org.jboss.security.plugins
Class JBossAuthorizationManager

java.lang.Object
  extended by org.jboss.security.plugins.JBossAuthorizationManager
All Implemented Interfaces:
org.jboss.security.AuthorizationManager, org.jboss.security.BaseSecurityManager

public class JBossAuthorizationManager
extends Object
implements org.jboss.security.AuthorizationManager

Authorization Manager implementation

Since:
Jan 3, 2006
Version:
$Revision: 83432 $
Author:
Anil Saldhana

Field Summary
protected  boolean trace
           
 
Constructor Summary
JBossAuthorizationManager(String securityDomainName)
           
 
Method Summary
 int authorize(org.jboss.security.authorization.Resource resource)
           
 int authorize(org.jboss.security.authorization.Resource resource, org.jboss.security.identity.Identity identity, org.jboss.security.authorization.Permission permission)
           
 int authorize(org.jboss.security.authorization.Resource resource, Subject subject)
           
 int authorize(org.jboss.security.authorization.Resource resource, Subject subject, Group roleGroup)
           
 int authorize(org.jboss.security.authorization.Resource resource, Subject subject, org.jboss.security.identity.RoleGroup role)
           
protected  boolean doesRoleGroupHaveRole(Principal role, org.jboss.security.identity.RoleGroup userRoles)
          Check that the indicated application domain role is a member of the user's assigned roles.
 boolean doesUserHaveRole(Principal principal, Principal role)
          Does the current Subject have a role(a Principal) that equates to one of the role names.
 boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
          Does the current Subject have a role(a Principal) that equates to one of the role names.
<T> org.jboss.security.authorization.EntitlementHolder<T>
getEntitlements(Class<T> clazz, org.jboss.security.authorization.Resource resource, org.jboss.security.identity.Identity identity)
           
 String getSecurityDomain()
           
 org.jboss.security.identity.RoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
           
 Group getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)
           
 Set<Principal> getUserRoles(Principal principal)
          Return the set of domain roles the current active Subject 'Roles' group found in the subject Principals set.
 void setAuthorizationContext(org.jboss.security.authorization.AuthorizationContext ac)
          Set the AuthorizationContext
 String toString()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

trace

protected boolean trace
Constructor Detail

JBossAuthorizationManager

public JBossAuthorizationManager(String securityDomainName)
Method Detail

authorize

public int authorize(org.jboss.security.authorization.Resource resource)
              throws org.jboss.security.authorization.AuthorizationException
Specified by:
authorize in interface org.jboss.security.AuthorizationManager
Throws:
org.jboss.security.authorization.AuthorizationException
See Also:
AuthorizationManager.authorize(Resource)

authorize

public int authorize(org.jboss.security.authorization.Resource resource,
                     Subject subject)
              throws org.jboss.security.authorization.AuthorizationException
Specified by:
authorize in interface org.jboss.security.AuthorizationManager
Throws:
org.jboss.security.authorization.AuthorizationException
See Also:
AuthorizationManager.authorize(Resource, Subject)

authorize

public int authorize(org.jboss.security.authorization.Resource resource,
                     Subject subject,
                     org.jboss.security.identity.RoleGroup role)
              throws org.jboss.security.authorization.AuthorizationException
Specified by:
authorize in interface org.jboss.security.AuthorizationManager
Throws:
org.jboss.security.authorization.AuthorizationException
See Also:
AuthorizationManager.authorize(Resource, Subject, RoleGroup)

authorize

public int authorize(org.jboss.security.authorization.Resource resource,
                     Subject subject,
                     Group roleGroup)
              throws org.jboss.security.authorization.AuthorizationException
Specified by:
authorize in interface org.jboss.security.AuthorizationManager
Throws:
org.jboss.security.authorization.AuthorizationException
See Also:
AuthorizationManager.authorize(Resource, Subject, Group)

