Oracle Entitlements Server for Java API Reference

com.bea.security
Class AuthorizationService

java.lang.Object
  |
  +--com.bea.security.PublicSecurityService
        |
        +--com.bea.security.AuthorizationService

public class AuthorizationService

extends PublicSecurityService

The authorization service is a service that allows an application to determine if a specific identity is permitted to access a specific resource.

Author:

Copyright © 2004-2008, Oracle and/or its affiliates. All rights reserved.

Field Summary

static java.lang.String	ATTR_CACHE_ENTRIES_KEY Key for retrieving current number of entries in attribute cache from the Map, returned by the getStatistics method.
static java.lang.String	ATTR_CACHE_HITS_KEY Key for retrieving total number of attribute cache hits from the Map, returned by the getStatistics method.
static java.lang.String	ATTR_CACHE_QUERIES_KEY Key for retrieving the total number of requests to attribute cache from the Map, returned by the getStatistics method.
static java.lang.String	ATZ_CACHE_ENTRIES_KEY Key for retrieving current number of entries in authorization cache from the Map, returned by the getStatistics method.
static java.lang.String	ATZ_CACHE_HITS_KEY Key for retrieving total number of authorization cache hits from the Map, returned by the getStatistics method.
static java.lang.String	ATZ_CACHE_QUERIES_KEY Key for retrieving the total number of requests to authorization cache from the Map, returned by the getStatistics method.
static java.lang.String	FLUSH_ATTR_CACHE_OPT Options value which indicates that the attribute cache should be flushed.
static java.lang.String	FLUSH_ATZ_CACHE_OPT Options value which indicates that the authorization cache should be flushed.
static int	ONCE Indicates that an authorization query will only be asked once for a resource and action.
static int	POST Indicates that an authorization query is being asked after a resource is aquired, but before it has been processed or presented.
static int	PRIOR Indicates that an authorization query is being asked before a resource is aquired.
static java.lang.String	QUERY_ATTR_CACHE_STATISTICS_OPT Options value which indicates that the attribute cache should be queried for statistics.
static java.lang.String	QUERY_ATZ_CACHE_STATISTICS_OPT Options value which indicates that the authorization cache should be queried for statistics.

Fields inherited from class com.bea.security.PublicSecurityService

COMPATIBLE, COMPATIBLE_DEPRECATED, COMPATIBLE_UNKNOWN, NOT_COMPATIBLE

Method Summary

void	flushCache(java.lang.String[] options) Removes all entries from the OOTB attributes cache and flushes its statistics.
void	flushCacheByUser(java.lang.String[] options, java.lang.String userID) Removes entries for the user, identified by the userID parameter.
ServiceType	getServiceType() Indicates this service's type.
java.util.Map	getStatistics(java.lang.String[] options) Returns current statistics for the provider.
ServiceVersion	getVersion() Indicates this service's version.
AccessResult	isAccessAllowed_Debug(AuthenticIdentity ident, RuntimeResource resource, RuntimeAction action, AppContext context, DebugInfo debugInfo) Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action.
ExtendedAccessResult	isAccessAllowed(AuthenticIdentity ident, ResourceAction resourceAction) Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action.
ExtendedAccessResult	isAccessAllowed(AuthenticIdentity ident, ResourceAction resourceAction, AppContext context, boolean isResponseAttrRequired) Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action.
AccessResult	isAccessAllowed(AuthenticIdentity ident, RuntimeResource resource, RuntimeAction action) Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action.
AccessResult	isAccessAllowed(AuthenticIdentity ident, RuntimeResource resource, RuntimeAction action, AppContext context) Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action.
AccessResult	isAccessAllowed(AuthenticIdentity ident, RuntimeResource resource, RuntimeAction action, AppContext context, int direction) Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action.
boolean	isAuthenticationRequired(RuntimeResource resource, RuntimeAction action) Determines if a resource and action requires authentication before it is accessed.
java.util.List	isBulkAccessAllowed(AuthenticIdentity ident, java.util.List resourceActions) Determines if an AuthenticIdentity is permitted on a list of resource action pairs.
java.util.List	isBulkAccessAllowed(AuthenticIdentity ident, java.util.List resourceActions, AppContext context, boolean isResponseAttrRequired) Determines if an AuthenticIdentity is permitted on a list of resource action pairs.
java.util.List	isChildResourceAccessAllowed(AuthenticIdentity ident, ResourceAction resourceAction) Determines if an AuthenticIdentity is permitted to access all child resources under a specific resource (including the resource itself) with a specific action.
java.util.List	isChildResourceAccessAllowed(AuthenticIdentity ident, ResourceAction resourceAction, AppContext context, boolean isResponseAttrRequired) Determines if an AuthenticIdentity is permitted to access all child resources under a specific resource (including the resource itself) with a specific action.
int	isCompatible(ServiceVersion version) Determines if the version of the public service API specified in the Java application is compatible with the current version of the service API in the security runtime instance.
java.util.List	queryActionsOnChildResource(AuthenticIdentity ident, RuntimeResource resourceClippingNode, java.util.List requestedActions, AppContext context) Query set of allowed and denied actions for the AuthenticIdentity on the resource clipping node and all child nodes of this node.
RuntimeEntitlement	queryActionsOnResource(AuthenticIdentity ident, RuntimeResource resource, java.util.List requestedActions, AppContext context) Query set of allowed and denied actions for the AuthenticIdentity on a specific resource.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ATTR_CACHE_HITS_KEY

