String
aRoleName,
P13nResource
aResource,
P13nContextHandler
aRequestContext)
Evaluates whether the current user is in a give role
Parameters
-
aRoleName
- The requested role name.
-
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
-
aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
Returns
- True if user is in the given role, otherwise false.
isUserInRole(String, Map) Method
public static boolean isUserInRole(String
aRoleName,
Map
aRoleMap)
Evaluates whether the current user is in a given
precomputed Map of role names.
Parameters
-
aRoleName
- The requested role name.
-
aRoleMap
- A Map of roles as computed by the getRoles()
method.
Returns
- True if user is in the given role, otherwise false.