Package org.uberfire.security.impl.authz

Class DefaultAuthorizationManager

    • Constructor Detail

      • DefaultAuthorizationManager

        public DefaultAuthorizationManager()

      • DefaultAuthorizationManager

        @Inject
public DefaultAuthorizationManager​(PermissionManager permissionManager)

    • Method Detail

      • authorize

        public boolean authorize​(org.uberfire.security.Resource resource,
                         Collection<org.uberfire.security.Contributor> contributors,
                         org.uberfire.security.ResourceAction action,
                         org.jboss.errai.security.shared.api.identity.User user)
        Description copied from interface: AuthorizationManager
        It checks whether user is one of the contributors of resource as well permissions to access resource from security admin screen
        Specified by:
        authorize in interface AuthorizationManager

      • authorize

        public boolean authorize​(org.uberfire.security.Resource resource,
                         org.jboss.errai.security.shared.api.identity.User user,
                         org.uberfire.security.authz.VotingStrategy votingStrategy)
        Description copied from interface: AuthorizationManager
        Check if the specified user can "access" a given resource. The term "access" refers to the ability to be able to reach, read or view a resource. For instance, read a file, view an item in the UI, etc.

        Notice the resource may have dependencies (Resource.getDependencies()) to other resources, in such case the resource is only accessible if and only if one of its dependent references is accessible too.

        Specified by:
        authorize in interface AuthorizationManager
        Parameters:
        resource - The resource
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if access is granted, false otherwise.

      • authorize

        public boolean authorize​(org.uberfire.security.Resource resource,
                         org.uberfire.security.ResourceAction action,
                         org.jboss.errai.security.shared.api.identity.User user,
                         org.uberfire.security.authz.VotingStrategy votingStrategy)
        Description copied from interface: AuthorizationManager
        Check if the given action can be performed over the specified resource or any of its dependent resource references (see Resource.getDependencies()).
        Specified by:
        authorize in interface AuthorizationManager
        Parameters:
        resource - The resource instance to check
        action - The action to check. If null then the AuthorizationManager.authorize(Resource, User) method is invoked.
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if the action is granted, false otherwise.

      • authorize

        public boolean authorize​(org.uberfire.security.ResourceType resourceType,
                         org.uberfire.security.ResourceAction action,
                         org.jboss.errai.security.shared.api.identity.User user,
                         org.uberfire.security.authz.VotingStrategy votingStrategy)
        Description copied from interface: AuthorizationManager
        Check if the given action can be performed over the specified resource or any of its dependent resource references (see Resource.getDependencies()).
        Specified by:
        authorize in interface AuthorizationManager
        Parameters:
        resourceType - The resource type to check
        action - The action to check.
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if the action is granted, false otherwise.

      • authorize

        public boolean authorize​(String permission,
                         org.jboss.errai.security.shared.api.identity.User user,
                         org.uberfire.security.authz.VotingStrategy votingStrategy)
        Description copied from interface: AuthorizationManager
        Check of the given permission has been granted to the user.
        Specified by:
        authorize in interface AuthorizationManager
        Parameters:
        permission - The name of the permission to check
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if the permission is granted, false otherwise.

      • authorize

        public boolean authorize​(Permission permission,
                         org.jboss.errai.security.shared.api.identity.User user,
                         org.uberfire.security.authz.VotingStrategy votingStrategy)
        Description copied from interface: AuthorizationManager
        Check of the given permission has been granted to the user.
        Specified by:
        authorize in interface AuthorizationManager
        Parameters:
        permission - The name of the permission to check
        user - The user instance
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        true if the permission is granted, false otherwise.

      • check

        public ResourceCheck check​(org.uberfire.security.Resource target,
                           org.jboss.errai.security.shared.api.identity.User user,
                           org.uberfire.security.authz.VotingStrategy votingStrategy)
        Description copied from interface: AuthorizationManager
        Creates a brand new ResourceCheck instance which provides a fluent styled API for the checking of restricted actions over Resource instances.

        ExampleUsage: 

         User user;
   Resource resource;
   AuthorizationManager authzManager;

   boolean result = authzManager.check(resource, user)
      .granted(() -> System.out.println("Access granted"))
      .denied(() -> System.out.println("Access denied"))
      .result();
        Specified by:
        check in interface AuthorizationManager
        Parameters:
        target - The resource to check
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        A AuthorizationCheck instance.

      • check

        public ResourceCheck check​(org.uberfire.security.ResourceType target,
                           org.jboss.errai.security.shared.api.identity.User user,
                           org.uberfire.security.authz.VotingStrategy votingStrategy)
        Description copied from interface: AuthorizationManager
        Creates a brand new ResourceCheck instance which provides a fluent styled API for the checking of restricted actions over a ResourceType.

        ExampleUsage: 

         User user;
   AuthorizationManager authzManager;

   boolean result = authzManager.check(ActivityResourceType.PERSPECTIVE, user)
      .granted(() -> System.out.println("Access granted"))
      .denied(() -> System.out.println("Access denied"))
      .result();
        Specified by:
        check in interface AuthorizationManager
        Parameters:
        target - The resource type to check
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        A AuthorizationCheck instance.

      • check

        public PermissionCheck check​(String permission,
                             org.jboss.errai.security.shared.api.identity.User user,
                             org.uberfire.security.authz.VotingStrategy votingStrategy)
        Description copied from interface: AuthorizationManager
        Creates a brand new PermissionCheck instance which provides a fluent styled API for checking permissions.

        ExampleUsage: 

         User user;
   AuthorizationManager authzManager;

   boolean result = authzManager.check("myfeature", user)
      .granted(() -> System.out.println("Access granted"))
      .denied(() -> System.out.println("Access denied"))
      .result();
        Specified by:
        check in interface AuthorizationManager
        Parameters:
        permission - The name of the permission to check
        votingStrategy - The voting strategy to use when voting is required (users with more than one role and/or group assigned).
        Returns:
        A AuthorizationCheck instance.

      • invalidate

        public void invalidate​(org.jboss.errai.security.shared.api.identity.User user)
        Description copied from interface: AuthorizationManager
        Invalidate user related authorization data cached
        Specified by:
        invalidate in interface AuthorizationManager
        Parameters:
        user - user to invalidate cache