JaccWebAuthorizationManager (Payara Project 5.193.1 API)

java.lang.Object
- com.sun.enterprise.security.jacc.JaccWebAuthorizationManager

```
public class JaccWebAuthorizationManager
extends Object
```
This class is the entry point for authorization decisions in the web container. It implements JACC, the JSR 115 - JavaTM Authorization Contract for Containers. This class is a companion class of EJBSecurityManager.
All the authorization decisions required to allow access to a resource in the web container should happen via this class.
Note that according to the JACC specification, for the actual authorization decision we delegate our queries to a JACC aware Policy, which is pluggable (can be replaced by the user).

Author:

Jean-Francois Arcand, Harpreet Singh.

Field Summary

Fields
Modifier and Type	Field and Description
`protected CodeSource`	`codesource`
`static String`	`CONSTRAINT_URI` Request path.
`protected Policy`	`policy`
`protected javax.security.jacc.PolicyConfiguration`	`policyConfiguration`
`protected javax.security.jacc.PolicyConfigurationFactory`	`policyConfigurationFactory`

Constructor Summary

Constructors
Constructor and Description
`JaccWebAuthorizationManager(WebBundleDescriptor webBundleDescriptor, ServerContext serverContext, WebSecurityManagerFactory webSecurityManagerFactory, boolean register)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`destroy()`
`static String`	`getContextID(WebBundleDescriptor webBundleDescriptor)`
`boolean`	`hasNoConstrainedResources()` This method returns true to indicate that a policy check was made and there were no constrained resources.
`boolean`	`hasResourcePermission(javax.servlet.http.HttpServletRequest servletRequest)` Perform access control based on the `HttpServletRequest`.
`boolean`	`hasRoleRefPermission(String servletName, String role, Principal principal)` Return `true` if the specified servletName has the specified security role, within the context of the `WebRoleRefPermission`; otherwise return `false`.
`int`	`hasUserDataPermission(javax.servlet.http.HttpServletRequest servletRequest, String uri, String httpMethod)` Checks if for the given request and the given request URI and method are the target of any user-data-constraint with a and whether any such constraint is already satisfied.
`boolean`	`isPermitAll(javax.servlet.http.HttpServletRequest request)`
`void`	`release()` Analogous to destroy, except does not remove links from Policy Context, and does not remove context_id from role mapper factory.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - CONSTRAINT_URI
```
public static final String CONSTRAINT_URI
```
    Request path. Copied from org.apache.catalina.Globals; Required to break dependence on WebTier of Security Module
    
    See Also:
    
    Constant Field Values
  - policy
```
protected Policy policy
```
  - policyConfigurationFactory
```
protected javax.security.jacc.PolicyConfigurationFactory policyConfigurationFactory
```
  - policyConfiguration
```
protected javax.security.jacc.PolicyConfiguration policyConfiguration
```
  - codesource
```
protected CodeSource codesource
```
- Constructor Detail
  - JaccWebAuthorizationManager
```
public JaccWebAuthorizationManager(WebBundleDescriptor webBundleDescriptor,
                                   ServerContext serverContext,
                                   WebSecurityManagerFactory webSecurityManagerFactory,
                                   boolean register)
                            throws javax.security.jacc.PolicyContextException
```
    Throws:
    
    javax.security.jacc.PolicyContextException
- Method Detail
  - getContextID
```
public static String getContextID(WebBundleDescriptor webBundleDescriptor)
```
  - hasNoConstrainedResources
```
public boolean hasNoConstrainedResources()
```
    This method returns true to indicate that a policy check was made and there were no constrained resources.
    When caching is disabled must always return false, which will ensure that policy is consulted to authorize each request.
    
    Returns:
    
    true when there are no constrained resources, false otherwise
  - hasUserDataPermission
```
public int hasUserDataPermission(javax.servlet.http.HttpServletRequest servletRequest,
                                 String uri,
                                 String httpMethod)
```
    Checks if for the given request and the given request URI and method are the target of any user-data-constraint with a and whether any such constraint is already satisfied.
    if uri == null, determine if the connection characteristics of the request satisfy the applicable policy. If the uri is not null, determine if the uri and Http method require a CONFIDENTIAL transport. The uri value does not include the context path, and any colons occurring in the uri must be escaped.
    Note: this method is not intended to be called if the request is secure. It checks whether the resource can be accessed over the current connection type (which is presumed to be insecure), and if an insecure connection type is not permitted it checks if the resource can be accessed via a confidential transport.
    If the request is secure, the second check is skipped, and the proper result is returned (but that is not the intended use model).
    
    Parameters:
    
    servletRequest - the request that may be redirected
    
    uri - the request URI (minus the context path) to check
    
    method - the request method to check
    
    Returns:
    
    1 if access is permitted (as is or without SSL). -1 if the the access will be permitted after a redirect to SSL. return 0 if access will be denied independent of whether a redirect to SSL is done.
  - isPermitAll
```
public boolean isPermitAll(javax.servlet.http.HttpServletRequest request)
```
  - hasResourcePermission
```
public boolean hasResourcePermission(javax.servlet.http.HttpServletRequest servletRequest)
```
    Perform access control based on the HttpServletRequest. Return true if this constraint is satisfied and processing should continue, or false otherwise.
    
    Returns:
    
    true is the resource is granted, false if denied
  - hasRoleRefPermission
```
public boolean hasRoleRefPermission(String servletName,
                                    String role,
                                    Principal principal)
```
    Return true if the specified servletName has the specified security role, within the context of the WebRoleRefPermission; otherwise return false.
    
    Parameters:
    
    servletName - the resource's name
    
    role - Security role to be checked
    
    principal - Principal for whom the role is to be checked
    
    Returns:
    
    true is the resource is granted, false if denied
  - release
```
public void release()
             throws javax.security.jacc.PolicyContextException
```
    Analogous to destroy, except does not remove links from Policy Context, and does not remove context_id from role mapper factory. Used to support Policy Changes that occur via ServletContextListener.
    
    Throws:
    
    javax.security.jacc.PolicyContextException
  - destroy
```
public void destroy()
             throws javax.security.jacc.PolicyContextException
```
    Throws:
    
    javax.security.jacc.PolicyContextException

Class JaccWebAuthorizationManager

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

CONSTRAINT_URI

policy

policyConfigurationFactory

policyConfiguration

codesource

Constructor Detail

JaccWebAuthorizationManager

Method Detail

getContextID

hasNoConstrainedResources

hasUserDataPermission

isPermitAll

hasResourcePermission

hasRoleRefPermission

release

destroy