Package org.uberfire.security.authz

Interface PermissionManager

All Known Implementing Classes:

DefaultPermissionManager

public interface PermissionManager

This is the main interface for checking permissions against User instances.

This interface is backed by an AuthorizationPolicy instance which holds all the permissions declarations.

Example:

     @Inject
     PermissionManager permissionManager;

     @Inject
     User user;

     public boolean checkPermission() {
         Permission permission = permissionManager.createPermission("perspective.read.Home", true);
         return permissionManager.checkPermission(permission, user);
     }
 

Method Summary

Modifier and Type	Method	Description
AuthorizationResult	checkPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user)	Check if the given permission is granted to the specified user.
AuthorizationResult	checkPermission(Permission permission, org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)	Check if the given permission is granted to the specified user.
Permission	createPermission(String name, boolean granted)	Creates a permission instance.
Permission	createPermission(org.uberfire.security.Resource resource, org.uberfire.security.ResourceAction action, boolean granted)	Creates a permission instance representing an action on a given resource..
Permission	createPermission(org.uberfire.security.ResourceType resourceType, org.uberfire.security.ResourceAction action, boolean granted)	Creates a permission instance representing an action on a given resource..
AuthorizationPolicy	getAuthorizationPolicy()	Gets the current authorization policy instance set.
org.uberfire.security.authz.VotingStrategy	getDefaultVotingStrategy()	Gets the default voting strategy.
VotingAlgorithm	getVotingAlgorithm(org.uberfire.security.authz.VotingStrategy votingStrategy)	Gets the VotingAlgorithm implementation associated with the specified VotingStrategy.
void	invalidate(org.jboss.errai.security.shared.api.identity.User user)	Invalidate user related authorization data cached
AuthorizationPolicyBuilder	newAuthorizationPolicy()	Gets a builder reference in order to initialize a brand new AuthorizationPolicy instance.
PermissionCollection	resolvePermissions(org.jboss.errai.security.shared.api.identity.User user, org.uberfire.security.authz.VotingStrategy votingStrategy)	Get the permissions assigned to a given user.
String	resolveResourceId(Permission permission)	Given a permission it tries to determine what is the resource the permission refers to.
void	setAuthorizationPolicy(AuthorizationPolicy authorizationPolicy)	Changes the current authorization policy instance.
void	setDefaultVotingStrategy(org.uberfire.security.authz.VotingStrategy votingStrategy)	Set the default voting strategy to apply when checking permissions for users who have more than one role and/or group assigned.
void	setVotingAlgorithm(org.uberfire.security.authz.VotingStrategy votingStrategy, VotingAlgorithm votingAlgorithm)	Sets the VotingAlgorithm implementation to be used every time the given VotingStrategy is applied.

Method Detail

newAuthorizationPolicy

AuthorizationPolicyBuilder newAuthorizationPolicy()

Gets a builder reference in order to initialize a brand new AuthorizationPolicy instance.

getAuthorizationPolicy

AuthorizationPolicy getAuthorizationPolicy()

Gets the current authorization policy instance set.

setAuthorizationPolicy

void setAuthorizationPolicy(AuthorizationPolicy authorizationPolicy)

Changes the current authorization policy instance.

getDefaultVotingStrategy

org.uberfire.security.authz.VotingStrategy getDefaultVotingStrategy()

Gets the default voting strategy.

Returns:

A VotingStrategy instance

setDefaultVotingStrategy

void setDefaultVotingStrategy(org.uberfire.security.authz.VotingStrategy votingStrategy)

Set the default voting strategy to apply when checking permissions for users who have more than one role and/or group assigned.

Parameters:

votingStrategy - The voting strategy to apply when calling to checkPermission(Permission, User)

getVotingAlgorithm

VotingAlgorithm getVotingAlgorithm(org.uberfire.security.authz.VotingStrategy votingStrategy)

Gets the VotingAlgorithm implementation associated with the specified VotingStrategy.

Parameters:

votingStrategy - The voting strategy

Returns:

The voting algorithm instance

setVotingAlgorithm

void setVotingAlgorithm(org.uberfire.security.authz.VotingStrategy votingStrategy,
                        VotingAlgorithm votingAlgorithm)

Sets the VotingAlgorithm implementation to be used every time the given VotingStrategy is applied.

Parameters:

votingStrategy - The voting strategy

votingAlgorithm - The voting algorithm to apply when calling to checkPermission(Permission, User, VotingStrategy) with the proper voting strategy.

createPermission

Permission createPermission(String name,
                            boolean granted)

Creates a permission instance.

Parameters:

name - The name of the permission to create

granted - true=granted, false=denied

Returns:

A brand new permission instance

createPermission

Permission createPermission(org.uberfire.security.Resource resource,
                            org.uberfire.security.ResourceAction action,
                            boolean granted)

Creates a permission instance representing an action on a given resource..

Parameters:

resource - The resource instance

action - The action to check. If null then an "access" permission is created. The term access refers to the ability to reach, read, view ... the resource, depending on the resource type.

Returns:

A permission instance

createPermission

Permission createPermission(org.uberfire.security.ResourceType resourceType,
                            org.uberfire.security.ResourceAction action,
                            boolean granted)

Creates a permission instance representing an action on a given resource..

Parameters:

resourceType - The resource type

action - The action to check. If null then an "access" permission is created. The term access refers to the ability to reach, read, view ... the resource, depending on the resource type.

Returns:

A permission instance

checkPermission

AuthorizationResult checkPermission(Permission permission,
                                    org.jboss.errai.security.shared.api.identity.User user)

Check if the given permission is granted to the specified user.

NOTE: If voting is required (users with more than one role and/or group assigned) then the default voting strategy is used

Parameters:

permission - The permission to check

user - The user instance

Returns:

The authorization result: GRANTED / DENIED / ABSTAIN

See Also:

AuthorizationResult

checkPermission

AuthorizationResult checkPermission(Permission permission,
                                    org.jboss.errai.security.shared.api.identity.User user,
                                    org.uberfire.security.authz.VotingStrategy votingStrategy)

Check if the given permission is granted to the specified user.

Parameters:

permission - The permission to check

user - The user instance

votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned). If null then the default voting strategy is used.

Returns:

The authorization result: GRANTED / DENIED / ABSTAIN

resolveResourceId

String resolveResourceId(Permission permission)

Given a permission it tries to determine what is the resource the permission refers to.

The resolution mechanism works only if the permission instance was created by a previous call to createPermission(Resource, ResourceAction, boolean). In such case the identifier of the Resource instance is the value returned.

Parameters:

permission - The permission which resource id. has to be inferred.

Returns:

A resource id. or null if it can bot be inferred.

resolvePermissions

PermissionCollection resolvePermissions(org.jboss.errai.security.shared.api.identity.User user,
                                        org.uberfire.security.authz.VotingStrategy votingStrategy)

Get the permissions assigned to a given user.

Usually, the user's permissions is obtained by mixing all the permissions assigned to each role and group instance the user belongs to.

Every interface implementation must take into account the voting strategy specified, which is used to resolve permission collision.

Parameters:

user - The user instance

votingStrategy - The voting strategy

Returns:

The permission collection

See Also:

AuthorizationPolicy.getPriority(Role), AuthorizationPolicy.getPriority(Group)

invalidate

void invalidate(org.jboss.errai.security.shared.api.identity.User user)

Invalidate user related authorization data cached

Parameters:

user - user to invalidate cache