com.sun.identity.liberty.ws.interfaces.Authorizer Interface

This interface, once implemented, can be used by each Liberty-based web service component for access control.

The com.sun.identity.liberty.ws.disco.plugins.DefaultDiscoAuthorizer class is the implementation of this interface for the Discovery Service. For more information, see Chapter 8, Discovery Service. The com.sun.identity.liberty.ws.idpp.plugin.IDPPAuthorizer class is the implementation for the Liberty Personal Profile Service. For more information, see Chapter 7, Data Services.

The Authorizer interface enables a web service to check whether a web service consumer (WSC) is allowed to access the requested resource. When a WSC contacts a web service provider (WSP), the WSC conveys a sender identity and an invocation identity. Note that the invocation identity is always the subject of the SAML assertion. These conveyances enable the WSP to make an authorization decision based on one or both identities. The Access Manager Policy Service performs the authorization based on defined policies.

See the Sun Java System Access Manager 7.1 Technical Overview for more information about policy management, single sign-on, and user sessions. See the Sun Java System Access Manager 7.1 Administration Guide for information about creating policy.