Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.5)

Part Number E13941-05

weblogic.security.spi
Interface BulkAccessDecision


public interface BulkAccessDecision

The BulkAccessDecisionV2 security service provider (SSPI) interface for policy enforcement points (PEP) allows support for bulk runtime authorization queries.


Method Summary
 Map<Resource,Result> isAccessAllowed(Subject subject, Map<Resource,Map<String,SecurityRole>> roles, List<Resource> resources, ContextHandler handler, Direction direction)
          Indicates whether the authorization policies defined for the list of resources allow the requested method to be performed, by utilizing the information contained in the subject and context.
 

Method Detail

isAccessAllowed

Map<Resource,Result> isAccessAllowed(Subject subject,
                                     Map<Resource,Map<String,SecurityRole>> roles,
                                     List<Resource> resources,
                                     ContextHandler handler,
                                     Direction direction)
                                     throws InvalidPrincipalException
Indicates whether the authorization policies defined for the list of resources allow the requested method to be performed, by utilizing the information contained in the subject and context.

The isAccessAllowed method may be called both prior to a request and after a request has been processed. An indication of whether the method is being called 1) to determine if the request should be allowed to be dispatched or 2) to determine if the result of request should be allowed to be returned is represented by the value of the direction parameter.

Parameters:
subject - a Subject object containing the identity of the principals that are attempting to perform a request on the specified resource.

roles - a Map of roles (indexed first by resource and then by their names) that are associated with the subject and should be taken into consideration when making the authorization decision.

resources - a list of Resource objects indicating the type of resources on which the subject is attempting to perform a request.

handler - a ContextHandler object that can optionally be used by an Access Decision to obtain additional information that may be used in making the authorization decision. If the caller is unable to provide additional information, a null value should be specified.

direction - a Direction object representing whether the authorization check is being performed prior to processing the requests or after the requests have been processed but before the results have been returned. A value of PRIOR indicates that the authorization check is being requested to prior to processing the request. A value of POST indicates that the authorization check is being requested after the request has been processed but before the results have been returned. A value of ONCE indicates that the authorization check is being done once. isAccessAllowed uses the direction to give it some indication as to which parameters to request (in or out) in the ContextHandler.

Returns:
a Map of indications (indexed by Resource) of whether the authorization policies defined for the resources allow the requested methods to be performed. For each resource in the input list, a return value of PERMIT indicates that the specified subject has permission to perform the operation. A return value of DENY indicates that the specified subject should not be allowed to perform the operation on the matching resource index in the input list. A value of ABSTAIN indicates that an explicit decision to either permit or deny the requested method could not be determined.

Throws:
InvalidPrincipalException - if the principal has become invalid (possibly because the principal has been deleted from the system while there was an active subject with that principal).

Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.5)

Part Number E13941-05