BEA Systems, Inc.
Interface RoleMapper

public interface RoleMapper

The RoleMapper interface defines the security service provider interface (SSPI) for objects capable of obtaining the appropriate set of roles for a particular resource that has been granted to a specific subject.

An implementation of the RoleMapper interface is the part of a Role Mapping provider that must return a role as a form of principal. Implementations are free to extend the format of a role beyond that of a principal to include other representations such as permissions or permission collections.

A Role Mapping provider can utilize the ContextHandler interface to retrieve other information about the context of the request in which it is called, such as the value of parameters. A Role Mapping provider must know the names of the parameters and the data types of the associated values in order to utilize this feature. If the value of the handler parameter is null, this indicates that the caller was unwilling or unable to provide access to additional information.

A Role Mapping provider must implement the two built-in groups: "users" and "everyone". All subjects are members of the "everyone" group and all non-anonymous subjects (that is, subjects with one or more principals) are members of the "users" group.

Method Summary
 Map getRoles(Subject subject, Resource resource, ContextHandler handler)
          Indicates whether the authorization policies defined for the resource allow the requested method to be performed.

Method Detail


Map getRoles(Subject subject,
             Resource resource,
             ContextHandler handler)
Indicates whether the authorization policies defined for the resource allow the requested method to be performed.

subject - a Subject object containing the identity of the principals that are attempting to perform a request on the specified resource.

resource - a Resource object indicating the type of resource on which the subject is attempting to perform a request.

handler - a ContextHandler object that can optionally be used by the Role Mapping provider to obtain additional information that may be used in making the authorization decision. If the caller is unable to provide additional information, a null value should be specified.

a Map of roles indexed by their names, representing the security roles associated with the specified resources that have been granted to the subject.

See Also:

Documentation is available at
Copyright 2006 BEA Systems Inc.