KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > osgi > service > useradmin > Authorization


1 /*
2  * $Header: /cvshome/build/org.osgi.service.useradmin/src/org/osgi/service/useradmin/Authorization.java,v 1.9 2006/07/11 00:54:01 hargrave Exp $
3  *
4  * Copyright (c) OSGi Alliance (2001, 2006). All Rights Reserved.
5  *
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  */

18 package org.osgi.service.useradmin;
19
20 /**
21  * The <code>Authorization</code> interface encapsulates an authorization context
22  * on which bundles can base authorization decisions, where appropriate.
23  * <p>
24  * Bundles associate the privilege to access restricted resources or operations
25  * with roles. Before granting access to a restricted resource or operation, a
26  * bundle will check if the <code>Authorization</code> object passed to it possess
27  * the required role, by calling its <code>hasRole</code> method.
28  * <p>
29  * Authorization contexts are instantiated by calling the
30  * {@link UserAdmin#getAuthorization} method.
31  *
32  * <p>
33  * <i>Trusting Authorization objects </i>
34  * <p>
35  * There are no restrictions regarding the creation of <code>Authorization</code>
36  * objects. Hence, a service must only accept <code>Authorization</code> objects
37  * from bundles that has been authorized to use the service using code based (or
38  * Java 2) permissions.
39  *
40  * <p>
41  * In some cases it is useful to use <code>ServicePermission</code> to do the code
42  * based access control. A service basing user access control on
43  * <code>Authorization</code> objects passed to it, will then require that a
44  * calling bundle has the <code>ServicePermission</code> to get the service in
45  * question. This is the most convenient way. The OSGi environment will do the
46  * code based permission check when the calling bundle attempts to get the
47  * service from the service registry.
48  * <p>
49  * Example: A servlet using a service on a user's behalf. The bundle with the
50  * servlet must be given the <code>ServicePermission</code> to get the Http
51  * Service.
52  * <p>
53  * However, in some cases the code based permission checks need to be more
54  * fine-grained. A service might allow all bundles to get it, but require
55  * certain code based permissions for some of its methods.
56  * <p>
57  * Example: A servlet using a service on a user's behalf, where some service
58  * functionality is open to anyone, and some is restricted by code based
59  * permissions. When a restricted method is called (e.g., one handing over an
60  * <code>Authorization</code> object), the service explicitly checks that the
61  * calling bundle has permission to make the call.
62  *
63  * @version $Revision: 1.9 $
64  */

65 public interface Authorization {
66     /**
67      * Gets the name of the {@link User} that this <code>Authorization</code>
68      * context was created for.
69      *
70      * @return The name of the {@link User} object that this
71      * <code>Authorization</code> context was created for, or
72      * <code>null</code> if no user was specified when this
73      * <code>Authorization</code> context was created.
74      */

75     public String JavaDoc getName();
76
77     /**
78      * Checks if the role with the specified name is implied by this
79      * <code>Authorization</code> context.
80      * <p>
81      *
82      * Bundles must define globally unique role names that are associated with
83      * the privilege of accessing restricted resources or operations. Operators
84      * will grant users access to these resources, by creating a {@link Group}
85      * object for each role and adding {@link User} objects to it.
86      *
87      * @param name The name of the role to check for.
88      *
89      * @return <code>true</code> if this <code>Authorization</code> context implies
90      * the specified role, otherwise <code>false</code>.
91      */

92     public boolean hasRole(String JavaDoc name);
93
94     /**
95      * Gets the names of all roles encapsulated by this <code>Authorization</code>
96      * context.
97      *
98      * @return The names of all roles encapsulated by this
99      * <code>Authorization</code> context, or <code>null</code> if no roles
100      * are in the context. The predefined role <code>user.anyone</code>
101      * will not be included in this list.
102      */

103     public String JavaDoc[] getRoles();
104 }
105
Popular Tags