Authorization


1   /*
2    * $Header: /cvshome/build/org.osgi.service.useradmin/src/org/osgi/service/useradmin/Authorization.java,v 1.9 2006/07/11 00:54:01 hargrave Exp $
3    *
4    * Copyright (c) OSGi Alliance (2001, 2006). All Rights Reserved.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License");
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *      http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.osgi.service.useradmin;
19  
20  /**
21   * The <code>Authorization</code> interface encapsulates an authorization context
22   * on which bundles can base authorization decisions, where appropriate.
23   * <p>
24   * Bundles associate the privilege to access restricted resources or operations
25   * with roles. Before granting access to a restricted resource or operation, a
26   * bundle will check if the <code>Authorization</code> object passed to it possess
27   * the required role, by calling its <code>hasRole</code> method.
28   * <p>
29   * Authorization contexts are instantiated by calling the
30   * {@link UserAdmin#getAuthorization} method.
31   * 
32   * <p>
33   * <i>Trusting Authorization objects </i>
34   * <p>
35   * There are no restrictions regarding the creation of <code>Authorization</code>
36   * objects. Hence, a service must only accept <code>Authorization</code> objects
37   * from bundles that has been authorized to use the service using code based (or
38   * Java 2) permissions.
39   * 
40   * <p>
41   * In some cases it is useful to use <code>ServicePermission</code> to do the code
42   * based access control. A service basing user access control on
43   * <code>Authorization</code> objects passed to it, will then require that a
44   * calling bundle has the <code>ServicePermission</code> to get the service in
45   * question. This is the most convenient way. The OSGi environment will do the
46   * code based permission check when the calling bundle attempts to get the
47   * service from the service registry.
48   * <p>
49   * Example: A servlet using a service on a user's behalf. The bundle with the
50   * servlet must be given the <code>ServicePermission</code> to get the Http
51   * Service.
52   * <p>
53   * However, in some cases the code based permission checks need to be more
54   * fine-grained. A service might allow all bundles to get it, but require
55   * certain code based permissions for some of its methods.
56   * <p>
57   * Example: A servlet using a service on a user's behalf, where some service
58   * functionality is open to anyone, and some is restricted by code based
59   * permissions. When a restricted method is called (e.g., one handing over an
60   * <code>Authorization</code> object), the service explicitly checks that the
61   * calling bundle has permission to make the call.
62   * 
63   * @version $Revision: 1.9 $
64   */
65  public interface Authorization {
66      /**
67       * Gets the name of the {@link User} that this <code>Authorization</code>
68       * context was created for.
69       * 
70       * @return The name of the {@link User} object that this
71       *         <code>Authorization</code> context was created for, or
72       *         <code>null</code> if no user was specified when this
73       *         <code>Authorization</code> context was created.
74       */
75      public String   getName();
76  
77      /**
78       * Checks if the role with the specified name is implied by this
79       * <code>Authorization</code> context.
80       * <p>
81       * 
82       * Bundles must define globally unique role names that are associated with
83       * the privilege of accessing restricted resources or operations. Operators
84       * will grant users access to these resources, by creating a {@link Group}
85       * object for each role and adding {@link User} objects to it.
86       * 
87       * @param name The name of the role to check for.
88       * 
89       * @return <code>true</code> if this <code>Authorization</code> context implies
90       *         the specified role, otherwise <code>false</code>.
91       */
92      public boolean hasRole(String   name);
93  
94      /**
95       * Gets the names of all roles encapsulated by this <code>Authorization</code>
96       * context.
97       * 
98       * @return The names of all roles encapsulated by this
99       *         <code>Authorization</code> context, or <code>null</code> if no roles
100      *         are in the context. The predefined role <code>user.anyone</code>
101      *         will not be included in this list.
102      */
103     public String  [] getRoles();
104 }
105
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags