Package org.uberfire.security.authz

Interface AuthorizationManager

  • All Known Implementing Classes:
    DefaultAuthorizationManager
    public interface AuthorizationManager
    Main entry interface for querying the authorization management subsystem about user access to different system resources.

    It provides services for checking access to Resource instances as well as services to check if a given permission has been granted to a user.

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean authorize​(String permission, org.jboss.errai.security.shared.api.identity.User user)
      It redirects to authorize(String, User, VotingStrategy) using the default voting strategy defined at PermissionManager.
      boolean authorize​(String permission, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
      Check of the given permission has been granted to the user.
      boolean authorize​(Permission permission, org.jboss.errai.security.shared.api.identity.User user)
      It redirects to authorize(Permission, User, VotingStrategy) using the default voting strategy defined at PermissionManager.
      boolean authorize​(Permission permission, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
      Check of the given permission has been granted to the user.
      boolean authorize​(org.uberfire.security.Resource resource, Collection<org.uberfire.security.Contributor> contributors, org.uberfire.security.ResourceAction action, org.jboss.errai.security.shared.api.identity.User user)
      It checks whether user is one of the contributors of resource as well permissions to access resource from security admin screen
      boolean authorize​(org.uberfire.security.Resource resource, org.jboss.errai.security.shared.api.identity.User user)
      It redirects to authorize(Resource, User, VotingStrategy) using the default voting strategy defined at PermissionManager.
      boolean authorize​(org.uberfire.security.Resource resource, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
      Check if the specified user can "access" a given resource.
      boolean authorize​(org.uberfire.security.Resource resource, org.uberfire.security.ResourceAction action, org.jboss.errai.security.shared.api.identity.User user)
      It redirects to authorize(Resource, ResourceAction, User) using the default voting strategy defined at PermissionManager.
      boolean authorize​(org.uberfire.security.Resource resource, org.uberfire.security.ResourceAction action, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
      Check if the given action can be performed over the specified resource or any of its dependent resource references (see Resource.getDependencies()).
      boolean authorize​(org.uberfire.security.ResourceType resourceType, org.uberfire.security.ResourceAction action, org.jboss.errai.security.shared.api.identity.User user)
      It redirects to authorize(ResourceType, ResourceAction, User, VotingStrategy) using the default voting strategy defined at PermissionManager.
      boolean authorize​(org.uberfire.security.ResourceType resourceType, org.uberfire.security.ResourceAction action, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
      Check if the given action can be performed over the specified resource or any of its dependent resource references (see Resource.getDependencies()).
      PermissionCheck check​(String permission, org.jboss.errai.security.shared.api.identity.User user)
      It redirects to check(String, User, VotingStrategy) using the default voting strategy defined at PermissionManager.
      PermissionCheck check​(String permission, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
      Creates a brand new PermissionCheck instance which provides a fluent styled API for checking permissions.
      ResourceCheck check​(org.uberfire.security.Resource resource, org.jboss.errai.security.shared.api.identity.User user)
      It redirects to check(Resource, User, VotingStrategy) using the default voting strategy defined at PermissionManager.
      ResourceCheck check​(org.uberfire.security.Resource resource, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
      Creates a brand new ResourceCheck instance which provides a fluent styled API for the checking of restricted actions over Resource instances.
      ResourceCheck check​(org.uberfire.security.ResourceType type, org.jboss.errai.security.shared.api.identity.User user)
      It redirects to check(ResourceType, User, VotingStrategy) using the default voting strategy defined at PermissionManager.
      ResourceCheck check​(org.uberfire.security.ResourceType resourceType, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)
      Creates a brand new ResourceCheck instance which provides a fluent styled API for the checking of restricted actions over a ResourceType.
      void invalidate​(org.jboss.errai.security.shared.api.identity.User user)
      Invalidate user related authorization data cached

    • Method Detail

      • authorize

        boolean authorize​(org.uberfire.security.Resource resource,
                  org.jboss.errai.security.shared.api.identity.User user,
                  org.uberfire.security.authz.VotingStrategy votingStrategy)
        Check if the specified user can "access" a given resource. The term "access" refers to the ability to be able to reach, read or view a resource. For instance, read a file, view an item in the UI, etc.

        Notice the resource may have dependencies (Resource.getDependencies()) to other resources, in such case the resource is only accessible if and only if one of its dependent references is accessible too.

        Parameters:
        resource - The resource
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if access is granted, false otherwise.

