|
Oracle | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
public interface BulkAccessDecision
The BulkAccessDecisionV2 security service provider (SSPI) interface
for policy enforcement points (PEP) allows support for bulk runtime authorization queries.
| Method Summary | |
|---|---|
Map<Resource,Result> |
isAccessAllowed(Subject subject,
Map<Resource,Map<String,SecurityRole>> roles,
List<Resource> resources,
ContextHandler handler,
Direction direction)
Indicates whether the authorization policies defined for the list of resources allow the requested method to be performed, by utilizing the information contained in the subject and context. |
| Method Detail |
|---|
Map<Resource,Result> isAccessAllowed(Subject subject,
Map<Resource,Map<String,SecurityRole>> roles,
List<Resource> resources,
ContextHandler handler,
Direction direction)
throws InvalidPrincipalException
The isAccessAllowed method may be called both prior to a
request and after a request has been processed. An indication of whether
the method is being called 1) to determine if the request should be allowed
to be dispatched or 2) to determine if the result of request should be
allowed to be returned is represented by the value of the
direction parameter.
subject - a Subject object containing the
identity of the principals that are attempting to
perform a request on the specified resource.roles - a Map of roles (indexed first by resource and then by
their names) that are associated with the subject and
should be taken into consideration when making the
authorization decision.resources - a list of Resource objects indicating the type
of resources on which the subject is attempting to
perform a request.handler - a ContextHandler object that can optionally
be used by an Access Decision to obtain
additional information that may be used in making the
authorization decision. If the caller is unable to
provide additional information, a null
value should be specified.direction - a Direction object representing whether the
authorization check is being performed prior to
processing the requests or after the requests have been
processed but before the results have been returned. A
value of PRIOR indicates that the
authorization check is being requested to prior to
processing the request. A value of POST
indicates that the authorization check is being
requested after the request has been processed but
before the results have been returned. A value of
ONCE indicates that the authorization check
is being done once. isAccessAllowed uses
the direction to give it some indication as to which
parameters to request (in or out) in the
ContextHandler.
Map of indications (indexed by Resource) of whether
the authorization policies defined
for the resources allow the requested methods to be performed.
For each resource in the input list, a return value of
PERMIT indicates that the
specified subject has permission to perform the operation.
A return value of DENY indicates that the
specified subject should not be allowed to perform the operation
on the matching resource index in the input list. A value of
ABSTAIN indicates that an
explicit decision to either permit or deny the requested method
could not be determined.
InvalidPrincipalException - if the principal has become
invalid (possibly because the
principal has been deleted from the
system while there was an active subject
with that principal).
|
Documentation is available at http://download.oracle.com/docs/cd/E13222_01/wls/docs103 Copyright 1996,2008, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. |
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||