org.glassfish.security.services.spi.authorization

Interface AuthorizationProvider

All Superinterfaces:

SecurityProvider

All Known Implementing Classes:

SimpleAuthorizationProviderImpl

@Contract
public interface AuthorizationProvider
extends SecurityProvider

AuthorizationProvider instances are used by a AuthorizationService to make access authorization decisions. This is part of a plug-in mechanism, which allows access decisions to deferred to an configured implementation.

Method Summary

Modifier and Type	Method and Description
AuthorizationService.PolicyDeploymentContext	findOrCreateDeploymentContext(String appContext) Finds an existing PolicyDeploymentContext, or create a new one if one does not already exist for the specified appContext.
AzResult	getAuthorizationDecision(AzSubject subject, AzResource resource, AzAction action, AzEnvironment environment, List<AzAttributeResolver> attributeResolvers) Evaluates the specified subject, resource, action, and environment against the body of policy managed by this provider and returns an access control result.

Methods inherited from interface org.glassfish.security.services.spi.SecurityProvider

initialize

Method Detail

getAuthorizationDecision

AzResult getAuthorizationDecision(AzSubject subject,
                                  AzResource resource,
                                  AzAction action,
                                  AzEnvironment environment,
                                  List<AzAttributeResolver> attributeResolvers)

Evaluates the specified subject, resource, action, and environment against the body of policy managed by this provider and returns an access control result.

Parameters:

subject - The attributes collection representing the Subject for which an authorization decision is requested.

resource - The attributes collection representing the resource for which access is being requested.

action - The attributes collection representing the action, with respect to the resource, for which access is being requested. A null action is interpreted as all actions, however all actions may also be represented by the AzAction instance. See AzAction.

environment - The attributes collection representing the environment, or context, in which the access decision is being requested, null if none.

attributeResolvers - The ordered list of attribute resolvers, for run time determination of missing attributes, null if none.

Returns:

The AzResult indicating the result of the access decision.

Throws:

IllegalArgumentException - Given null or illegal subject or resource

IllegalStateException - Provider was not initialized.

See Also:

AuthorizationService.getAuthorizationDecision(org.glassfish.security.services.api.authorization.AzSubject, org.glassfish.security.services.api.authorization.AzResource, org.glassfish.security.services.api.authorization.AzAction)

findOrCreateDeploymentContext

AuthorizationService.PolicyDeploymentContext findOrCreateDeploymentContext(String appContext)

Finds an existing PolicyDeploymentContext, or create a new one if one does not already exist for the specified appContext. The context will be returned in an "open" state, and will stay that way until commit() or delete() is called.

Parameters:

appContext - The application context for which the PolicyDeploymentContext is desired.

Returns:

The resulting PolicyDeploymentContext, null if this provider does not support this feature.

Throws:

IllegalStateException - Provider was not initialized, if this method is supported.

See Also:

AuthorizationService.findOrCreateDeploymentContext(String)