public static final java.lang.String ATTR_CACHE_HITS_KEY

Key for retrieving total number of attribute cache hits from the Map, returned by the getStatistics method.

See Also:

getStatistics(java.lang.String[])

ATTR_CACHE_ENTRIES_KEY

public static final java.lang.String ATTR_CACHE_ENTRIES_KEY

Key for retrieving current number of entries in attribute cache from the Map, returned by the getStatistics method.

See Also:

getStatistics(java.lang.String[])

ATTR_CACHE_QUERIES_KEY

public static final java.lang.String ATTR_CACHE_QUERIES_KEY

Key for retrieving the total number of requests to attribute cache from the Map, returned by the getStatistics method.

See Also:

getStatistics(java.lang.String[])

ATZ_CACHE_HITS_KEY

public static final java.lang.String ATZ_CACHE_HITS_KEY

Key for retrieving total number of authorization cache hits from the Map, returned by the getStatistics method.

See Also:

getStatistics(java.lang.String[])

ATZ_CACHE_ENTRIES_KEY

public static final java.lang.String ATZ_CACHE_ENTRIES_KEY

Key for retrieving current number of entries in authorization cache from the Map, returned by the getStatistics method.

See Also:

getStatistics(java.lang.String[])

ATZ_CACHE_QUERIES_KEY

public static final java.lang.String ATZ_CACHE_QUERIES_KEY

Key for retrieving the total number of requests to authorization cache from the Map, returned by the getStatistics method.

See Also:

getStatistics(java.lang.String[])

QUERY_ATZ_CACHE_STATISTICS_OPT

public static final java.lang.String QUERY_ATZ_CACHE_STATISTICS_OPT

Options value which indicates that the authorization cache should be queried for statistics.

See Also:

getStatistics(java.lang.String[])

QUERY_ATTR_CACHE_STATISTICS_OPT

public static final java.lang.String QUERY_ATTR_CACHE_STATISTICS_OPT

Options value which indicates that the attribute cache should be queried for statistics.

See Also:

getStatistics(java.lang.String[])

FLUSH_ATZ_CACHE_OPT

public static final java.lang.String FLUSH_ATZ_CACHE_OPT

Options value which indicates that the authorization cache should be flushed.

See Also:

flushCache(java.lang.String[]), flushCacheByUser(java.lang.String[], java.lang.String)

FLUSH_ATTR_CACHE_OPT

public static final java.lang.String FLUSH_ATTR_CACHE_OPT

Options value which indicates that the attribute cache should be flushed.

See Also:

flushCache(java.lang.String[]), flushCacheByUser(java.lang.String[], java.lang.String)

ONCE

public static final int ONCE

Indicates that an authorization query will only be asked once for a resource and action.

PRIOR

public static final int PRIOR

Indicates that an authorization query is being asked before a resource is aquired.

