[jboss-cvs] JBossAS SVN: r68742 - projects/security/security-spi/trunk/authorization/src/main/org/jboss/security.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Jan 9 15:02:58 EST 2008 

Author: anil.saldhana at jboss.com
Date: 2008-01-09 15:02:58 -0500 (Wed, 09 Jan 2008)
New Revision: 68742

Modified:
   projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/AuthorizationManager.java
Log:
SECURITY-107: weave in identity stuff

Modified: projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/AuthorizationManager.java
===================================================================
--- projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/AuthorizationManager.java	2008-01-09 20:02:09 UTC (rev 68741)
+++ projects/security/security-spi/trunk/authorization/src/main/org/jboss/security/AuthorizationManager.java	2008-01-09 20:02:58 UTC (rev 68742)
@@ -26,10 +26,14 @@
 import java.util.Map;
 import java.util.Set;
 
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
 import org.jboss.security.authorization.AuthorizationException;
 import org.jboss.security.authorization.EntitlementHolder;
 import org.jboss.security.authorization.Resource;
 import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.RoleGroup;
 
 //$Id$
 
@@ -47,10 +51,32 @@
    /**
     * Authorize a resource
     * @param resource
+    * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
+    * @throws AuthorizationException
+    */
+   public int authorize(final Resource resource) throws AuthorizationException;
+   
+   /**
+    * Authorize a resource given a role
+    * @param resource
+    * @param subject the authenticated subject
+    * @param role a role (which can be a nested role)
+    * @return AuthorizationContext.PERMIT or AuthorizationContext.DENY
+    * @throws AuthorizationException
+    */
+   public int authorize(final Resource resource, Subject subject,
+         RoleGroup role) throws AuthorizationException;
+   
+   /**
+    * Authorize a resource given a Group of Principals representing roles
+    * @param resource
+    * @param subject the authenticated subject
+    * @param roleGroup
     * @return
     * @throws AuthorizationException
     */
-   public int authorize(final Resource resource) throws AuthorizationException; 
+   public int authorize(final Resource resource, 
+         Subject subject, Group roleGroup) throws AuthorizationException;
    
    /**
     * Instance Based Security
@@ -75,9 +101,21 @@
    public boolean doesUserHaveRole(Principal principal, Set<Principal> roles); 
    
    
+   /**
+    * Get the Current Roles for the authenticated Subject
+    * The AuthorizationManager will apply role generation and role mapping 
+    * logic configured for the security domain
+    * @param authenticatedSubject
+    * @param cbh a CallbackHandler that can be used by the AuthorizationManager
+    *        to obtain essentials such as SecurityContext etc 
+    * @return
+    */
+   public RoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh);
+   
    /** Return the set of domain roles the principal has been assigned.
-   @return The Set<Principal> for the application domain roles that the
+    @return The Set<Principal> for the application domain roles that the
     principal has been assigned.
+    @deprecated
     */
    public Set<Principal> getUserRoles(Principal principal);

More information about the jboss-cvs-commits mailing list