Package org.forgerock.openam.rest.authz

Class CrestPrivilegeAuthzModule

java.lang.Object

org.forgerock.openam.authz.PrivilegeAuthzModule

org.forgerock.openam.rest.authz.CrestPrivilegeAuthzModule

All Implemented Interfaces:

org.forgerock.authz.filter.crest.api.CrestAuthorizationModule

Direct Known Subclasses:

AnyPrivilegeAuthzModule, PrivilegeWriteAndAnyPrivilegeReadOnlyAuthzModule

public class CrestPrivilegeAuthzModule
extends PrivilegeAuthzModule
implements org.forgerock.authz.filter.crest.api.CrestAuthorizationModule

A CREST authorization module for performing privilege checking, {@see PrivilegeAuthzModule} for more detail.

Since:

14.0.0

Field Summary

Fields inherited from class org.forgerock.openam.authz.PrivilegeAuthzModule

actionToDefinition, MODIFY, NAME, READ

Constructor Summary

Constructors

Constructor	Description
CrestPrivilegeAuthzModule(DelegationEvaluator evaluator, Map<String,PrivilegeDefinition> actionToDefinition, DelegationPermissionFactory permissionFactory, CoreWrapper coreWrapper, SSOTokenManager ssoTokenManager)	Create a new instance of CrestPrivilegeAuthzModule.

Method Summary

Modifier and Type	Method	Description
org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException>	authorizeAction(org.forgerock.services.context.Context serverContext, org.forgerock.json.resource.ActionRequest actionRequest)
org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException>	authorizeCreate(org.forgerock.services.context.Context serverContext, org.forgerock.json.resource.CreateRequest createRequest)
org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException>	authorizeDelete(org.forgerock.services.context.Context serverContext, org.forgerock.json.resource.DeleteRequest deleteRequest)
org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException>	authorizePatch(org.forgerock.services.context.Context serverContext, org.forgerock.json.resource.PatchRequest patchRequest)
org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException>	authorizeQuery(org.forgerock.services.context.Context serverContext, org.forgerock.json.resource.QueryRequest queryRequest)
org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException>	authorizeRead(org.forgerock.services.context.Context serverContext, org.forgerock.json.resource.ReadRequest readRequest)
org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException>	authorizeUpdate(org.forgerock.services.context.Context serverContext, org.forgerock.json.resource.UpdateRequest updateRequest)
String	getName()

Methods inherited from class org.forgerock.openam.authz.PrivilegeAuthzModule

evaluate, loggedIntoValidRealm

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CrestPrivilegeAuthzModule

@Inject
public CrestPrivilegeAuthzModule(DelegationEvaluator evaluator,
                                 @Named("CrestPrivilegeDefinitions")
                                 Map<String,PrivilegeDefinition> actionToDefinition,
                                 DelegationPermissionFactory permissionFactory,
                                 CoreWrapper coreWrapper,
                                 SSOTokenManager ssoTokenManager)

Create a new instance of CrestPrivilegeAuthzModule.

Parameters:

evaluator - The Delegation Evaluator.

actionToDefinition - The action to definition map.

permissionFactory - The Delegation Permission Factory.

coreWrapper - The Core Wrapper.

ssoTokenManager - The SSOToken manager.

Method Detail

getName

public String getName()

Specified by:

getName in interface org.forgerock.authz.filter.crest.api.CrestAuthorizationModule

authorizeRead

public org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException> authorizeRead(org.forgerock.services.context.Context serverContext,
                                                                                                                                                                org.forgerock.json.resource.ReadRequest readRequest)

Specified by:

authorizeRead in interface org.forgerock.authz.filter.crest.api.CrestAuthorizationModule

authorizeQuery

public org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException> authorizeQuery(org.forgerock.services.context.Context serverContext,
                                                                                                                                                                 org.forgerock.json.resource.QueryRequest queryRequest)

Specified by:

authorizeQuery in interface org.forgerock.authz.filter.crest.api.CrestAuthorizationModule

authorizeCreate

public org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException> authorizeCreate(org.forgerock.services.context.Context serverContext,
                                                                                                                                                                  org.forgerock.json.resource.CreateRequest createRequest)

Specified by:

authorizeCreate in interface org.forgerock.authz.filter.crest.api.CrestAuthorizationModule

authorizeUpdate

public org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException> authorizeUpdate(org.forgerock.services.context.Context serverContext,
                                                                                                                                                                  org.forgerock.json.resource.UpdateRequest updateRequest)

Specified by:

authorizeUpdate in interface org.forgerock.authz.filter.crest.api.CrestAuthorizationModule

authorizeDelete

public org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException> authorizeDelete(org.forgerock.services.context.Context serverContext,
                                                                                                                                                                  org.forgerock.json.resource.DeleteRequest deleteRequest)

Specified by:

authorizeDelete in interface org.forgerock.authz.filter.crest.api.CrestAuthorizationModule

authorizePatch

public org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException> authorizePatch(org.forgerock.services.context.Context serverContext,
                                                                                                                                                                 org.forgerock.json.resource.PatchRequest patchRequest)

Specified by:

authorizePatch in interface org.forgerock.authz.filter.crest.api.CrestAuthorizationModule

authorizeAction

public org.forgerock.util.promise.Promise<org.forgerock.authz.filter.api.AuthorizationResult,org.forgerock.json.resource.ResourceException> authorizeAction(org.forgerock.services.context.Context serverContext,
                                                                                                                                                                  org.forgerock.json.resource.ActionRequest actionRequest)

Specified by:

authorizeAction in interface org.forgerock.authz.filter.crest.api.CrestAuthorizationModule