POST

public static final int POST

Indicates that an authorization query is being asked after a resource is aquired, but before it has been processed or presented.

Method Detail

getServiceType

public ServiceType getServiceType()

Indicates this service's type.

Returns:

a ServiceType object indicating this service's type.

Overrides:

getServiceType in class PublicSecurityService

getVersion

public ServiceVersion getVersion()

Indicates this service's version.

Returns:

a ServiceVersion indicating the service version number and patch level.

Overrides:

getVersion in class PublicSecurityService

isCompatible

public int isCompatible(ServiceVersion version)

Determines if the version of the public service API specified in the Java application is compatible with the current version of the service API in the security runtime instance.

Parameters:

version - a ServiceVersion which is being asked for by the Java application. The current service, that is, the service in the security runtime instance, will indiciate if it supports the version specified in the isCompatible() method.

Returns:

an int equaling NOT_COMPATIBLE if the service is not compatible with the supplied version, COMPATIBLE if the service is fully compatible, COMPATIBLE_DEPRECATED if the service is compatible, but some functions have been depricated between the versions, or, finally, COMPATIBLE_UNKNOWN if the version passed in is newer than the current version, so compatibility is unknown.

Overrides:

isCompatible in class PublicSecurityService

getStatistics

public java.util.Map getStatistics(java.lang.String[] options)
                            throws ParameterException

Returns current statistics for the provider. The following entries for authorization and attribute caches are returned by default: - number of cache hits for the session or since the latest flush
- total number of entries currently in the cache
- total number of cache queries in this session or since the latest flush

Parameters:

options - Used for specifying the types of statistics, which should be returned. Options include Authorization Cache and Attribute cache (see appropriate constant definitions). If NULL or empty array is passed, all entries are retrieved.

Returns:

A java.util.Map, containing the desired statistcis, or NULL, if it could not be retrieved. The map, if returned, will contain the following entries: total cache hit number: is an object of java.lang.Long
total cache query number: is an object of java.lang.Long
total cache entries: is an object of java.lang.Long
Use const keys to get cache statistics.

Throws:

ParameterException - This exception is thrown if a parameter passed in contains an invalid option.

See Also:

QUERY_ATTR_CACHE_STATISTICS_OPT, QUERY_ATZ_CACHE_STATISTICS_OPT, ATTR_CACHE_HITS_KEY, ATTR_CACHE_QUERIES_KEY, ATTR_CACHE_ENTRIES_KEY, ATZ_CACHE_HITS_KEY, ATZ_CACHE_QUERIES_KEY, ATZ_CACHE_ENTRIES_KEY

flushCache

public void flushCache(java.lang.String[] options)
                throws ParameterException

Removes all entries from the OOTB attributes cache and flushes its statistics.

Throws:

ParameterException - This exception is thrown if a parameter passed in contains an invalid option.

flushCacheByUser

public void flushCacheByUser(java.lang.String[] options,
                             java.lang.String userID)
                      throws ParameterException

Removes entries for the user, identified by the userID parameter.

Parameters:

userID - User, whose cache entries are to be reset. Should be a valid name (not NULL and of positive length). The name should be in the short format and not include directory, i.e. "system" and not "//user/asi/system/"

Throws:

java.lang.IllegalArgumentException - If NULL or empty user ID is passed.

isAccessAllowed

public AccessResult isAccessAllowed(AuthenticIdentity ident,
                                    RuntimeResource resource,
                                    RuntimeAction action)
                             throws IdentityNotAuthenticException,
                                    ParameterException

Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action. The application context is not taken into account for this decision. The direction parameter, which cannot be specified using this version of this method, is set to ONCE by default.

Parameters:

ident - an AuthenticIdentity that is asking permission to access a resource with an action.

resource - the RuntimeResource that is being checked for permission.

action - the RuntimeAction to be performed on the resource.

Returns:

an AccessResult which encodes if the AuthenticIdentity has permission to access this resource or not.

