Interface SAFAuthorizationService


public interface SAFAuthorizationService
Perform authorization checks against SAF resources.
  • Method Summary

    Modifier and Type
    Method
    Description
    Gets the RCVTID field of the RCVT control block, as a String.
    boolean
    isAuthorized(SAFCredential safCredential, String className, String resourceName, AccessLevel accessLevel)
    Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorized(SAFCredential safCredential, String className, String resourceName, AccessLevel accessLevel, LogOption logOption)
    Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorized(SAFCredential safCredential, String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorized(String className, String resourceName, AccessLevel accessLevel)
    Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorized(String className, String resourceName, AccessLevel accessLevel, LogOption logOption)
    Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorized(String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorized(String mvsUserId, String className, String resourceName, AccessLevel accessLevel, LogOption logOption)
    Determines if the identity represented by the given mvsUserId has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorized(String mvsUserId, String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Wraps a SAFCredential around the given mvsUserId, then calls isAuthorized(SAFCredential, ...)
    boolean
    isAuthorized(Subject subject, String className, String resourceName, AccessLevel accessLevel)
    Determines if the given Subject has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorized(Subject subject, String className, String resourceName, AccessLevel accessLevel, LogOption logOption)
    Determines if the given Subject has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorized(Subject subject, String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Determines if the given Subject has the specified access to the given SAF resource in the given SAF class.
    boolean
    isAuthorizedToDataset(SAFCredential safCredential, String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the dataset class.
    boolean
    isAuthorizedToDataset(String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given DATASET class.
    boolean
    isAuthorizedToDataset(String mvsUserId, String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Determines if the identity represented by the given mvsUserId has the specified access to the given SAF resource in the dataset class.
    boolean
    isAuthorizedToDataset(Subject subject, String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Determines if the identity represented by the given Subject has the specified access to the given SAF resource in the dataset class.
    boolean
    isGroupAuthorized(String groupName, String className, String resourceName, AccessLevel accessLevel, LogOption logOption)
    Determines if the group represented by the given groupName has the specified access to the given SAF resource in the given SAF class.
    boolean
    isGroupAuthorized(String groupName, String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Determines if the group represented by the given groupName has the specified access to the given SAF resource in the given SAF class.
    boolean
    isGroupAuthorizedToDataset(String groupName, String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure)
    Determines if the group represented by the given groupName has the specified access to the given SAF resource in the Dataset SAF class.
  • Method Details

    • isAuthorized

      boolean isAuthorized(String className, String resourceName, AccessLevel accessLevel)
      Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      Returns:
      true if the Subject on the calling thread has the required access; otherwise false.
      Throws:
      NullPointerException - if className or resourceName is null.
    • isAuthorized

      boolean isAuthorized(String className, String resourceName, AccessLevel accessLevel, LogOption logOption)
      Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      Returns:
      true if the Subject on the calling thread has the required access; otherwise false.
      Throws:
      NullPointerException - if className or resourceName is null.
    • isAuthorized

      boolean isAuthorized(String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      throwExceptionOnFailure - The flag for the option to throw a SAFAuthorizationException on failure
      Returns:
      true if the Subject on the calling thread has the required access; otherwise false.
      Throws:
      NullPointerException - if className or resourceName is null.
      SAFAuthorizationException - if the subject on the calling thread could not be authenticated.
    • isAuthorized

      boolean isAuthorized(Subject subject, String className, String resourceName, AccessLevel accessLevel)
      Determines if the given Subject has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      subject - The Subject to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      Returns:
      true if the Subject has the required access; otherwise false.
      Throws:
      NullPointerException - if subject, className or resourceName is null.
    • isAuthorized

      boolean isAuthorized(Subject subject, String className, String resourceName, AccessLevel accessLevel, LogOption logOption)
      Determines if the given Subject has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      subject - The Subject to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      Returns:
      true if the Subject has the required access; otherwise false.
      Throws:
      NullPointerException - if subject, className or resourceName is null.
    • isAuthorized

      boolean isAuthorized(Subject subject, String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Determines if the given Subject has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      subject - The Subject to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      throwExceptionOnFailure - The flag for the option to throw a SAFAuthorizationException on failure
      Returns:
      true if the Subject has the required access; otherwise false.
      Throws:
      NullPointerException - if subject, className or resourceName is null.
      SAFAuthorizationException - if the subject could not be authenticated.
    • isAuthorized

      boolean isAuthorized(SAFCredential safCredential, String className, String resourceName, AccessLevel accessLevel)
      Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      safCredential - The SAFCredential to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      Returns:
      true if the Subject has the required access; otherwise false.
      Throws:
      NullPointerException - if safCredential, className or resourceName is null.
    • isAuthorized

      boolean isAuthorized(SAFCredential safCredential, String className, String resourceName, AccessLevel accessLevel, LogOption logOption)
      Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      safCredential - The SAFCredential to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      Returns:
      true if the Subject has the required access; otherwise false.
      Throws:
      NullPointerException - if safCredential, className or resourceName is null.
    • isAuthorized

      boolean isAuthorized(SAFCredential safCredential, String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      safCredential - The SAFCredential to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      throwExceptionOnFailure - The flag for the option to throw a SAFAuthorizationException on failure
      Returns:
      true if the Subject has the required access; otherwise false.
      Throws:
      NullPointerException - if safCredential, className or resourceName is null.
      SAFAuthorizationException - if the safCredential could not be authenticated.
    • isAuthorized

      boolean isAuthorized(String mvsUserId, String className, String resourceName, AccessLevel accessLevel, LogOption logOption) throws SAFAuthorizationException
      Determines if the identity represented by the given mvsUserId has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      mvsUserId - The user to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      Returns:
      true if the Subject has the required access; otherwise false.
      Throws:
      NullPointerException - if mvsUserId, className or resourceName is null.
      SAFAuthorizationException - if the mvsUserId could not be authenticated.
    • isGroupAuthorized

