public interface IAuthorizer
| Modifier and Type | Method and Description |
|---|---|
java.util.Set<Permission> |
authorize(AuthenticatedUser user,
IResource resource)
Returns a set of permissions of a user on a resource.
|
void |
grant(AuthenticatedUser performer,
java.util.Set<Permission> permissions,
IResource resource,
RoleResource grantee)
Grants a set of permissions on a resource to a role.
|
java.util.Set<PermissionDetails> |
list(AuthenticatedUser performer,
java.util.Set<Permission> permissions,
IResource resource,
RoleResource grantee)
Returns a list of permissions on a resource granted to a role.
|
java.util.Set<? extends IResource> |
protectedResources()
Set of resources that should be made inaccessible to users and only accessible internally.
|
default boolean |
requireAuthorization()
Whether or not the authorizer will attempt authorization.
|
void |
revoke(AuthenticatedUser performer,
java.util.Set<Permission> permissions,
IResource resource,
RoleResource revokee)
Revokes a set of permissions on a resource from a user.
|
void |
revokeAllFrom(RoleResource revokee)
Called before deleting a role with DROP ROLE statement (or the alias provided for compatibility,
DROP USER) so that a new role with the same name wouldn't inherit permissions of the deleted one in the future.
|
void |
revokeAllOn(IResource droppedResource)
This method is called after a resource is removed (i.e.
|
void |
setup()
Setup is called once upon system startup to initialize the IAuthorizer.
|
void |
validateConfiguration()
Validates configuration of IAuthorizer implementation (if configurable).
|
default boolean requireAuthorization()
java.util.Set<Permission> authorize(AuthenticatedUser user, IResource resource)
user - Authenticated user requesting authorization.resource - Resource for which the authorization is being requested. @see DataResource.void grant(AuthenticatedUser performer, java.util.Set<Permission> permissions, IResource resource, RoleResource grantee) throws RequestValidationException, RequestExecutionException
performer - User who grants the permissions.permissions - Set of permissions to grant.resource - Resource on which to grant the permissions.grantee - Role to which the permissions are to be granted.RequestValidationExceptionRequestExecutionExceptionjava.lang.UnsupportedOperationExceptionvoid revoke(AuthenticatedUser performer, java.util.Set<Permission> permissions, IResource resource, RoleResource revokee) throws RequestValidationException, RequestExecutionException
performer - User who revokes the permissions.permissions - Set of permissions to revoke.revokee - Role from which to the permissions are to be revoked.resource - Resource on which to revoke the permissions.RequestValidationExceptionRequestExecutionExceptionjava.lang.UnsupportedOperationExceptionjava.util.Set<PermissionDetails> list(AuthenticatedUser performer, java.util.Set<Permission> permissions, IResource resource, RoleResource grantee) throws RequestValidationException, RequestExecutionException
performer - User who wants to see the permissions.permissions - Set of Permission values the user is interested in. The result should only include the
matching ones.resource - The resource on which permissions are requested. Can be null, in which case permissions on all
resources should be returned.grantee - The role whose permissions are requested. Can be null, in which case permissions of every
role should be returned.RequestValidationExceptionRequestExecutionExceptionjava.lang.UnsupportedOperationExceptionvoid revokeAllFrom(RoleResource revokee)
revokee - The role to revoke all permissions from.java.lang.UnsupportedOperationExceptionvoid revokeAllOn(IResource droppedResource)
droppedResource - The resource to revoke all permissions on.java.lang.UnsupportedOperationExceptionjava.util.Set<? extends IResource> protectedResources()
void validateConfiguration()
throws ConfigurationException
ConfigurationException - when there is a configuration error.void setup()
Copyright © 2018 The Apache Software Foundation