AuthorizationProvider
, SecurityProvider
public interface DeployableAuthorizationProviderV2 extends AuthorizationProvider
A policy states which roles are allowed to perform particular actions on a resource (for example, who is allowed to call a particular method on a certain EJB).
When a Web application or EJB is deployed, policies need to be created. Similarly, when the Web application or EJB is re/hot deployed, the policies need to be updated. And, when the Web application or EJB is undeployed, the policies should be removed. This work needs to be done by an Authorization provider.
Not all Authorization providers need to support this interface. However, in a realm, at least one of the Authorization providers must support this interface. Otherwise, it is impossible to deploy Web applications and EJBs. To help with this, there are two MBeans associated with Authorization providers: one for providers who support deployment and one for those that do not support deployment. The MBean for deployment has an attribute that indicates whether this provider should be used for deployment. This way, when the realm is configured, it is possible to detect illegal configurations (for example, none of the Authorization providers support Web application/EJB deployment).
The DeployableAuthorizationProviderV2
adds support for
deployment start, deployment end and application deletion callbacks.
In addition, excluded and unchecked policies are deployed.
Modifier and Type | Method | Description |
---|---|---|
void |
deleteApplicationPolicies(ApplicationInfo application) |
Deletes all policies for an application and is only called on one server
within a WebLogic Server domain at the time an application is deleted.
|
void |
deployExcludedPolicy(DeployPolicyHandle handle,
Resource resource) |
Deploys a policy that always denies access.
|
void |
deployPolicy(DeployPolicyHandle handle,
Resource resource,
java.lang.String[] roleNames) |
Deploys a policy (that is, creates a policy on behalf of a deployed
Web application or EJB).
|
void |
deployUncheckedPolicy(DeployPolicyHandle handle,
Resource resource) |
Deploys a policy that always grants access.
|
void |
endDeployPolicies(DeployPolicyHandle handle) |
Marks the end of an application policy deployment.
|
DeployPolicyHandle |
startDeployPolicies(ApplicationInfo application) |
Marks the beginning of an application policy deployment and is called on all
servers within a WebLogic Server domain where an application is targeted.
|
void |
undeployAllPolicies(DeployPolicyHandle handle) |
Undeploys all policy for an deployed application (that is, deletes
a set of policy definitions on behalf of an undeployed Web application
or EJB).
|
getAccessDecision
getDescription, initialize, shutdown
DeployPolicyHandle startDeployPolicies(ApplicationInfo application) throws DeployHandleCreationException
application
- the ApplicationInfo
data for the application
being deployedDeployPolicyHandle
for the application that is used
when deploying policyDeployHandleCreationException
- if an unexpected error occurs
while creating a DeployPolicyHandle
for the
applicationvoid deployPolicy(DeployPolicyHandle handle, Resource resource, java.lang.String[] roleNames) throws ResourceCreationException
handle
- the DeployPolicyHandle
created from a
call to startDeployPolicy()
resource
- the Resource
object to which the
policy appliesroleNames
- a String array of roles that are in this policy.
(For example, for a Web application,
the <role-name>
from the
<auth-constraint>
portion of the
web.xml
deployment descriptor file.)ResourceCreationException
- if an unexpected error occurs while
deploying the policy for the specified resourcevoid deployUncheckedPolicy(DeployPolicyHandle handle, Resource resource) throws ResourceCreationException
handle
- the DeployPolicyHandle
created from a
call to startDeployPolicy()
resource
- the Resource
object to which the
policy appliesResourceCreationException
- if an unexpected error occurs while
deploying the policy for the specified resourcevoid deployExcludedPolicy(DeployPolicyHandle handle, Resource resource) throws ResourceCreationException
handle
- the DeployPolicyHandle
created from a
call to startDeployPolicy()
resource
- the Resource
object to which the
policy appliesResourceCreationException
- if an unexpected error occurs while
deploying the policy for the specified resourcevoid endDeployPolicies(DeployPolicyHandle handle) throws ResourceCreationException
handle
- the DeployPolicyHandle
created from a
call to startDeployPolicy()
ResourceCreationException
- if an unexpected error occurs
during the completion of resource deploymentsvoid undeployAllPolicies(DeployPolicyHandle handle) throws ResourceRemovalException
handle
- the DeployPolicyHandle
created from a
call to startDeployPolicy()
ResourceRemovalException
- if an unexpected error occurs
during the removal of resource deploymentsvoid deleteApplicationPolicies(ApplicationInfo application) throws ResourceRemovalException
application
- the ApplicationInfo
data for the application
being deletedResourceRemovalException
- if an unexpected error occurs
during the removal of resource policies for the application