      • authorize

        boolean authorize​(org.uberfire.security.Resource resource,
                  org.uberfire.security.ResourceAction action,
                  org.jboss.errai.security.shared.api.identity.User user,
                  org.uberfire.security.authz.VotingStrategy votingStrategy)
        Check if the given action can be performed over the specified resource or any of its dependent resource references (see Resource.getDependencies()).
        Parameters:
        resource - The resource instance to check
        action - The action to check. If null then the authorize(Resource, User) method is invoked.
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if the action is granted, false otherwise.

      • authorize

        boolean authorize​(org.uberfire.security.ResourceType resourceType,
                  org.uberfire.security.ResourceAction action,
                  org.jboss.errai.security.shared.api.identity.User user,
                  org.uberfire.security.authz.VotingStrategy votingStrategy)
        Check if the given action can be performed over the specified resource or any of its dependent resource references (see Resource.getDependencies()).
        Parameters:
        resourceType - The resource type to check
        action - The action to check.
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if the action is granted, false otherwise.

      • authorize

        boolean authorize​(String permission,
                  org.jboss.errai.security.shared.api.identity.User user,
                  org.uberfire.security.authz.VotingStrategy votingStrategy)
        Check of the given permission has been granted to the user.
        Parameters:
        permission - The name of the permission to check
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if the permission is granted, false otherwise.

      • authorize

        boolean authorize​(Permission permission,
                  org.jboss.errai.security.shared.api.identity.User user,
                  org.uberfire.security.authz.VotingStrategy votingStrategy)
        Check of the given permission has been granted to the user.
        Parameters:
        permission - The name of the permission to check
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if the permission is granted, false otherwise.

      • check

        ResourceCheck check​(org.uberfire.security.Resource resource,
                    org.jboss.errai.security.shared.api.identity.User user,
                    org.uberfire.security.authz.VotingStrategy votingStrategy)
        Creates a brand new ResourceCheck instance which provides a fluent styled API for the checking of restricted actions over Resource instances.

        ExampleUsage: 

         User user;
   Resource resource;
   AuthorizationManager authzManager;

   boolean result = authzManager.check(resource, user)
      .granted(() -> System.out.println("Access granted"))
      .denied(() -> System.out.println("Access denied"))
      .result();
        Parameters:
        resource - The resource to check
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        A AuthorizationCheck instance.

      • check

        ResourceCheck check​(org.uberfire.security.ResourceType resourceType,
                    org.jboss.errai.security.shared.api.identity.User user,
                    org.uberfire.security.authz.VotingStrategy votingStrategy)
        Creates a brand new ResourceCheck instance which provides a fluent styled API for the checking of restricted actions over a ResourceType.

        ExampleUsage: 

         User user;
   AuthorizationManager authzManager;

   boolean result = authzManager.check(ActivityResourceType.PERSPECTIVE, user)
      .granted(() -> System.out.println("Access granted"))
      .denied(() -> System.out.println("Access denied"))
      .result();
        Parameters:
        resourceType - The resource type to check
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        A AuthorizationCheck instance.

      • check

        PermissionCheck check​(String permission,
                      org.jboss.errai.security.shared.api.identity.User user,
                      org.uberfire.security.authz.VotingStrategy votingStrategy)
        Creates a brand new PermissionCheck instance which provides a fluent styled API for checking permissions.

        ExampleUsage: 

         User user;
   AuthorizationManager authzManager;

   boolean result = authzManager.check("myfeature", user)
      .granted(() -> System.out.println("Access granted"))
      .denied(() -> System.out.println("Access denied"))
      .result();
        Parameters:
        permission - The name of the permission to check
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        A AuthorizationCheck instance.

      • authorize

        boolean authorize​(org.uberfire.security.Resource resource,
                  org.uberfire.security.ResourceAction action,
                  org.jboss.errai.security.shared.api.identity.User user)
        It redirects to authorize(Resource, ResourceAction, User) using the default voting strategy defined at PermissionManager.

      • authorize

        boolean authorize​(org.uberfire.security.Resource resource,
                  Collection<org.uberfire.security.Contributor> contributors,
                  org.uberfire.security.ResourceAction action,
                  org.jboss.errai.security.shared.api.identity.User user)
        It checks whether user is one of the contributors of resource as well permissions to access resource from security admin screen

      • invalidate

        void invalidate​(org.jboss.errai.security.shared.api.identity.User user)
        Invalidate user related authorization data cached
        Parameters:
        user - user to invalidate cache