Throws:

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

ParameterException - This exception is thrown if a parameter passed in is invalid.

isAccessAllowed_Debug

public AccessResult isAccessAllowed_Debug(AuthenticIdentity ident,
                                          RuntimeResource resource,
                                          RuntimeAction action,
                                          AppContext context,
                                          DebugInfo debugInfo)
                                   throws IdentityNotAuthenticException,
                                          ParameterException

Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action. The application context is also taken into account for this decision. The direction parameter, which cannot be specified using this version of this method, is set to ONCE by default. This API is only supported on java-ssm

Parameters:

ident - an AuthenticIdentity that is asking permission to access a resource.

resource - the RuntimeResource that is being checked for permission.

action - the RuntimeAction to be performed on the resource.

context - an object with an AppContext interface containing name/value pairs relevant to this application's current context. Providers may use the values in this context to help determine the answer to this query.

debugInfo - the DebugInfo to store the results

Returns:

an AccessResult which encodes if the AuthenticIdentity has permission to access this resource or not.

Throws:

IdentityNotAuthenticException - An IdentityNotAuthenticException is thrown if the identity provides is invalid or not properly authenticated.

ParameterException - This exception is thrown if a parameter passed in is invalid.

isAccessAllowed

public AccessResult isAccessAllowed(AuthenticIdentity ident,
                                    RuntimeResource resource,
                                    RuntimeAction action,
                                    AppContext context)
                             throws IdentityNotAuthenticException,
                                    ParameterException

Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action. The application context is also taken into account for this decision. The direction parameter, which cannot be specified using this version of this method, is set to ONCE by default.

Parameters:

ident - an AuthenticIdentity that is asking permission to access a resource.

resource - the RuntimeResource that is being checked for permission.

action - the RuntimeAction to be performed on the resource.

context - an object with an AppContext interface containing name/value pairs relevant to this application's current context. Providers may use the values in this context to help determine the answer to this query.

Returns:

an AccessResult which encodes if the AuthenticIdentity has permission to access this resource or not.

Throws:

IdentityNotAuthenticException - An IdentityNotAuthenticException is thrown if the identity provides is invalid or not properly authenticated.

ParameterException - This exception is thrown if a parameter passed in is invalid.

isAccessAllowed

public AccessResult isAccessAllowed(AuthenticIdentity ident,
                                    RuntimeResource resource,
                                    RuntimeAction action,
                                    AppContext context,
                                    int direction)
                             throws ParameterException,
                                    IdentityNotAuthenticException

Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action. The application context is also taken into account for this decision.

Parameters:

ident - an AuthenticIdentity that is asking permission to access a resource.

resource - the RuntimeResource that is being checked for permission.

action - the RuntimeAction to be performed on the resource.

context - an object with an AppContext interface containing name/value pairs relevant to this application's current context. Providers may use the values in this context to help determine the answer to this query.

direction - determines how this access request is processed. This parameter can be set to PRIOR, POST, or ONCE. PRIOR indicates that this access request is to be evaluated before the resource is acquired, POST indicates that this access request is to be evaluated after the resource is required, and ONCE indicates that this access request is to be evaluated only once. An application may use the PRIOR and POST parameters in cases where an AuthenticIdentity may be permitted to acquire a resource prior to using it, but then may not be permitted to use it after it is acquired.

Returns:

an AccessResult which encodes if the Identity has permission to access this resource or not.

Throws:

ParameterException - This exception is thrown if a parameter passed in is invalid.

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

isAuthenticationRequired

public boolean isAuthenticationRequired(RuntimeResource resource,
                                        RuntimeAction action)
                                 throws ParameterException

Determines if a resource and action requires authentication before it is accessed. This method is only relevant in the case of an unauthenticated (anonymous) user.

Parameters:

resource - a RuntimeResource that indicates the resource in question.

action - a RuntimeAction that indicates the action in question.

Returns:

a true if this resource and action requires the application to authenticate the user and do an isAccessAllowed call to determine the final access decision. A false if this resource and action does not require authentication. In the event no authentication is required, isAccessAllowed need not be called and the application can allow the action on the resource in question.

