public interface AuthorizationManager extends BaseSecurityManager
RealmMapping
Modifier and Type | Method and Description |
---|---|
int |
authorize(Resource resource)
Authorize a resource Note: The implementation will try to derive the authenticated subject by some means
|
int |
authorize(Resource resource,
Subject subject)
Authorize a resource for an authenticated subject
|
int |
authorize(Resource resource,
Subject subject,
Group roleGroup)
Authorize a resource given a Group of Principals representing roles
|
int |
authorize(Resource resource,
Subject subject,
RoleGroup role)
Authorize a resource given a role
|
boolean |
doesUserHaveRole(Principal principal,
Set<Principal> roles)
Validates the application domain roles to which the operational environment Principal belongs.
|
RoleGroup |
getSubjectRoles(Subject authenticatedSubject,
CallbackHandler cbh)
Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role
mapping logic configured for the security domain
|
Group |
getTargetRoles(Principal targetPrincipal,
Map<String,Object> contextMap)
Trust usecases may have a need to determine the roles of the target principal which has been derived via a
principal from another domain by the Authentication Manager An implementation of this interface may have to
contact a trust provider for additional information about the principal
|
Set<Principal> |
getUserRoles(Principal principal)
Return the set of domain roles the principal has been assigned.
|
getSecurityDomain
int authorize(Resource resource) throws AuthorizationException
resource
- Resource to be authorizedAuthorizationException
int authorize(Resource resource, Subject subject) throws AuthorizationException
resource
- Resource to be authorizedsubject
- Authenticated SubjectAuthorizationException
int authorize(Resource resource, Subject subject, RoleGroup role) throws AuthorizationException
resource
- subject
- the authenticated subjectrole
- a role (which can be a nested role)AuthorizationException
int authorize(Resource resource, Subject subject, Group roleGroup) throws AuthorizationException
resource
- subject
- the authenticated subjectroleGroup
- AuthorizationException
boolean doesUserHaveRole(Principal principal, Set<Principal> roles)
principal
- the caller principal as known in the operation environment.roles
- The SetRoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
authenticatedSubject
- cbh
- a CallbackHandler that can be used by the AuthorizationManager to obtain essentials such as
SecurityContext etcSet<Principal> getUserRoles(Principal principal)
Group getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)
targetPrincipal
- Principal applicable in current domaincontextMap
- Read-Only Contextual Information that may be useful for the implementation in determining the
roles.Copyright © 2017 JBoss by Red Hat. All rights reserved.