Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.dtolabs.rundeck.core.authorization
Class BaseAuthorization

java.lang.Object
  extended by com.dtolabs.rundeck.core.authorization.BaseAuthorization
All Implemented Interfaces:
Authorization, LegacyAuthorization
Direct Known Subclasses:
DenyAuthorization, NoAuthorization
public abstract class BaseAuthorization
extends java.lang.Object
implements Authorization, LegacyAuthorization

BasAuthorization is ...

Constructor Summary
BaseAuthorization(Framework framework, java.io.File aclBaseDir)
          Default constructor
 
Method Summary
 boolean authorizeScript(java.lang.String user, java.lang.String project, java.lang.String adhocScript)
          script authorization
 Decision evaluate(java.util.Map<java.lang.String,java.lang.String> resource, javax.security.auth.Subject subject, java.lang.String action, java.util.Set<Attribute> environment)
          Evaluate the authorization request and return if this request is valid.
 java.util.Set<Decision> evaluate(java.util.Set<java.util.Map<java.lang.String,java.lang.String>> resources, javax.security.auth.Subject subject, java.util.Set<java.lang.String> actions, java.util.Set<Attribute> environment)
          Make a multiple resource determination.
protected abstract  java.lang.String getDescription()
           
protected abstract  org.apache.log4j.Logger getLogger()
           
 java.lang.String[] getMatchedRoles()
          Gets role memberships
protected abstract  Explanation.Code getResultCode()
           
protected abstract  boolean isAuthorized()
           
 java.lang.String listMatchedRoles()
          Formatted list of matched roles.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BaseAuthorization

public BaseAuthorization(Framework framework,
                         java.io.File aclBaseDir)
Default constructor

Parameters:
framework -
aclBaseDir -
Method Detail

getLogger

protected abstract org.apache.log4j.Logger getLogger()

getDescription

protected abstract java.lang.String getDescription()

getResultCode

protected abstract Explanation.Code getResultCode()

isAuthorized

protected abstract boolean isAuthorized()

getMatchedRoles

public java.lang.String[] getMatchedRoles()
Description copied from interface: LegacyAuthorization
Gets role memberships

Specified by:
getMatchedRoles in interface LegacyAuthorization
Returns:
matchedRoles

listMatchedRoles

public java.lang.String listMatchedRoles()
Description copied from interface: LegacyAuthorization
Formatted list of matched roles. Each role is separated by a space (" ").

Specified by:
listMatchedRoles in interface LegacyAuthorization
Returns:
a formatted string or empty string

authorizeScript

public boolean authorizeScript(java.lang.String user,
                               java.lang.String project,
                               java.lang.String adhocScript)
                        throws AuthorizationException
Description copied from interface: LegacyAuthorization
script authorization

Specified by:
authorizeScript in interface LegacyAuthorization
Parameters:
user - user name
project - project name
adhocScript - script to execute
Returns:
Throws:
AuthorizationException

evaluate

public Decision evaluate(java.util.Map<java.lang.String,java.lang.String> resource,
                         javax.security.auth.Subject subject,
                         java.lang.String action,
                         java.util.Set<Attribute> environment)
Description copied from interface: Authorization
Evaluate the authorization request and return if this request is valid. Make a single resource determination. The method is loosely based on the XACML model for structuring requests and response. These can be prefixed with a fully qualified namespace and ':'. If anything goes wrong in evaluating the request, the result will be false. No exception will be thrown.

Specified by:
evaluate in interface Authorization
Parameters:
resource - The properties that identify the resource.
subject - The properties that represent the subject.
action - A set of actions that are being requested on the resource.
environment - A set of environment properties (hostname, time of day, etc.)
Returns:
decision Return true if the subject's action on the object given the environment is authorized.

evaluate

public java.util.Set<Decision> evaluate(java.util.Set<java.util.Map<java.lang.String,java.lang.String>> resources,
                                        javax.security.auth.Subject subject,
                                        java.util.Set<java.lang.String> actions,
                                        java.util.Set<Attribute> environment)
Description copied from interface: Authorization
Make a multiple resource determination.

Specified by:
evaluate in interface Authorization
Returns:
decisions
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD