Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.bea.p13n.entitlements
Class Authorization

java.lang.Object
  extended by com.bea.p13n.entitlements.Authorization

public class Authorization
extends Object

The Authorization class provides runtime methods for security policy checks. The runtime authorization checks utilize the SecurityServiceManager to retrieve the RoleManager and AuthorizationManager. These managers perform runtime checks against all configured Authorization and RoleMapping providers while determining applicable roles and policies.

Constructor Summary
Authorization()
           
 
Method Summary
static Map getRoles(P13nResource aResource)
          Evaluates and returns the role names for which the current user evaluates truely.
static Map getRoles(P13nResource aResource, P13nContextHandler aRequestContext)
          Evaluates and returns the role names for which the current user evaluates truely.
static boolean isAccessAllowed(P13nResource aResource)
          Evaluates whether access is allowed to an application resource.
static boolean isAccessAllowed(P13nResource aResource, boolean inheritSecurityPolicies)
          Evaluates whether access is allowed to an application resource.
static boolean isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext)
          Evaluates whether access is allowed to an application resource.
static boolean isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies)
          Evaluates whether access is allowed to an application resource.
static boolean isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies, Map roles)
          Evaluates whether access is allowed to an application resource for the given roles.
static boolean isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext, Map roles)
          Evaluates whether access is allowed to an application resource.
static boolean isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext)
          Evaluates whether access is allowed to an application resource.
static boolean isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies)
          Evaluates whether access is allowed to an application resource.
static boolean isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies, Map roles)
          Evaluates whether access is allowed to an application resource.
static boolean isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, Map roles)
          Evaluates whether access is allowed to an application resource for the given roles.
static boolean isProtectedResource(P13nResource aResource)
          Evaluates whether the given resource is protected by a security policy.
static boolean isUserInRole(String aRoleName, Map aRoleMap)
          Evaluates whether the current user is in a given precomputed Map of role names.
static boolean isUserInRole(String aRoleName, P13nResource aResource, P13nContextHandler aRequestContext)
          Evaluates whether the current user is in a give role
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Authorization

public Authorization()
Method Detail

getRoles

public static Map getRoles(P13nResource aResource,
                           P13nContextHandler aRequestContext)
Evaluates and returns the role names for which the current user evaluates truely. Potential roles are determine by the type of P13nResource subclass passed to this method

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
Returns
A Map of role name strings.

getRoles

public static Map getRoles(P13nResource aResource)
Evaluates and returns the role names for which the current user evaluates truely. Potential roles are determine by the type of P13nResource subclass passed to this method. Note that since no P13nContextHandler is passed to this method, no roles including optional expressions will evaluated truely.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
Returns
A Map of role name strings.

isAccessAllowed

public static boolean isAccessAllowed(P13nResource aResource)
Evaluates whether access is allowed to an application resource. If no security policy is found for the requested resource, a "grant" is returned. Note that the P13nContextHandler will be retrieved internally in this method.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
Returns
True if access is allowed, otherwise false.

isAccessAllowed

public static boolean isAccessAllowed(P13nResource aResource,
                                      P13nContextHandler aRequestContext)
Evaluates whether access is allowed to an application resource. If no security policy is found for the requested resource, a "grant" is returned.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
Returns
True if access is allowed, otherwise false.

isAccessAllowed

public static boolean isAccessAllowed(Subject aSubject,
                                      P13nResource aResource,
                                      P13nContextHandler aRequestContext,
                                      boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aSubject - The optional subject to check access for. If not provided, current subject on request will be used.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
inheritSecurityPolicies - A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).
Returns
True if access is allowed, otherwise false.

isAccessAllowed

public static boolean isAccessAllowed(P13nResource aResource,
                                      boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned. Note that the P13nContextHandler will be retrieved internally in this method.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
inheritSecurityPolicies - A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).
Returns
True if access is allowed, otherwise false.

isAccessAllowed

public static boolean isAccessAllowed(P13nResource aResource,
                                      P13nContextHandler aRequestContext,
                                      boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
inheritSecurityPolicies - A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).
Returns
True if access is allowed, otherwise false.

isAccessAllowed

public static boolean isAccessAllowed(Subject aSubject,
                                      P13nResource aResource,
                                      P13nContextHandler aRequestContext)
Evaluates whether access is allowed to an application resource. If no security policy is found for the requested resource, a "grant" is returned.

