AuthorizationManager (Red Hat JBoss Enterprise Application Platform 7.2.0.GA public API)

All Superinterfaces:

BaseSecurityManager

All Known Implementing Classes:

JBossAuthorizationManager
```
public interface AuthorizationManager
extends BaseSecurityManager
```
Generalized Authorization Manager Interface.

Replaces the legacy RealmMapping interface

Since:

Jan 2, 2006

Version:

$Revision$

Author:

Anil Saldhana

See Also:

RealmMapping

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`int`	`authorize(Resource resource)` Authorize a resource Note: The implementation will try to derive the authenticated subject by some means
`int`	`authorize(Resource resource, Subject subject)` Authorize a resource for an authenticated subject
`int`	`authorize(Resource resource, Subject subject, Group roleGroup)` Authorize a resource given a Group of Principals representing roles
`int`	`authorize(Resource resource, Subject subject, RoleGroup role)` Authorize a resource given a role
`boolean`	`doesUserHaveRole(Principal principal, Set<Principal> roles)` Validates the application domain roles to which the operational environment Principal belongs.
`RoleGroup`	`getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)` Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domain
`Group`	`getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)` Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal
`Set<Principal>`	`getUserRoles(Principal principal)` Return the set of domain roles the principal has been assigned.

Methods inherited from interface org.jboss.security.BaseSecurityManager
getSecurityDomain

- Method Detail
  - authorize
```
int authorize(Resource resource)
       throws AuthorizationException
```
    Authorize a resource Note: The implementation will try to derive the authenticated subject by some means
    
    Parameters:
    
    resource - Resource to be authorized
    
    Returns:
    
    AuthorizationContext.PERMIT or AuthorizationContext.DENY
    
    Throws:
    
    AuthorizationException
  - authorize
```
int authorize(Resource resource,
              Subject subject)
       throws AuthorizationException
```
    Authorize a resource for an authenticated subject
    
    Parameters:
    
    resource - Resource to be authorized
    
    subject - Authenticated Subject
    
    Returns:
    
    AuthorizationContext.PERMIT or AuthorizationContext.DENY
    
    Throws:
    
    AuthorizationException
  - authorize
```
int authorize(Resource resource,
              Subject subject,
              RoleGroup role)
       throws AuthorizationException
```
    Authorize a resource given a role
    
    Parameters:
    
    resource -
    
    subject - the authenticated subject
    
    role - a role (which can be a nested role)
    
    Returns:
    
    AuthorizationContext.PERMIT or AuthorizationContext.DENY
    
    Throws:
    
    AuthorizationException
  - authorize
```
int authorize(Resource resource,
              Subject subject,
              Group roleGroup)
       throws AuthorizationException
```
    Authorize a resource given a Group of Principals representing roles
    
    Parameters:
    
    resource -
    
    subject - the authenticated subject
    
    roleGroup -
    
    Returns:
    
    Throws:
    
    AuthorizationException
  - doesUserHaveRole
```
boolean doesUserHaveRole(Principal principal,
                         Set<Principal> roles)
```
    Validates the application domain roles to which the operational environment Principal belongs.
    
    Parameters:
    
    principal - the caller principal as known in the operation environment.
    
    roles - The Set for the application domain roles that the principal is to be validated against.
    
    Returns:
    
    true if the principal has at least one of the roles in the roles set, false otherwise.
  - getSubjectRoles
```
RoleGroup getSubjectRoles(Subject authenticatedSubject,
                          CallbackHandler cbh)
```
    Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role mapping logic configured for the security domain
    
    Parameters:
    
    authenticatedSubject -
    
    cbh - a CallbackHandler that can be used by the AuthorizationManager to obtain essentials such as SecurityContext etc
    
    Returns:
  - getUserRoles
```
Set<Principal> getUserRoles(Principal principal)
```
    Return the set of domain roles the principal has been assigned.
    
    Returns:
    
    The Set for the application domain roles that the principal has been assigned.
  - getTargetRoles
```
Group getTargetRoles(Principal targetPrincipal,
                     Map<String,Object> contextMap)
```
    Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal
    
    Parameters:
    
    targetPrincipal - Principal applicable in current domain
    
    contextMap - Read-Only Contextual Information that may be useful for the implementation in determining the roles.
    
    Returns:
    
    roles from the target domain

Interface AuthorizationManager

Method Summary

Methods inherited from interface org.jboss.security.BaseSecurityManager

Method Detail

authorize

authorize

authorize

authorize

doesUserHaveRole

getSubjectRoles

getUserRoles

getTargetRoles