authorize

public int authorize(org.jboss.security.authorization.Resource resource,
                     org.jboss.security.identity.Identity identity,
                     org.jboss.security.authorization.Permission permission)
              throws org.jboss.security.authorization.AuthorizationException
Specified by:
authorize in interface org.jboss.security.AuthorizationManager
Throws:
org.jboss.security.authorization.AuthorizationException

getEntitlements

public <T> org.jboss.security.authorization.EntitlementHolder<T> getEntitlements(Class<T> clazz,
                                                                                 org.jboss.security.authorization.Resource resource,
                                                                                 org.jboss.security.identity.Identity identity)
                                                                      throws org.jboss.security.authorization.AuthorizationException
Specified by:
getEntitlements in interface org.jboss.security.AuthorizationManager
Throws:
org.jboss.security.authorization.AuthorizationException
See Also:
AuthorizationManager#entitlements(Class, Resource, Identity)

doesUserHaveRole

public boolean doesUserHaveRole(Principal principal,
                                Set<Principal> rolePrincipals)
Does the current Subject have a role(a Principal) that equates to one of the role names. This method obtains the Group named 'Roles' from the principal set of the currently authenticated Subject as determined by the SecurityAssociation.getSubject() method and then creates a SimplePrincipal for each name in roleNames. If the role is a member of the Roles group, then the user has the role. This requires that the caller establish the correct SecurityAssociation subject prior to calling this method. In the past this was done as a side-effect of an isValid() call, but this is no longer the case.

Specified by:
doesUserHaveRole in interface org.jboss.security.AuthorizationManager
Parameters:
principal - - ignored. The current authenticated Subject determines the active user and assigned user roles.
rolePrincipals - - a Set of Principals for the roles to check.
See Also:
Group;, Subject.getPrincipals()

doesUserHaveRole

public boolean doesUserHaveRole(Principal principal,
                                Principal role)
Does the current Subject have a role(a Principal) that equates to one of the role names.

Parameters:
principal - - ignored. The current authenticated Subject determines the active user and assigned user roles.
role - - the application domain role that the principal is to be validated against.
Returns:
true if the active principal has the role, false otherwise.
See Also:
doesUserHaveRole(Principal, Set)

getUserRoles

public Set<Principal> getUserRoles(Principal principal)
Return the set of domain roles the current active Subject 'Roles' group found in the subject Principals set.

Specified by:
getUserRoles in interface org.jboss.security.AuthorizationManager
Parameters:
principal - - ignored. The current authenticated Subject determines the active user and assigned user roles.
Returns:
The Set for the application domain roles that the principal has been assigned.

doesRoleGroupHaveRole

protected boolean doesRoleGroupHaveRole(Principal role,
                                        org.jboss.security.identity.RoleGroup userRoles)
Check that the indicated application domain role is a member of the user's assigned roles. This handles the special AnybodyPrincipal and NobodyPrincipal independent of the Group implementation.

Parameters:
role - , the application domain role required for access
userRoles - , the set of roles assigned to the user
Returns:
true if role is in userRoles or an AnybodyPrincipal instance, false if role is a NobodyPrincipal or no a member of userRoles

toString

public String toString()
Overrides:
toString in class Object

setAuthorizationContext

public void setAuthorizationContext(org.jboss.security.authorization.AuthorizationContext ac)
Set the AuthorizationContext


getSecurityDomain

public String getSecurityDomain()
Specified by:
getSecurityDomain in interface org.jboss.security.BaseSecurityManager

getTargetRoles

public Group getTargetRoles(Principal targetPrincipal,
                            Map<String,Object> contextMap)
Specified by:
getTargetRoles in interface org.jboss.security.AuthorizationManager
See Also:
AuthorizationManager.getTargetRoles(Principal, Map)

getSubjectRoles

public org.jboss.security.identity.RoleGroup getSubjectRoles(Subject authenticatedSubject,
                                                             CallbackHandler cbh)
Specified by:
getSubjectRoles in interface org.jboss.security.AuthorizationManager
See Also:
AuthorizationManager.getSubjectRoles(Subject, CallbackHandler)


Copyright © 2009 JBoss Inc.. All Rights Reserved.