Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.iam.platform.authopss.api
Interface AuthorizationService

All Known Subinterfaces:
AuthorizationOPSSService
public interface AuthorizationService

Service interface specifying contracts for the authorization checks supported by the OIM Authorization layer. Clients need to call this service for authorization checks at their Policy Enforcement Points. Examples of PEPs may be specific navigation items or action widgets on the user interface, or proactive checkpoints before processing a request in a feature, or an access control mechanism embedded in a custom OIM client.

Method Summary
 java.util.List allowedActions(java.lang.String subjectId, PolicyConstants.Resources resource)
          Search for the allowed actions for the user on a resource.
 AuthorizationResult bulkHasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.util.List resourceId, PolicyConstants.Actions action)
          Check if user is allowed to perform an action on a specific resource.
 AuthorizationResult bulkHasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.util.List resourceIds, PolicyConstants.Actions action, java.util.Map envMap)
          Check if user is allowed to perform an action on a specific resource.
 AuthorizationResult bulkHasAccessRelationship(java.lang.String subjectId, PolicyConstants.Resources beneficiaryType, java.util.List beneficiaryId, PolicyConstants.Resources targetEntityType, java.util.List targetEntityId, PolicyConstants.Actions targetAction, boolean performBeneficiaryCheck)
          Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement).
 AuthorizationResult hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, PolicyConstants.Actions action)
          Check if user is allowed to perform an action.
 AuthorizationResult hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, OperationContext opContext)
          Check if user is allowed to perform an action on a specific resource.
 AuthorizationResult hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, PolicyConstants.Actions action)
          Check if user is allowed to perform an action on a specific resource.
 AuthorizationResult hasAccess(java.lang.String subjectId, PolicyConstants.Resources resourceType, java.lang.String resourceId, PolicyConstants.Actions action, java.util.Map envMap)
          Check if user is allowed to perform an action on a specific resource.
 AuthorizationResult hasAccessRelationship(java.lang.String subjectId, PolicyConstants.Resources beneficiaryType, java.lang.String beneficiaryId, PolicyConstants.Resources targetEntityType, java.lang.String targetEntityId, PolicyConstants.Actions targetAction)
          Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement).

 

Method Detail

hasAccess

AuthorizationResult hasAccess(java.lang.String subjectId,
                              PolicyConstants.Resources resourceType,
                              PolicyConstants.Actions action)
                              throws AccessDeniedException
Check if user is allowed to perform an action. Permissions for the specific resource type are evaluated and obligation may return to declare the constraints to be followed while performing the action.
Parameters:
subjectId - usr_key of the user performing the action, required.
resourceType - type of the resource being accessed, required.
action - actions are defined per resource type, required
Returns:
returns authorization result, which has decision and obligations to be followed.
Throws:
AccessDeniedException

hasAccess

AuthorizationResult hasAccess(java.lang.String subjectId,
                              PolicyConstants.Resources resourceType,
                              java.lang.String resourceId,
                              PolicyConstants.Actions action)
                              throws AccessDeniedException
Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
Parameters:
subjectId - usr_key of the user performing the action, required.
resourceType - type of the resource being accessed, required.
resourceId - id of a specific resource, required
action - actions are defined per resource type, required
Returns:
returns authorization result, which has decision and obligations to be followed.
Throws:
AccessDeniedException

hasAccess

AuthorizationResult hasAccess(java.lang.String subjectId,
                              PolicyConstants.Resources resourceType,
                              java.lang.String resourceId,
                              OperationContext opContext)
                              throws AccessDeniedException
Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
Parameters:
subjectId - usr_key of the user performing the action, required.
resourceType - type of the resource being accessed, required.
resourceId - list of id of resources, required
opContext - - the operation context used for specifying request context.
Returns:
authorizationResult - The authorization result, which has decision and obligations to be followed.
Throws:
AccessDeniedException

bulkHasAccess

AuthorizationResult bulkHasAccess(java.lang.String subjectId,
                                  PolicyConstants.Resources resourceType,
                                  java.util.List resourceId,
                                  PolicyConstants.Actions action)
                                  throws AccessDeniedException
Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
Parameters:
subjectId - usr_key of the user performing the action, required.
resourceType - type of the resource being accessed, required.
resourceId - list of id of resources, required
action - actions are defined per resource type, required
Returns:
returns authorization result, which has decision and obligations to be followed.
Throws:
AccessDeniedException

