Package org.jbpm.casemgmt.api.auth
Interface AuthorizationManager
-
- All Known Implementing Classes:
AuthorizationManagerImpl
public interface AuthorizationManager
Responsible for authorizing access to case instances based on the context.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static class
AuthorizationManager.ProtectedOperation
-
Field Summary
Fields Modifier and Type Field Description static String
ADMIN_ROLE
static String
OWNER_ROLE
static String
PUBLIC_GROUP
static String
UNKNOWN_USER
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
checkAuthorization(String caseId)
Checks if the caller (based on identity provider) is authorized to work with a case identified by caseIdvoid
checkCommentAuthorization(String caseId, CaseFileInstance caseFileInstance, CommentInstance commentInstance)
Check if caller (based on identity provider) is authorized to manipulate given commentvoid
checkDataAuthorization(String caseId, CaseFileInstance caseFileInstance, Collection<String> dataNames)
Check if caller (based on identity provider) is authorized to manipulate given datavoid
checkOperationAuthorization(String caseId, AuthorizationManager.ProtectedOperation operation)
Checks if the caller (based on identity provider) is authorized to perform given operation on a case.List<CommentInstance>
filterByCommentAuthorization(String caseId, CaseFileInstance caseFileInstance, List<CommentInstance> comments)
Filters provided comments by their restrictions.Map<String,Object>
filterByDataAuthorization(String caseId, CaseFileInstance caseFileInstance, Map<String,Object> data)
Filters provided data by data restrictions.
-
-
-
Field Detail
-
PUBLIC_GROUP
static final String PUBLIC_GROUP
- See Also:
- Constant Field Values
-
OWNER_ROLE
static final String OWNER_ROLE
- See Also:
- Constant Field Values
-
ADMIN_ROLE
static final String ADMIN_ROLE
- See Also:
- Constant Field Values
-
UNKNOWN_USER
static final String UNKNOWN_USER
- See Also:
- Constant Field Values
-
-
Method Detail
-
checkAuthorization
void checkAuthorization(String caseId) throws SecurityException
Checks if the caller (based on identity provider) is authorized to work with a case identified by caseId- Parameters:
caseId
- unique id of the case- Throws:
SecurityException
- thrown when caller is not authorized to access the case instance
-
checkOperationAuthorization
void checkOperationAuthorization(String caseId, AuthorizationManager.ProtectedOperation operation) throws SecurityException
Checks if the caller (based on identity provider) is authorized to perform given operation on a case.- Parameters:
caseId
- unique id of the caseoperation
- operations that is being invoked- Throws:
SecurityException
- thrown when caller is not authorized to access the case instance
-
filterByDataAuthorization
Map<String,Object> filterByDataAuthorization(String caseId, CaseFileInstance caseFileInstance, Map<String,Object> data)
Filters provided data by data restrictions. This guarantees only data authorized for given user will be returned.- Parameters:
caseId
- unique id of the casecaseFileInstance
- case file associated with given case instancedata
- actual data to be filtered- Returns:
- returns filtered map of data if any restriction applied
-
checkDataAuthorization
void checkDataAuthorization(String caseId, CaseFileInstance caseFileInstance, Collection<String> dataNames)
Check if caller (based on identity provider) is authorized to manipulate given data- Parameters:
caseId
- unique id of the casecaseFileInstance
- case file associated with given case instancedataNames
- data names to be manipulated/put into the case instance- Throws:
SecurityException
- thrown when caller is not authorized to manipulate any of the given data
-
filterByCommentAuthorization
List<CommentInstance> filterByCommentAuthorization(String caseId, CaseFileInstance caseFileInstance, List<CommentInstance> comments)
Filters provided comments by their restrictions. This guarantees only comments authorized to be seen by user will be returned.- Parameters:
caseId
- unique id of the casecaseFileInstance
- case file associated with given case instancecomments
- comments to be filtered- Returns:
- filtered comments if any restrictions applied or same as given as argument
-
checkCommentAuthorization
void checkCommentAuthorization(String caseId, CaseFileInstance caseFileInstance, CommentInstance commentInstance)
Check if caller (based on identity provider) is authorized to manipulate given comment- Parameters:
caseId
- unique id of the casecaseFileInstance
- case file associated with given case instancecommentInstance
- comment that is about to be manipulated (updated or removed)- Throws:
SecurityException
- thrown when caller is not authorized to manipulate given comment
-
-