Throws:

ParameterException - This exception is thrown if a parameter passed in is invalid.

queryActionsOnResource

public RuntimeEntitlement queryActionsOnResource(AuthenticIdentity ident,
                                                 RuntimeResource resource,
                                                 java.util.List requestedActions,
                                                 AppContext context)
                                          throws ParameterException,
                                                 IdentityNotAuthenticException,
                                                 MissingAttributeException

Query set of allowed and denied actions for the AuthenticIdentity on a specific resource. If the application context is not null, it will be taken into account for this query.

Parameters:

ident - an AuthenticIdentity that is asking queries on a resource.

resource - the RuntimeResource that is being checked for this query.

requestedActions - a collection of RuntimeAction object, which lists the actions the application is interested in. If the collection is not null or empty, ALES runtime will check user��s privileges only for these actions.

context - an object with an AppContext interface containing name/value pairs relevant to this application's current context. If the context is not null, providers may use the values in this context to help determine the answer to this query.

Returns:

an RuntimeEntitlement object, which encodes the allowed and denied actions for the ident on the resource. null means error happened in runtime.

Throws:

ParameterException - This exception is thrown if a parameter passed in is invalid.

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

MissingAttributeException - This exception is thrown if certain attributes, required by runtime, are missing during query actions

queryActionsOnChildResource

public java.util.List queryActionsOnChildResource(AuthenticIdentity ident,
                                                  RuntimeResource resourceClippingNode,
                                                  java.util.List requestedActions,
                                                  AppContext context)
                                           throws ParameterException,
                                                  IdentityNotAuthenticException,
                                                  MissingAttributeException

Query set of allowed and denied actions for the AuthenticIdentity on the resource clipping node and all child nodes of this node. If the application context is not null, it will be taken into account for this query.

Parameters:

ident - an AuthenticIdentity that is asking queries on a resource clipping node.

resourceClippingNode - the resource clipping node.

requestedActions - a collection of RuntimeAction object, which lists the actions the application is interested in. If the collection is not null or empty, ALES runtime will check user��s privileges only for these actions.

context - an object with an AppContext interface containing name/value pairs relevant to this application's current context. If the context is not null, providers may use the values in this context to help determine the answer to this query.

Returns:

a List of RuntimeEntitlement object. Each object represents one resource and the allowed and denied actions for the ident on the resource. The List is ordered by the resource name. null means error happened in runtime.

Throws:

ParameterException - This exception is thrown if a parameter passed in is invalid.

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

MissingAttributeException - This exception is thrown if certain attributes, required by runtime, are missing during query actions on child resource

isAccessAllowed

public ExtendedAccessResult isAccessAllowed(AuthenticIdentity ident,
                                            ResourceAction resourceAction)
                                     throws IdentityNotAuthenticException,
                                            ParameterException

Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action. The application context is not taken into account for this decision. The method returns an ExtendedAccessResult object without response attributes.

Parameters:

ident - an AuthenticIdentity that is asking permission on a list of resource action pair.

resourceAction - the ResourceAction that is used for authorization.

Returns:

an ExtendedAccessResult which encodes if the AuthenticIdentity has permission to access this resource or not.

Throws:

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

ParameterException - This exception is thrown if a parameter passed in is invalid.

isAccessAllowed

public ExtendedAccessResult isAccessAllowed(AuthenticIdentity ident,
                                            ResourceAction resourceAction,
                                            AppContext context,
                                            boolean isResponseAttrRequired)
                                     throws IdentityNotAuthenticException,
                                            ParameterException

Determines if an AuthenticIdentity is permitted to access a specific resource with a specific action. The application context is also taken into account for this decision. The method returns an ExtendedAccessResult object.

Parameters:

ident - an AuthenticIdentity that is asking permission on a list of resource action pair.

resourceAction - the ResourceAction that is used for authorization.

context - an object with an AppContext interface containing name/value pairs relevant to this application's current context. Providers may use the values in this context to help determine the answer to this query.

isResponseAttrRequired - a flag to control if response attributes are returned in ExtendedAccessResult object. If the value is true, response attributes are set in ExtendedAccessResult object, otherwise, response attributes are not in the object.

Returns:

an ExtendedAccessResult which encodes if the AuthenticIdentity has permission to access this resource or not.

