Package org.jboss.security.acl

Interface ACLProvider

All Known Implementing Classes:

ACLProviderImpl, RoleBasedACLProviderImpl

public interface ACLProvider

An ACLProvider is responsible for the management of the ACLs associated to the resources being protected. Implementations of this interface will typically interact with some sort of repository, where the ACLs are stored.

Author:

Stefan Guilhen, Anil.Saldhana@redhat.com

Method Summary

Modifier and Type	Method	Description
<T> Set<T>	getEntitlements(Class<T> clazz, Resource resource, Identity identity)	For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc.
ACLPersistenceStrategy	getPersistenceStrategy()	Obtains the ACLPersistenceStrategy associated with this provider.
void	initialize(Map<String,Object> sharedState, Map<String,Object> options)	Initialize the provider
boolean	isAccessGranted(Resource resource, Identity identity, ACLPermission permission)	Checks if the given identity has the permissions needed to access the specified resource.
void	setPersistenceStrategy(ACLPersistenceStrategy strategy)	Sets the persistence strategy to be used by this provider.
boolean	tearDown()	Give an opportunity for the provider to finalize the operations

Method Detail

initialize

void initialize(Map<String,Object> sharedState,
                Map<String,Object> options)

Initialize the provider

Parameters:

sharedState - Shared State

options - Options

getEntitlements

<T> Set<T> getEntitlements(Class<T> clazz,
                           Resource resource,
                           Identity identity)
                    throws AuthorizationException

For a given Resource and an Identity, return all the entitlements Eg: A portal page can consist of say 10 components such as windows, subpages etc. Now the Portal page can be the resource and for a given identity, the entitlements would be the subset of these 10 components to which the identity has access

Type Parameters:

T -

Parameters:

resource -

identity -

Returns:

Throws:

AuthorizationException

isAccessGranted

boolean isAccessGranted(Resource resource,
                        Identity identity,
                        ACLPermission permission)
                 throws AuthorizationException

Checks if the given identity has the permissions needed to access the specified resource. This involves finding the ACL associated with the resource and consulting the ACL to determine if access should be granted or not to the identity.

Parameters:

resource - the Resource being accessed.

identity - the Identity trying to access the resource.

permission - the permissions needed to access the resource.

Returns:

true if the identity has enough permissions to access the resource; false otherwise.

Throws:

AuthorizationException - if no ACL can be found for the specified resource.

getPersistenceStrategy

ACLPersistenceStrategy getPersistenceStrategy()

Obtains the ACLPersistenceStrategy associated with this provider.

Returns:

a reference to the ACLPersistenceStrategy used by this provider.

setPersistenceStrategy

void setPersistenceStrategy(ACLPersistenceStrategy strategy)

Sets the persistence strategy to be used by this provider.

Parameters:

strategy - a reference to the ACLPersistenceStrategy to be used.

tearDown

boolean tearDown()

Give an opportunity for the provider to finalize the operations

Returns: