Package com.devonfw.module.security.common.api.accesscontrol

Interface AccessControlProvider

All Known Implementing Classes:

AbstractAccessControlProvider, AccessControlConfig, AccessControlProviderImpl

public interface AccessControlProvider

This is the interface for a provider of AccessControls. It allows to collect all AccessControls for an ID of a AccessControl (typically a AccessControlGroup or role). This is used to expand the groups provided by the access-manager (authentication and identity-management) to the full set of permissions of the user.
The actual authorization can then check individual permissions of the user by simply checking for contains in the collected Set, what is very fast as security checks happen frequently.

See Also:

PrincipalAccessControlProvider

Method Summary

Modifier and Type	Method	Description
boolean	collectAccessControlIds(String id, Set<String> permissions)	This method collects the IDs of all AccessControlPermissions (or more precisely of all AccessControls) contained in the AccessControl identified by the given groupId.
boolean	collectAccessControls(String id, Set<AccessControl> permissions)	This method collects the AccessControls contained in the AccessControl identified by the given groupId.
default Set<AccessControl>	expandPermissions(Collection<String> roleIds)	This is a convenvience method to expand the permissions for all given roleIds.
AccessControl	getAccessControl(String id)

Method Detail

getAccessControl

AccessControl getAccessControl(String id)

Parameters:

id - is the ID of the requested AccessControl.

Returns:

the requested AccessControl or null if not found.

collectAccessControlIds

boolean collectAccessControlIds(String id,
                                Set<String> permissions)

This method collects the IDs of all AccessControlPermissions (or more precisely of all AccessControls) contained in the AccessControl identified by the given groupId.

Parameters:

id - is the ID of the AccessControl (typically an AccessControlGroup) to collect.

permissions - is the Set where to add the collected IDs. This will include the given groupId.

Returns:

true if the given groupId has been found, false otherwise.

See Also:

collectAccessControls(String, Set)

collectAccessControls

boolean collectAccessControls(String id,
                              Set<AccessControl> permissions)

This method collects the AccessControls contained in the AccessControl identified by the given groupId.

Parameters:

id - is the ID of the AccessControl (typically an AccessControlGroup) to collect.

permissions - is the Set where to add the collected AccessControls. This will include the AccessControl identified by the given groupId.

Returns:

true if the given groupId has been found, false otherwise.

expandPermissions

default Set<AccessControl> expandPermissions(Collection<String> roleIds)

This is a convenvience method to expand the permissions for all given roleIds. So for each provided roleId the corresponding AccessControl are collected via collectAccessControls(String, Set).

Parameters:

roleIds - The IDs of the roles.

Returns:

A collection of AccessControl belonging to the given roleIds.