public interface AccessManager
Modifier and Type | Method and Description |
---|---|
void |
checkAccess(java.lang.String appName,
java.lang.String resourceName,
java.lang.String methodName,
java.lang.String resourceType,
java.lang.String[] rolesAllowed,
boolean isDenyAll,
boolean isPermitAll,
javax.security.auth.Subject subject)
The checkAccess method determines if a given subject has access to any of
a given set of roles within the context of a given application.
|
void |
popApplicationContext(java.lang.String appName)
The popApplicationContext method signals a return of control from the
specified application.
|
boolean |
pushApplicationContext(java.lang.String appName)
The pushApplicationContext method signals a flow of control into the
specified application.
|
java.lang.Object |
runAs(java.lang.String appName,
java.lang.String resourceName,
java.lang.String methodName,
java.lang.String runAsRole,
java.security.PrivilegedExceptionAction action)
The runAs method performs the given PrivilegedExceptionAction with the
Java thread identity set to the user associated with a given runAs role.
|
boolean pushApplicationContext(java.lang.String appName)
appName
- - name of the applicationvoid popApplicationContext(java.lang.String appName)
appName
- - name of the applicationjava.lang.IllegalArgumentException
- if the application name does not match the one
used on the preceding pushApplicationContext callEmptyStackException
- if there is no active application context on the threadvoid checkAccess(java.lang.String appName, java.lang.String resourceName, java.lang.String methodName, java.lang.String resourceType, java.lang.String[] rolesAllowed, boolean isDenyAll, boolean isPermitAll, javax.security.auth.Subject subject) throws AccessException
appName
- - name of the applicationresourceName
- - name of the target object, for example a bean namemethodName
- - name of the method invoked on the target objectresourceType
- - identifier that describes the type of resourcerolesAllowed
- - array of role names to be checked for permissionisDenyAll
- - indicates whether to always deny accessisPermitAll
- - indicates whether to always permit accesssubject
- - holds the credentials of the principal to be verifiedAccessException
- Thrown if access is deniedjava.lang.Object runAs(java.lang.String appName, java.lang.String resourceName, java.lang.String methodName, java.lang.String runAsRole, java.security.PrivilegedExceptionAction action) throws java.security.PrivilegedActionException, DelegationException
appName
- - name of the applicationresourceName
- - name of the target object, for example a bean namemethodName
- - name of the method invoked on the target objectrunAsRole
- - name of RunAs roleaction
- - the action to performjava.security.PrivilegedActionException
- if the action's run method threw a checked exceptionDelegationException
- if there is an error setting the thread identity from the runAs role