Authorization Class

com.bea.p13n.entitlements
Authorization Class

public class Authorization

    extends Object

The Authorization class provides runtime methods for security policy checks. The runtime authorization checks utilize the SecurityServiceManager to retrieve the RoleManager and AuthorizationManager. These managers perform runtime checks against all configured Authorization and RoleMapping providers while determining applicable roles and policies.


Hierarchy
Object
  Authorization

Constructor Summary

Authorization()

 

Method Summary

public static Map
getRoles(P13nResource aResource, P13nContextHandler aRequestContext)
Evaluates and returns the role names for which the current user evaluates truely.
public static Map
getRoles(P13nResource aResource)
Evaluates and returns the role names for which the current user evaluates truely.
public static boolean
isAccessAllowed(P13nResource aResource)
Evaluates whether access is allowed to an application resource.
public static boolean
isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext)
Evaluates whether access is allowed to an application resource.
public static boolean
isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource.
public static boolean
isAccessAllowed(P13nResource aResource, boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource.
public static boolean
isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource.
public static boolean
isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext)
Evaluates whether access is allowed to an application resource.
public static boolean
isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, Map roles)
Evaluates whether access is allowed to an application resource for the given roles.
public static boolean
isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies, Map roles)
Evaluates whether access is allowed to an application resource for the given roles.
public static boolean
isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext, Map roles)
Evaluates whether access is allowed to an application resource.
public static boolean
isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies, Map roles)
Evaluates whether access is allowed to an application resource.
public static boolean
isProtectedResource(P13nResource aResource)
Evaluates whether the given resource is protected by a security policy.
public static boolean
isUserInRole(String aRoleName, P13nResource aResource, P13nContextHandler aRequestContext)
Evaluates whether the current user is in a give role
public static boolean
isUserInRole(String aRoleName, Map aRoleMap)
Evaluates whether the current user is in a given precomputed Map of role names.
 
Methods from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
   

Constructor Detail

Authorization

public Authorization()
 

Method Detail

getRoles(P13nResource, P13nContextHandler) Method

public static Map getRoles(P13nResource aResource, 
                           P13nContextHandler aRequestContext)
Evaluates and returns the role names for which the current user evaluates truely. Potential roles are determine by the type of P13nResource subclass passed to this method

Parameters

aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.

Returns

A Map of role name strings.

getRoles(P13nResource) Method

public static Map getRoles(P13nResource aResource)
Evaluates and returns the role names for which the current user evaluates truely. Potential roles are determine by the type of P13nResource subclass passed to this method. Note that the P13nContextHandler will be retrieved internally in this method.

Parameters

aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.

Returns

A Map of role name strings.

isAccessAllowed(P13nResource) Method

public static boolean isAccessAllowed(P13nResource aResource)
Evaluates whether access is allowed to an application resource. If no security policy is found for the requested resource, a "grant" is returned. Note that the P13nContextHandler will be retrieved internally in this method.

Parameters

aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.

Returns

True if access is allowed, otherwise false.

isAccessAllowed(P13nResource, P13nContextHandler) Method

public static boolean isAccessAllowed(P13nResource aResource, 
                                      P13nContextHandler aRequestContext)
Evaluates whether access is allowed to an application resource. If no security policy is found for the requested resource, a "grant" is returned.

Parameters

aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.

Returns

True if access is allowed, otherwise false.

isAccessAllowed(Subject, P13nResource, P13nContextHandler, boolean) Method

public static boolean isAccessAllowed(Subject aSubject, 
                                      P13nResource aResource, 
                                      P13nContextHandler aRequestContext, 
                                      boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned.

Parameters

aSubject
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aResource
The optional subject to check access for. If not provided, current subject on request will be used.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
inheritSecurityPolicies
A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).

Returns

True if access is allowed, otherwise false.

isAccessAllowed(P13nResource, boolean) Method

public static boolean isAccessAllowed(P13nResource aResource, 
                                      boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned. Note that the P13nContextHandler will be retrieved internally in this method.

Parameters

aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
inheritSecurityPolicies
A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).

Returns

True if access is allowed, otherwise false.

isAccessAllowed(P13nResource, P13nContextHandler, boolean) Method

public static boolean isAccessAllowed(P13nResource aResource, 
                                      P13nContextHandler aRequestContext, 
                                      boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned.

Parameters

aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
inheritSecurityPolicies
A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).

Returns

True if access is allowed, otherwise false.

isAccessAllowed(Subject, P13nResource, P13nContextHandler) Method

public static boolean isAccessAllowed(Subject aSubject, 
                                      P13nResource aResource, 
                                      P13nContextHandler aRequestContext)
Evaluates whether access is allowed to an application resource. If no security policy is found for the requested resource, a "grant" is returned.

Parameters

aSubject
The Subject to consider access for.
aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.

Returns

True if access is allowed, otherwise false.

isAccessAllowed(Subject, P13nResource, P13nContextHandler, Map) Method

public static boolean isAccessAllowed(Subject aSubject, 
                                      P13nResource aResource, 
                                      P13nContextHandler aRequestContext, 
                                      Map roles)
Evaluates whether access is allowed to an application resource for the given roles. If no security policy is found for the requested resource, a "grant" is returned.

Parameters

aSubject
The Subject to consider access for.
aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
roles
A Map of role name strings for which the policies are to be evaluated.

Returns

True if access is allowed, otherwise false.

isAccessAllowed(P13nResource, P13nContextHandler, boolean, Map) Method

public static boolean isAccessAllowed(P13nResource aResource, 
                                      P13nContextHandler aRequestContext, 
                                      boolean inheritSecurityPolicies, 
                                      Map roles)
Evaluates whether access is allowed to an application resource for the given roles. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned.

Parameters

aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
inheritSecurityPolicies
A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).
roles
A Map of role name strings for which the policies are to be evaluated.

Returns

True if access is allowed, otherwise false.

isAccessAllowed(P13nResource, P13nContextHandler, Map) Method

public static boolean isAccessAllowed(P13nResource aResource, 
                                      P13nContextHandler aRequestContext, 
                                      Map roles)
Evaluates whether access is allowed to an application resource. If no security policy is found for the requested resource, a "grant" is returned.

Parameters

aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
roles
A map of role name strings for which the policies are to be evaluated.

Returns

True if access is allowed, otherwise false.

isAccessAllowed(Subject, P13nResource, P13nContextHandler, boolean, Map) Method

public static boolean isAccessAllowed(Subject aSubject, 
                                      P13nResource aResource, 
                                      P13nContextHandler aRequestContext, 
                                      boolean inheritSecurityPolicies, 
                                      Map roles)
Evaluates whether access is allowed to an application resource. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned.

Parameters

aSubject
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aResource
The optional subject to check access for. If not provided, current subject on request will be used.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
inheritSecurityPolicies
A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).
roles
List of roles

Returns

True if access is allowed, otherwise false.

isProtectedResource(P13nResource) Method

public static boolean isProtectedResource(P13nResource aResource)
Evaluates whether the given resource is protected by a security policy. This check does not call the RoleMappers so it does not actually evaluate/execute the Security Policy, making it an efficient pre-check.

Parameters

aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.

Returns

True if resource has an scoped/inherited security policy.

isUserInRole(String, P13nResource, P13nContextHandler) Method

public static boolean isUserInRole(String aRoleName, 
                                   P13nResource aResource, 
                                   P13nContextHandler aRequestContext)
Evaluates whether the current user is in a give role

Parameters

aRoleName
The requested role name.
aResource
An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext
The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.

Returns

True if user is in the given role, otherwise false.

isUserInRole(String, Map) Method

public static boolean isUserInRole(String aRoleName, 
                                   Map aRoleMap)
Evaluates whether the current user is in a given precomputed Map of role names.

Parameters

aRoleName
The requested role name.
aRoleMap
A Map of roles as computed by the getRoles() method.

Returns

True if user is in the given role, otherwise false.