org.wamblee.security.authorization
Interface AuthorizationRule

All Known Implementing Classes:
AbstractAuthorizationRule, UrlAuthorizationRule

public interface AuthorizationRule

Represents an authorization rule to determine whether an operation is allowed on a resource.

Author:
Erik Brakkee

Method Summary
 java.lang.Class[] getSupportedTypes()
          Returns the supported object types for which this authorization rule applies.
 AuthorizationResult isAllowed(java.lang.Object aResource, Operation aOperation, java.lang.String aUser)
          Determines whether an operation is allowed on a certain resource.
 void setUserAdministration(UserAdministration aAdmin)
          Sets the user admnistration to use.
 

Method Detail

setUserAdministration

void setUserAdministration(UserAdministration aAdmin)
Sets the user admnistration to use.

Parameters:
aAdmin - User administration.

getSupportedTypes

java.lang.Class[] getSupportedTypes()
Returns the supported object types for which this authorization rule applies. This can be used by the authorization service for optimization.

Returns:
Array of supported types.

isAllowed

AuthorizationResult isAllowed(java.lang.Object aResource,
                              Operation aOperation,
                              java.lang.String aUser)
Determines whether an operation is allowed on a certain resource. The rule implementation must be prepared to deal with resources for which it does not apply. In those cases it should return AuthorizationResult.UNSUPPORTED_RESOURCE.

Parameters:
aResource - Resource.
aOperation - Operation.
aUser - Current user.
Returns:
Authorization result.


Copyright © 2022. All Rights Reserved.