Interface AuthorizationProvider
-
- All Superinterfaces:
SecurityProvider
- All Known Implementing Classes:
SimpleAuthorizationProviderImpl
@Contract public interface AuthorizationProvider extends SecurityProvider
AuthorizationProvider
instances are used by a
to make access authorization decisions. This is part of a plug-in mechanism, which allows access decisions to deferred to an configured implementation.AuthorizationService
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description AuthorizationService.PolicyDeploymentContext
findOrCreateDeploymentContext(String appContext)
Finds an existing PolicyDeploymentContext, or create a new one if one does not already exist for the specified appContext.AzResult
getAuthorizationDecision(AzSubject subject, AzResource resource, AzAction action, AzEnvironment environment, List<AzAttributeResolver> attributeResolvers)
Evaluates the specified subject, resource, action, and environment against the body of policy managed by this provider and returns an access control result.-
Methods inherited from interface org.glassfish.security.services.spi.SecurityProvider
initialize
-
-
-
-
Method Detail
-
getAuthorizationDecision
AzResult getAuthorizationDecision(AzSubject subject, AzResource resource, AzAction action, AzEnvironment environment, List<AzAttributeResolver> attributeResolvers)
Evaluates the specified subject, resource, action, and environment against the body of policy managed by this provider and returns an access control result.- Parameters:
subject
- The attributes collection representing the Subject for which an authorization decision is requested.resource
- The attributes collection representing the resource for which access is being requested.action
- The attributes collection representing the action, with respect to the resource, for which access is being requested. A null action is interpreted as all actions, however all actions may also be represented by the AzAction instance. See
.AzAction
environment
- The attributes collection representing the environment, or context, in which the access decision is being requested, null if none.attributeResolvers
- The ordered list of attribute resolvers, for run time determination of missing attributes, null if none.- Returns:
- The AzResult indicating the result of the access decision.
- Throws:
IllegalArgumentException
- Given null or illegal subject or resourceIllegalStateException
- Provider was not initialized.- See Also:
AuthorizationService.getAuthorizationDecision(org.glassfish.security.services.api.authorization.AzSubject, org.glassfish.security.services.api.authorization.AzResource, org.glassfish.security.services.api.authorization.AzAction)
-
findOrCreateDeploymentContext
AuthorizationService.PolicyDeploymentContext findOrCreateDeploymentContext(String appContext)
Finds an existing PolicyDeploymentContext, or create a new one if one does not already exist for the specified appContext. The context will be returned in an "open" state, and will stay that way until commit() or delete() is called.- Parameters:
appContext
- The application context for which the PolicyDeploymentContext is desired.- Returns:
- The resulting PolicyDeploymentContext, null if this provider does not support this feature.
- Throws:
IllegalStateException
- Provider was not initialized, if this method is supported.- See Also:
AuthorizationService.findOrCreateDeploymentContext(String)
-
-