org.jboss.security.javaee
Class AbstractWebAuthorizationHelper

java.lang.Object
  extended by org.jboss.security.javaee.AbstractJavaEEHelper
      extended by org.jboss.security.javaee.AbstractWebAuthorizationHelper

public abstract class AbstractWebAuthorizationHelper
extends AbstractJavaEEHelper

Abstract Web Authorization Helper

Since:
Apr 17, 2008
Version:
$Revision$
Author:
Anil.Saldhana@redhat.com

Field Summary
protected  boolean enableAudit
           
 
Fields inherited from class org.jboss.security.javaee.AbstractJavaEEHelper
policyRegistration, securityContext
 
Constructor Summary
AbstractWebAuthorizationHelper()
           
 
Method Summary
abstract  boolean checkResourcePermission(Map<String,Object> contextMap, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Subject callerSubject, String contextID, String canonicalRequestURI)
          Validate that the caller has the permission to access a web resource
abstract  boolean hasRole(String roleName, Principal principal, String servletName, Set<Principal> principalRoles, String contextID, Subject callerSubject)
          Validate that the caller has the required role to access a resource
abstract  boolean hasUserDataPermission(Map<String,Object> contextMap, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, String contextID, Subject callerSubject)
          Validate whether the transport constraints are met by the caller
 boolean isEnableAudit()
           
 void setEnableAudit(boolean enableAudit)
           
 
Methods inherited from class org.jboss.security.javaee.AbstractJavaEEHelper
audit, authorizationAudit, getCallerPrincipal, getContextMap, getPolicyRegistration, getSecurityContext, setPolicyRegistration, setSecurityContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

enableAudit

protected boolean enableAudit
Constructor Detail

AbstractWebAuthorizationHelper

public AbstractWebAuthorizationHelper()
Method Detail

isEnableAudit

public boolean isEnableAudit()

setEnableAudit

public void setEnableAudit(boolean enableAudit)

checkResourcePermission

public abstract boolean checkResourcePermission(Map<String,Object> contextMap,
                                                javax.servlet.ServletRequest request,
                                                javax.servlet.ServletResponse response,
                                                Subject callerSubject,
                                                String contextID,
                                                String canonicalRequestURI)
Validate that the caller has the permission to access a web resource

Parameters:
contextMap -
request -
response -
callerSubject -
contextID -
canonicalRequestURI -
Returns:
true - permitted
Throws:
IllegalArgumentException - request, response, callerSubject, contextID or canonicalRequestURI is null
IllegalStateException - Authorization Manager from Security Context is null

hasRole

public abstract boolean hasRole(String roleName,
                                Principal principal,
                                String servletName,
                                Set<Principal> principalRoles,
                                String contextID,
                                Subject callerSubject)
Validate that the caller has the required role to access a resource

Parameters:
roleName -
principal -
servletName -
principalRoles -
contextID -
callerSubject -
Returns:
Throws:
IllegalArgumentException - roleName, contextID, callerSubject is null
IllegalStateException - Authorization Manager from Security Context is null

hasUserDataPermission

public abstract boolean hasUserDataPermission(Map<String,Object> contextMap,
                                              javax.servlet.ServletRequest request,
                                              javax.servlet.ServletResponse response,
                                              String contextID,
                                              Subject callerSubject)
Validate whether the transport constraints are met by the caller

Parameters:
contextMap -
request -
response -
contextID -
callerSubject -
Returns:
Throws:
IllegalArgumentException - request, response, callerSubject or contextID is null
IllegalStateException - Authorization Manager from Security Context is null


Copyright © 2009 JBoss Inc.. All Rights Reserved.