Throws:

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

ParameterException - This exception is thrown if a parameter passed in is invalid.

isBulkAccessAllowed

public java.util.List isBulkAccessAllowed(AuthenticIdentity ident,
                                          java.util.List resourceActions)
                                   throws IdentityNotAuthenticException,
                                          ParameterException

Determines if an AuthenticIdentity is permitted on a list of resource action pairs. The application context is not taken into account for this decision. The return result contains ExtendedAccessResult for each ResourceAction with the same order. Note that no response attributes are returned with this method. If an exception is caught for a resource/action pair, the exception will be thrown out of the method with the resource/action information.

Parameters:

ident - an AuthenticIdentity that is asking permission on a list of resource action pair.

resourceActions - an list of ResourceAction that is being checked for permission.

Returns:

a list of ExtendedAccessResult which contains the authorization results with the same order of resourceActions.

Throws:

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

ParameterException - This exception is thrown if a parameter passed in is invalid.

isBulkAccessAllowed

public java.util.List isBulkAccessAllowed(AuthenticIdentity ident,
                                          java.util.List resourceActions,
                                          AppContext context,
                                          boolean isResponseAttrRequired)
                                   throws IdentityNotAuthenticException,
                                          ParameterException

Determines if an AuthenticIdentity is permitted on a list of resource action pairs. The application context is taken into account for this decision. The return result contains ExtendedAccessResult for each ResourceAction with the same order. If an exception is caught for a resource/action pair, the exception will be thrown out of the method with the resource/action information.

Parameters:

ident - an AuthenticIdentity that is asking permission on a list of resource action pair.

resourceActions - an list of ResourceAction that is being checked for permission.

context - an object with an AppContext interface containing name/value pairs relevant to this application's current context. Providers may use the values in this context to help determine the answer to this query.

isResponseAttrRequired - a flag to control if response attributes are returned in ExtendedAccessResult object. If the value is true, response attributes are set in ExtendedAccessResult object, otherwise, response attributes are not in the object.

Returns:

a list of ExtendedAccessResult which contains the authorization results with the same order of resourceActions.

Throws:

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

ParameterException - This exception is thrown if a parameter passed in is invalid.

isChildResourceAccessAllowed

public java.util.List isChildResourceAccessAllowed(AuthenticIdentity ident,
                                                   ResourceAction resourceAction)
                                            throws IdentityNotAuthenticException,
                                                   ParameterException

Determines if an AuthenticIdentity is permitted to access all child resources under a specific resource (including the resource itself) with a specific action. The application context is not taken into account for this decision. If an exception is caught for a resource/action pair, the exception will be thrown out of the method with the resource/action information.

Parameters:

ident - an AuthenticIdentity that is asking permission on a list of resource action pair.

resourceAction - an ResourceAction object that is being checked for permission.

Returns:

a list of ExtendedAccessResult objects.

Throws:

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

ParameterException - This exception is thrown if a parameter passed in is invalid.

isChildResourceAccessAllowed

public java.util.List isChildResourceAccessAllowed(AuthenticIdentity ident,
                                                   ResourceAction resourceAction,
                                                   AppContext context,
                                                   boolean isResponseAttrRequired)
                                            throws IdentityNotAuthenticException,
                                                   ParameterException

Determines if an AuthenticIdentity is permitted to access all child resources under a specific resource (including the resource itself) with a specific action. The application context is taken into account for this decision. If an exception is caught for a resource/action pair, the exception will be thrown out of the method with the resource/action information.

Parameters:

ident - an AuthenticIdentity that is asking permission on a list of resource action pair.

resourceAction - an ResourceAction object that is being checked for permission.

context - an object with an AppContext interface containing name/value pairs relevant to this application's current context. Providers may use the values in this context to help determine the answer to this query.

isResponseAttrRequired - a flag to control if response attributes are returned in ExtendedAccessResult object. If the value is true, response attributes are set in ExtendedAccessResult object, otherwise, response attributes are not in the object.

Returns:

a list of ExtendedAccessResult objects.

Throws:

IdentityNotAuthenticException - This exception is thrown if the identity provided is invalid or not properly authenticated.

ParameterException - This exception is thrown if a parameter passed in is invalid.