com.ibm.wsspi.security.authorization.saf

Interface SAFAuthorizationService



  • public interface SAFAuthorizationService
    Perform authorization checks against SAF resources.
    • Method Summary

      Methods 
      Modifier and Type Method and Description
      boolean isAuthorized(com.ibm.wsspi.security.credentials.saf.SAFCredential safCredential, java.lang.String className, java.lang.String resourceName, AccessLevel accessLevel)
      Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class.
      boolean isAuthorized(com.ibm.wsspi.security.credentials.saf.SAFCredential safCredential, java.lang.String className, java.lang.String resourceName, AccessLevel accessLevel, LogOption logOption)
      Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class.
      boolean isAuthorized(java.lang.String className, java.lang.String resourceName, AccessLevel accessLevel)
      Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class.
      boolean isAuthorized(java.lang.String className, java.lang.String resourceName, AccessLevel accessLevel, LogOption logOption)
      Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class.
      boolean isAuthorized(java.lang.String mvsUserId, java.lang.String className, java.lang.String resourceName, AccessLevel accessLevel, LogOption logOption)
      Determines if the identity represented by the given mvsUserId has the specified access to the given SAF resource in the given SAF class.
      boolean isAuthorized(javax.security.auth.Subject subject, java.lang.String className, java.lang.String resourceName, AccessLevel accessLevel)
      Determines if the given Subject has the specified access to the given SAF resource in the given SAF class.
      boolean isAuthorized(javax.security.auth.Subject subject, java.lang.String className, java.lang.String resourceName, AccessLevel accessLevel, LogOption logOption)
      Determines if the given Subject has the specified access to the given SAF resource in the given SAF class.
    • Method Detail

      • isAuthorized

        boolean isAuthorized(java.lang.String className,
                           java.lang.String resourceName,
                           AccessLevel accessLevel)
        Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
        Parameters:
        className - The SAF class of the protected resource.
        resourceName - The SAF protected resource.
        accessLevel - The required access level. If null, the default is AccessLevel.READ.
        Returns:
        true if the Subject on the calling thread has the required access; otherwise false.
        Throws:
        java.lang.NullPointerException - if className or resourceName is null.
      • isAuthorized

        boolean isAuthorized(java.lang.String className,
                           java.lang.String resourceName,
                           AccessLevel accessLevel,
                           LogOption logOption)
        Determines if the Subject on the calling thread has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
        Parameters:
        className - The SAF class of the protected resource.
        resourceName - The SAF protected resource.
        accessLevel - The required access level. If null, the default is AccessLevel.READ.
        logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
        Returns:
        true if the Subject on the calling thread has the required access; otherwise false.
        Throws:
        java.lang.NullPointerException - if className or resourceName is null.
      • isAuthorized

        boolean isAuthorized(javax.security.auth.Subject subject,
                           java.lang.String className,
                           java.lang.String resourceName,
                           AccessLevel accessLevel)
        Determines if the given Subject has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
        Parameters:
        subject - The Subject to authorize.
        className - The SAF class of the protected resource.
        resourceName - The SAF protected resource.
        accessLevel - The required access level. If null, the default is AccessLevel.READ.
        Returns:
        true if the Subject has the required access; otherwise false.
        Throws:
        java.lang.NullPointerException - if subject, className or resourceName is null.
      • isAuthorized

        boolean isAuthorized(javax.security.auth.Subject subject,
                           java.lang.String className,
                           java.lang.String resourceName,
                           AccessLevel accessLevel,
                           LogOption logOption)
        Determines if the given Subject has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
        Parameters:
        subject - The Subject to authorize.
        className - The SAF class of the protected resource.
        resourceName - The SAF protected resource.
        accessLevel - The required access level. If null, the default is AccessLevel.READ.
        logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
        Returns:
        true if the Subject has the required access; otherwise false.
        Throws:
        java.lang.NullPointerException - if subject, className or resourceName is null.
      • isAuthorized

        boolean isAuthorized(com.ibm.wsspi.security.credentials.saf.SAFCredential safCredential,
                           java.lang.String className,
                           java.lang.String resourceName,
                           AccessLevel accessLevel)
        Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
        Parameters:
        safCredential - The SAFCredential to authorize.
        className - The SAF class of the protected resource.
        resourceName - The SAF protected resource.
        accessLevel - The required access level. If null, the default is AccessLevel.READ.
        Returns:
        true if the Subject has the required access; otherwise false.
        Throws:
        java.lang.NullPointerException - if safCredential, className or resourceName is null.
      • isAuthorized

        boolean isAuthorized(com.ibm.wsspi.security.credentials.saf.SAFCredential safCredential,
                           java.lang.String className,
                           java.lang.String resourceName,
                           AccessLevel accessLevel,
                           LogOption logOption)
        Determines if the identity represented by the given SAFCredential has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
        Parameters:
        safCredential - The SAFCredential to authorize.
        className - The SAF class of the protected resource.
        resourceName - The SAF protected resource.
        accessLevel - The required access level. If null, the default is AccessLevel.READ.
        logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
        Returns:
        true if the Subject has the required access; otherwise false.
        Throws:
        java.lang.NullPointerException - if safCredential, className or resourceName is null.
      • isAuthorized

        boolean isAuthorized(java.lang.String mvsUserId,
                           java.lang.String className,
                           java.lang.String resourceName,
                           AccessLevel accessLevel,
                           LogOption logOption)
                             throws SAFAuthorizationException
        Determines if the identity represented by the given mvsUserId has the specified access to the given SAF resource in the given SAF class. This method is protected by WebSphereRuntimePermission with the target name of safAuthorizationService. A java.lang.SecurityException is thrown if Java 2 Security Manager is installed and the code is not granted the permission.
        Parameters:
        mvsUserId - The user to authorize.
        className - The SAF class of the protected resource.
        resourceName - The SAF protected resource.
        accessLevel - The required access level. If null, the default is AccessLevel.READ.
        logOption - The SAF logging option to use for this request. If null, the default is LogOption.ASIS.
        Returns:
        true if the Subject has the required access; otherwise false.
        Throws:
        java.lang.NullPointerException - if mvsUserId, className or resourceName is null.
        SAFAuthorizationException - if the mvsUserId could not be authenticated