      boolean isGroupAuthorized(String groupName, String className, String resourceName, AccessLevel accessLevel, LogOption logOption) throws SAFAuthorizationException
      Determines if the group represented by the given groupName has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      groupName - The group to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      Returns:
      true if the group has the required access; otherwise false.
      Throws:
      NullPointerException - if groupName, className or resourceName is null.
      SAFAuthorizationException - if the group could not be authenticated.
    • isGroupAuthorized

      boolean isGroupAuthorized(String groupName, String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Determines if the group represented by the given groupName has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      groupName - The group to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      throwExceptionOnFailure - The flag for the option to throw a SAFAuthorizationException on failure
      Returns:
      true if the group has the required access; otherwise false.
      Throws:
      NullPointerException - if groupName, className or resourceName is null.
      SAFAuthorizationException - if the group could not be authenticated.
    • isGroupAuthorizedToDataset

      boolean isGroupAuthorizedToDataset(String groupName, String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Determines if the group represented by the given groupName has the specified access to the given SAF resource in the Dataset SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
      Parameters:
      groupName - The group to authorize.
      resourceName - The SAF protected resource.
      volser - The volume serial number of the volume where the dataset is located.
      vsam - The flag to indicate whether a dataset is vsam or non-vsam.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      throwExceptionOnFailure - The flag for the option to throw a SAFAuthorizationException on failure.
      Returns:
      true if the group has the required access; otherwise false.
      Throws:
      NullPointerException - if groupName, className or resourceName or volser is null.
      IllegalArgumentException - if volser is larger 6 characters or resource name is larger than 44 characters.
      SAFAuthorizationException - if the group could not be authenticated.
    • isAuthorized

      boolean isAuthorized(String mvsUserId, String className, String resourceName, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Wraps a SAFCredential around the given mvsUserId, then calls isAuthorized(SAFCredential, ...)
      Parameters:
      mvsUserId - The user to authorize.
      className - The SAF class of the protected resource.
      resourceName - The SAF protected resource.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      throwExceptionOnFailure - The flag for the option to throw a SAFAuthorizationException on failure.
      Returns:
      true if the given mvsUserId has the given accessLevel to the given className and resourceName.
      Throws:
      NullPointerException - if mvsUserId, className or resourceName is null.
      SAFAuthorizationException - if the mvsUserId could not be authenticated.
    • isAuthorizedToDataset

      boolean isAuthorizedToDataset(String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given DATASET class.
      Parameters:
      resourceName - The SAF protected resource.
      volser - The volume serial number of the volume where the dataset is located.
      vsam - The flag to indicate whether a dataset is vsam or non-vsam.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      Returns:
      true if the given thread subject has the given accessLevel to the given resourceName.
      Throws:
      NullPointerException - if resourceName or volser is null.
      IllegalArgumentException - if volser is larger 6 characters or resource name is larger than 44 characters.
      SAFAuthorizationException - if the thread subject could not be authenticated.
    • isAuthorizedToDataset

      boolean isAuthorizedToDataset(Subject subject, String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Determines if the identity represented by the given Subject has the specified access to the given SAF resource in the dataset class.
      Parameters:
      subject - The subject to check authorization on.
      resourceName - The SAF protected resource.
      volser - The volume serial number of the volume where the dataset is located.
      vsam - The flag to indicate whether a dataset is vsam or non-vsam.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      Returns:
      true if the given subject has the given accessLevel to the given resourceName.
      Throws:
      NullPointerException - if resourceName or volser is null.
      IllegalArgumentException - if volser is larger 6 characters or resource name is larger than 44 characters.
      SAFAuthorizationException - if the subject could not be authenticated.
    • isAuthorizedToDataset

      boolean isAuthorizedToDataset(SAFCredential safCredential, String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the dataset class.
      Parameters:
      safCredential - The SAF credential to check authorization on.
      resourceName - The SAF protected resource.
      volser - The volume serial number of the volume where the dataset is located.
      vsam - The flag to indicate whether a dataset is vsam or non-vsam.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      Returns:
      true if the given SAFCredential has the given accessLevel to the given resourceName.
      Throws:
      NullPointerException - if resourceName or volser is null.
      IllegalArgumentException - if volser is larger 6 characters or resource name is larger than 44 characters.
      SAFAuthorizationException - if the SAFCredential could not be authenticated.
    • isAuthorizedToDataset

      boolean isAuthorizedToDataset(String mvsUserId, String resourceName, String volser, boolean vsam, AccessLevel accessLevel, LogOption logOption, boolean throwExceptionOnFailure) throws SAFAuthorizationException
      Determines if the identity represented by the given mvsUserId has the specified access to the given SAF resource in the dataset class.
      Parameters:
      mvsUserId - The user to check authorization on.
      resourceName - The SAF protected resource.
      volser - The volume serial number of the volume where the dataset is located.
      vsam - The flag to indicate whether a dataset is vsam or non-vsam.
      accessLevel - The required access level. If null, the default is AccessLevel.READ.
      logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
      Returns:
      true if the given mvsUserId has the given accessLevel to the given resourceName.
      Throws:
      NullPointerException - if mvsUserId, resourceName or volser is null.
      IllegalArgumentException - if volser is larger 6 characters or resource name is larger than 44 characters.
      SAFAuthorizationException - if the mvsUserId could not be authenticated.
    • getRCVTID

      String getRCVTID()
      Gets the RCVTID field of the RCVT control block, as a String.
      Returns:
      The four byte identifier set by the external security product, in the RCVTID field of the RCVT.