hasAccessRelationship

AuthorizationResult hasAccessRelationship(java.lang.String subjectId,
                                          PolicyConstants.Resources beneficiaryType,
                                          java.lang.String beneficiaryId,
                                          PolicyConstants.Resources targetEntityType,
                                          java.lang.String targetEntityId,
                                          PolicyConstants.Actions targetAction)
                                          throws AccessDeniedException
Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement). It also checks if the beneficairy is allowed to view the target enity.
Parameters:
subjectId - usr_key of the user performing the action, required.
beneficiaryType - type of the resource(user) being granted , required.
beneficiaryId - id of a specific resource(user), required
targetEntityType - type of the target entity being assigned , required.
targetEntityId - id of a specific target entity being assigned, required
targetAction - action for the target entity, required.
Returns:
returns authorization result, which has decision and obligations to be followed.
Throws:
AccessDeniedException

bulkHasAccessRelationship

AuthorizationResult bulkHasAccessRelationship(java.lang.String subjectId,
                                              PolicyConstants.Resources beneficiaryType,
                                              java.util.List beneficiaryId,
                                              PolicyConstants.Resources targetEntityType,
                                              java.util.List targetEntityId,
                                              PolicyConstants.Actions targetAction,
                                              boolean performBeneficiaryCheck)
                                              throws AccessDeniedException
Check if user is allowed to perform the relationship operation on beneficiary(user) to the target(role, IT Resource or Entitlement). It also checks if the beneficairy is allowed to view the target enity.
Parameters:
subjectId - usr_key of the user performing the action, required.
beneficiaryType - type of the resource(user) being granted , required.
beneficiaryId - id list of resource(user), required
targetEntityType - type of the target entity being assigned , required.
targetEntityId - id List of target entity being assigned, required
targetAction - action for the target entity, required.
performBeneficiaryCheck - boolean if the beneficiary check is required.
Returns:
returns authorization result, which has decision and obligations to be followed.
Throws:
AccessDeniedException

allowedActions

java.util.List allowedActions(java.lang.String subjectId,
                              PolicyConstants.Resources resource)
                              throws AccessDeniedException
Search for the allowed actions for the user on a resource.
Parameters:
subjectId - usr_key of the user performing the action, required.
resource - enum for the type of the resource being accessed, required.
Returns:
returns List of allowed actions.
Throws:
AccessDeniedException

hasAccess

AuthorizationResult hasAccess(java.lang.String subjectId,
                              PolicyConstants.Resources resourceType,
                              java.lang.String resourceId,
                              PolicyConstants.Actions action,
                              java.util.Map envMap)
                              throws AccessDeniedException
Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
Parameters:
subjectId - usr_key of the user performing the action, required.
resourceType - type of the resource being accessed, required.
resourceId - id of a specific resource.
action - actions are defined per resource type, required
envMap - Map containing the List of values for various keys defined in resource-sec-attributes (PolicyConstants.ResourceSecurityAttributes) Need to pass the USER_ORG_HIERARCHY and USER_MANAGEMENT_CHAIN as key and vlaue as List of organizations(List) & managerKey(String) of the user e.g. : envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_MANAGEMENT_CHAIN.getId(), managerKey); envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_ORG_HIERARCHY.getId() , orgList);
Returns:
returns authorization result, which has decision and obligations to be followed.
Throws:
AccessDeniedException

bulkHasAccess

AuthorizationResult bulkHasAccess(java.lang.String subjectId,
                                  PolicyConstants.Resources resourceType,
                                  java.util.List resourceIds,
                                  PolicyConstants.Actions action,
                                  java.util.Map envMap)
                                  throws AccessDeniedException
Check if user is allowed to perform an action on a specific resource. This method calls entity's security data provider to get the SecurableEntity object and then delgates evaluation to the hasAccess method with that object.
Parameters:
subjectId - usr_key of the user performing the action, required.
resourceType - type of the resource being accessed, required.
resourceIds - id list of resources.
action - actions are defined per resource type, required
envMap - Map containing the List of values for various keys defined in resource-sec-attributes (PolicyConstants.ResourceSecurityAttributes) Need to pass the USER_ORG_HIERARCHY and USER_MANAGEMENT_CHAIN as key and vlaue as List of organizations(List) & managerKey(String) of the user e.g. : envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_MANAGEMENT_CHAIN.getId(), managerKey); envMap.put(PolicyConstants.ResourceSecurityAttributes.USER_ORG_HIERARCHY.getId() , orgList);
Returns:
returns authorization result, which has decision and obligations to be followed.
Throws:
AccessDeniedException

Skip navigation links

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2015, Oracle and/or its affiliates. All rights reserved.