|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AuthorizationService
Service interface specifying contracts for the authorization checks supported by the OIM Authorization layer. Clients need to call this service for authorization checks at their Policy Enforcement Points. Examples of PEPs may be specific navigation items or action widgets on the user interface, or proactive checkpoints before processing a request in a feature, or an access control mechanism embedded in a custom OIM client.
Method Summary | |
---|---|
java.util.List |
allowedActions(java.lang.String subjectId, PolicyConstants.Resources resource) Search for the allowed actions for the user on a resource. |
AuthorizationResult |
bulkHasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.util.List resourceId, PolicyConstants.Actions action) Check if user is allowed to perform an action on a specific resource. |
AuthorizationResult |
bulkHasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.util.List resourceIds, PolicyConstants.Actions action, java.util.Map envMap) Check if user is allowed to perform an action on a specific resource. |
AuthorizationResult |
bulkHasAccessRelationship(java.lang.String subjectId, PolicyConstants.Resources beneficiaryType, java.util.List beneficiaryId, PolicyConstants.Resources targetEntityType, java.util.List targetEntityId, PolicyConstants.Actions targetAction, boolean performBeneficiaryCheck) Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement). |
AuthorizationResult |
hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, PolicyConstants.Actions action) Check if user is allowed to perform an action. |
AuthorizationResult |
hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, OperationContext opContext) |
AuthorizationResult |
hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, PolicyConstants.Actions action) Check if user is allowed to perform an action on a specific resource. |
AuthorizationResult |
hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, PolicyConstants.Actions action, java.util.Map envMap) Check if user is allowed to perform an action on a specific resource. |
AuthorizationResult |
hasAccessRelationship(java.lang.String subjectId, PolicyConstants.Resources beneficiaryType, java.lang.String beneficiaryId, PolicyConstants.Resources targetEntityType, java.lang.String targetEntityId, PolicyConstants.Actions targetAction) Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement). |
Method Detail |
---|
AuthorizationResult hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, PolicyConstants.Actions action) throws AccessDeniedException
subjectId
- usr_key of the user performing the action, required.resourceType
- type of the resource being accessed, required.action
- actions are defined per resource type, requiredAccessDeniedException
AuthorizationResult hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, PolicyConstants.Actions action) throws AccessDeniedException
subjectId
- usr_key of the user performing the action, required.resourceType
- type of the resource being accessed, required.resourceId
- id of a specific resource, requiredaction
- actions are defined per resource type, requiredAccessDeniedException
AuthorizationResult hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, OperationContext opContext) throws AccessDeniedException
AccessDeniedException
AuthorizationResult bulkHasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.util.List resourceId, PolicyConstants.Actions action) throws AccessDeniedException
subjectId
- usr_key of the user performing the action, required.resourceType
- type of the resource being accessed, required.resourceId
- list of id of resources, requiredaction
- actions are defined per resource type, requiredAccessDeniedException
AuthorizationResult hasAccessRelationship(java.lang.String subjectId, PolicyConstants.Resources beneficiaryType, java.lang.String beneficiaryId, PolicyConstants.Resources targetEntityType, java.lang.String targetEntityId, PolicyConstants.Actions targetAction) throws AccessDeniedException
subjectId
- usr_key of the user performing the action, required.beneficiaryType
- type of the resource(user) being granted , required.beneficiaryId
- id of a specific resource(user), requiredtargetEntityType
- type of the target entity being assigned , required.targetEntityId
- id of a specific target entity being assigned, requiredtargetAction
- action for the target entity, required.AccessDeniedException
AuthorizationResult bulkHasAccessRelationship(java.lang.String subjectId, PolicyConstants.Resources beneficiaryType, java.util.List beneficiaryId, PolicyConstants.Resources targetEntityType, java.util.List targetEntityId, PolicyConstants.Actions targetAction, boolean performBeneficiaryCheck) throws AccessDeniedException
subjectId
- usr_key of the user performing the action, required.beneficiaryType
- type of the resource(user) being granted , required.beneficiaryId
- id list of resource(user), requiredtargetEntityType
- type of the target entity being assigned , required.targetEntityId
- id List of target entity being assigned, requiredtargetAction
- action for the target entity, required.performBeneficiaryCheck
- boolean if the beneficiary check is required.AccessDeniedException
java.util.List allowedActions(java.lang.String subjectId, PolicyConstants.Resources resource) throws AccessDeniedException
subjectId
- usr_key of the user performing the action, required.resource
- enum for the type of the resource being accessed, required.AccessDeniedException
AuthorizationResult hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, PolicyConstants.Actions action, java.util.Map envMap) throws AccessDeniedException
subjectId
- usr_key of the user performing the action, required.resourceType
- type of the resource being accessed, required.resourceId
- id of a specific resource.action
- actions are defined per resource type, requiredenvMap
- Map containing the List of values for various keys defined in resource-sec-attributes (PolicyConstants.ResourceSecurityAttributes) Need to pass the USER_ORG_HIERARCHY and USER_MANAGEMENT_CHAIN as key and vlaue as List of organizations(List) & managerKey(String) of the user e.g. : envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_MANAGEMENT_CHAIN.getId(), managerKey); envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_ORG_HIERARCHY.getId() , orgList);AccessDeniedException
AuthorizationResult bulkHasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.util.List resourceIds, PolicyConstants.Actions action, java.util.Map envMap) throws AccessDeniedException
subjectId
- usr_key of the user performing the action, required.resourceType
- type of the resource being accessed, required.resourceIds
- id list of resources.action
- actions are defined per resource type, requiredenvMap
- Map containing the List of values for various keys defined in resource-sec-attributes (PolicyConstants.ResourceSecurityAttributes) Need to pass the USER_ORG_HIERARCHY and USER_MANAGEMENT_CHAIN as key and vlaue as List of organizations(List) & managerKey(String) of the user e.g. : envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_MANAGEMENT_CHAIN.getId(), managerKey); envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_ORG_HIERARCHY.getId() , orgList);AccessDeniedException
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |