Package org.jboss.security.javaee

Class AbstractWebAuthorizationHelper

  • Direct Known Subclasses:
    WebAuthorizationHelper
    public abstract class AbstractWebAuthorizationHelper
extends AbstractJavaEEHelper
    Abstract Web Authorization Helper
    Since:
    Apr 17, 2008
    Version:
    $Revision$
    Author:
    Anil.Saldhana@redhat.com

    • Field Detail

      • enableAudit

        protected boolean enableAudit

    • Constructor Detail

      • AbstractWebAuthorizationHelper

        public AbstractWebAuthorizationHelper()

    • Method Detail

      • isEnableAudit

        public boolean isEnableAudit()

      • setEnableAudit

        public void setEnableAudit​(boolean enableAudit)

      • checkResourcePermission

        public abstract boolean checkResourcePermission​(Map<String,​Object> contextMap,
                                                javax.servlet.ServletRequest request,
                                                javax.servlet.ServletResponse response,
                                                Subject callerSubject,
                                                String contextID,
                                                String canonicalRequestURI)
        Validate that the caller has the permission to access a web resource
        Parameters:
        contextMap -
        request -
        response -
        callerSubject -
        contextID -
        canonicalRequestURI -
        Returns:
        true - permitted
        Throws:
        IllegalArgumentException - request, response, callerSubject, contextID or canonicalRequestURI is null
        IllegalStateException - Authorization Manager from Security Context is null

      • checkResourcePermission

        public abstract boolean checkResourcePermission​(Map<String,​Object> contextMap,
                                                javax.servlet.ServletRequest request,
                                                javax.servlet.ServletResponse response,
                                                Subject callerSubject,
                                                String contextID,
                                                String canonicalRequestURI,
                                                List<String> roles)
        Validate that the caller has the permission to access a web resource
        Parameters:
        contextMap -
        request -
        response -
        callerSubject -
        contextID -
        canonicalRequestURI -
        roles -
        Returns:
        true - permitted
        Throws:
        IllegalArgumentException - request, response, callerSubject, contextID or canonicalRequestURI is null
        IllegalStateException - Authorization Manager from Security Context is null

      • hasRole

        public abstract boolean hasRole​(String roleName,
                                Principal principal,
                                String servletName,
                                Set<Principal> principalRoles,
                                String contextID,
                                Subject callerSubject)
        Validate that the caller has the required role to access a resource
        Parameters:
        roleName -
        principal -
        servletName -
        principalRoles -
        contextID -
        callerSubject -
        Returns:
        Throws:
        IllegalArgumentException - roleName, contextID, callerSubject is null
        IllegalStateException - Authorization Manager from Security Context is null

      • hasRole

        public abstract boolean hasRole​(String roleName,
                                Principal principal,
                                String servletName,
                                Set<Principal> principalRoles,
                                String contextID,
                                Subject callerSubject,
                                List<String> roles)
        Validate that the caller has the required role to access a resource
        Parameters:
        roleName -
        principal -
        servletName -
        principalRoles -
        contextID -
        callerSubject -
        roles -
        Returns:
        Throws:
        IllegalArgumentException - roleName, contextID, callerSubject is null
        IllegalStateException - Authorization Manager from Security Context is null

      • hasUserDataPermission

        public abstract boolean hasUserDataPermission​(Map<String,​Object> contextMap,
                                              javax.servlet.ServletRequest request,
                                              javax.servlet.ServletResponse response,
                                              String contextID,
                                              Subject callerSubject)
        Validate whether the transport constraints are met by the caller
        Parameters:
        contextMap -
        request -
        response -
        contextID -
        callerSubject -
        Returns:
        Throws:
        IllegalArgumentException - request, response, callerSubject or contextID is null
        IllegalStateException - Authorization Manager from Security Context is null

      • hasUserDataPermission

        public abstract boolean hasUserDataPermission​(Map<String,​Object> contextMap,
                                              javax.servlet.ServletRequest request,
                                              javax.servlet.ServletResponse response,
                                              String contextID,
                                              Subject callerSubject,
                                              List<String> roles)
        Validate whether the transport constraints are met by the caller
        Parameters:
        contextMap -
        request -
        response -
        contextID -
        callerSubject -
        roles -
        Returns:
        Throws:
        IllegalArgumentException - request, response, callerSubject or contextID is null
        IllegalStateException - Authorization Manager from Security Context is null