Parameters
aSubject - The Subject to consider access for.
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
Returns
True if access is allowed, otherwise false.

isAccessAllowed

public static boolean isAccessAllowed(Subject aSubject,
                                      P13nResource aResource,
                                      P13nContextHandler aRequestContext,
                                      Map roles)
Evaluates whether access is allowed to an application resource for the given roles. If no security policy is found for the requested resource, a "grant" is returned.

Parameters
aSubject - The Subject to consider access for.
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
roles - A Map of role name strings for which the policies are to be evaluated.
Returns
True if access is allowed, otherwise false.

isAccessAllowed

public static boolean isAccessAllowed(P13nResource aResource,
                                      P13nContextHandler aRequestContext,
                                      boolean inheritSecurityPolicies,
                                      Map roles)
Evaluates whether access is allowed to an application resource for the given roles. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
inheritSecurityPolicies - A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).
roles - A Map of role name strings for which the policies are to be evaluated.
Returns
True if access is allowed, otherwise false.

isAccessAllowed

public static boolean isAccessAllowed(P13nResource aResource,
                                      P13nContextHandler aRequestContext,
                                      Map roles)
Evaluates whether access is allowed to an application resource. If no security policy is found for the requested resource, a "grant" is returned.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
roles - A map of role name strings for which the policies are to be evaluated.
Returns
True if access is allowed, otherwise false.

isAccessAllowed

public static boolean isAccessAllowed(Subject aSubject,
                                      P13nResource aResource,
                                      P13nContextHandler aRequestContext,
                                      boolean inheritSecurityPolicies,
                                      Map roles)
Evaluates whether access is allowed to an application resource. Allows all inherited security policies to be considered until a "grant" decision is returned, or until there are no more polices to be evaluated. If no security policy is found for the requested resource, a "deny" is returned.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aSubject - The optional subject to check access for. If not provided, current subject on request will be used.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
inheritSecurityPolicies - A flag indicating whether all scoped security policies should be checked (true) or whether a normal access check (first available policy) should be done (false).
roles - List of roles
Returns
True if access is allowed, otherwise false.

isUserInRole

public static boolean isUserInRole(String aRoleName,
                                   P13nResource aResource,
                                   P13nContextHandler aRequestContext)
Evaluates whether the current user is in a give role

Parameters
aRoleName - The requested role name.
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
aRequestContext - The optional input object containing supplemental information for role mappping and authorization providers. Must be valid if any role policies are dependent on a custom predicate for their evaluation. If potential roles contain an ExpressionPredicate, aRequestContext must contain an EntitlementRequest.
Returns
True if user is in the given role, otherwise false.

isUserInRole

public static boolean isUserInRole(String aRoleName,
                                   Map aRoleMap)
Evaluates whether the current user is in a given precomputed Map of role names.

Parameters
aRoleName - The requested role name.
aRoleMap - A Map of roles as computed by the getRoles() method.
Returns
True if user is in the given role, otherwise false.

isProtectedResource

public static boolean isProtectedResource(P13nResource aResource)
Evaluates whether the given resource is protected by a security policy. This check does not call the RoleMappers so it does not actually evaluate/execute the Security Policy, making it an efficient pre-check.

Parameters
aResource - An instance of a P13n resource from the com.bea.p13n.entitlements.resource package. This object identifies the resource for which scoped roles will drawn from.
Returns
True if resource has an scoped/inherited security policy.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2000, 2008, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates.
Other names may be trademarks of their respective owners.