|
Copyright © 2000, 2009, Oracle and/or its affiliates. All rights reserved. | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.bea.p13n.entitlements.Authorization
public class Authorization
The Authorization class provides runtime methods for security policy checks. The runtime authorization checks utilize the SecurityServiceManager to retrieve the RoleManager and AuthorizationManager. These managers perform runtime checks against all configured Authorization and RoleMapping providers while determining applicable roles and policies.
Constructor Summary | |
---|---|
Authorization()
|
Method Summary | |
---|---|
static Map |
getRoles(P13nResource aResource)
Evaluates and returns the role names for which the current user evaluates truely. |
static Map |
getRoles(P13nResource aResource,
P13nContextHandler aRequestContext)
Evaluates and returns the role names for which the current user evaluates truely. |
static boolean |
isAccessAllowed(P13nResource aResource)
Evaluates whether access is allowed to an application resource. |
static boolean |
isAccessAllowed(P13nResource aResource,
boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource. |
static boolean |
isAccessAllowed(P13nResource aResource,
P13nContextHandler aRequestContext)
Evaluates whether access is allowed to an application resource. |
static boolean |
isAccessAllowed(P13nResource aResource,
P13nContextHandler aRequestContext,
boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource. |
static boolean |
isAccessAllowed(P13nResource aResource,
P13nContextHandler aRequestContext,
boolean inheritSecurityPolicies,
Map roles)
Evaluates whether access is allowed to an application resource for the given roles. |
static boolean |
isAccessAllowed(P13nResource aResource,
P13nContextHandler aRequestContext,
Map roles)
Evaluates whether access is allowed to an application resource. |
static boolean |
isAccessAllowed(Subject aSubject,
P13nResource aResource,
P13nContextHandler aRequestContext)
Evaluates whether access is allowed to an application resource. |
static boolean |
isAccessAllowed(Subject aSubject,
P13nResource aResource,
P13nContextHandler aRequestContext,
boolean inheritSecurityPolicies)
Evaluates whether access is allowed to an application resource. |
static boolean |
isAccessAllowed(Subject aSubject,
P13nResource aResource,
P13nContextHandler aRequestContext,
boolean inheritSecurityPolicies,
Map roles)
Evaluates whether access is allowed to an application resource. |
static boolean |
isAccessAllowed(Subject aSubject,
P13nResource aResource,
P13nContextHandler aRequestContext,
Map roles)
Evaluates whether access is allowed to an application resource for the given roles. |
static boolean |
isProtectedResource(P13nResource aResource)
Evaluates whether the given resource is protected by a security policy. |
static boolean |
isUserInRole(String aRoleName,
Map aRoleMap)
Evaluates whether the current user is in a given precomputed Map of role names. |
static boolean |
isUserInRole(String aRoleName,
P13nResource aResource,
P13nContextHandler aRequestContext)
Evaluates whether the current user is in a give role |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public Authorization()
Method Detail |
---|
public static Map getRoles(P13nResource aResource, P13nContextHandler aRequestContext)
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
public static Map getRoles(P13nResource aResource)
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
public static boolean isAccessAllowed(P13nResource aResource)
P13nContextHandler
will be retrieved internally in this method.
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
public static boolean isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext)
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
public static boolean isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies)
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aSubject
- The optional subject to check access for. If
not provided, current subject on request will be used.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).
public static boolean isAccessAllowed(P13nResource aResource, boolean inheritSecurityPolicies)
P13nContextHandler
will be retrieved internally in this method.
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).
public static boolean isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies)
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).
public static boolean isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext)
aSubject
- The Subject to consider access for.aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
public static boolean isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, Map roles)
aSubject
- The Subject to consider access for.aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.roles
- A Map of role name strings for which the policies are
to be evaluated.
public static boolean isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies, Map roles)
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).roles
- A Map of role name strings for which the policies are
to be evaluated.
public static boolean isAccessAllowed(P13nResource aResource, P13nContextHandler aRequestContext, Map roles)
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.roles
- A map of role name strings for which the policies are
to be evaluated.
public static boolean isAccessAllowed(Subject aSubject, P13nResource aResource, P13nContextHandler aRequestContext, boolean inheritSecurityPolicies, Map roles)
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aSubject
- The optional subject to check access for. If
not provided, current subject on request will be used.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.inheritSecurityPolicies
- A flag indicating whether
all scoped security policies should be checked (true) or
whether a normal access check (first available policy)
should be done (false).roles
- List of roles
public static boolean isUserInRole(String aRoleName, P13nResource aResource, P13nContextHandler aRequestContext)
aRoleName
- The requested role name.aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.aRequestContext
- The optional input object containing
supplemental information for role mappping and authorization
providers. Must be valid if any role policies are dependent
on a custom predicate for their evaluation. If potential
roles contain an ExpressionPredicate, aRequestContext must
contain an EntitlementRequest.
public static boolean isUserInRole(String aRoleName, Map aRoleMap)
aRoleName
- The requested role name.aRoleMap
- A Map of roles as computed by the getRoles()
method.
public static boolean isProtectedResource(P13nResource aResource)
aResource
- An instance of a P13n resource from the
com.bea.p13n.entitlements.resource package. This object
identifies the resource for which scoped roles will
drawn from.
|
Copyright © 2000, 2009, Oracle and/or its affiliates. All rights reserved. | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |