public interface AuthorizationSession extends OsidSession
This is the basic session for verifying authorizations.
Modifier and Type | Method and Description |
---|---|
boolean |
canAccessAuthorizations()
Tests if this user can perform authorization checks.
|
AuthorizationCondition |
getAuthorizationCondition(Id functionId)
Gets the
AuthorizationCondition for making conditional
authorization checks. |
Vault |
getVault()
Gets the
Vault associated with this session. |
Id |
getVaultId()
Gets the
Vault Id associated with this
session. |
boolean |
isAuthorized(Id agentId,
Id functionId,
Id qualifierId)
Determines if the given agent is authorized.
|
boolean |
isAuthorizedOnCondition(Id agentId,
Id functionId,
Id qualifierId,
AuthorizationCondition condition)
Determines if the given agent is authorized.
|
getAuthenticatedAgent, getAuthenticatedAgentId, getClockRate, getDate, getEffectiveAgent, getEffectiveAgentId, getFormatType, getLocale, isAuthenticated, startTransaction, supportsTransactions
close
Id getVaultId()
Vault
Id
associated with this
session. Vault Id
associated with this sessionmandatory
- This method must be implemented. Vault getVault() throws OperationFailedException, PermissionDeniedException
Vault
associated with this session. Vault
associated with this sessionOperationFailedException
- unable to complete requestPermissionDeniedException
- authorization failuremandatory
- This method must be implemented. boolean canAccessAuthorizations()
PERMISSION_DENIED.
This is intended as a hint to an
application that may opt not to offer lookup operations to
unauthorized users. false
if authorization methods are not
authorized, true
otherwisemandatory
- This method must be implemented. boolean isAuthorized(Id agentId, Id functionId, Id qualifierId) throws NotFoundException, OperationFailedException, PermissionDeniedException
Agent,
Function
and Qualifier
matches the supplied
parameters. Authorizations may be defined using groupings or
hieratchical structures for both the Agent
and the
Qualifier
but are queried in the de-nornmalized form.
The Agent
is generally determined through the use of an
Authentication OSID. The Function
and Qualifier
are already known as they map to the desired authorization to
validate.agentId
- the Id
of an Agent
functionId
- the Id
of a Function
qualifierId
- the Id
of a Qualifier
true
if the user is authorized, false
othersiseNotFoundException
- functionId
is not
foundNullArgumentException
- agentId
,
functionId
or qualifierId
is
null
OperationFailedException
- unable to complete requestPermissionDeniedException
- authorization failure
making requestmandatory
- This method must be implemented. Authorizations
- may be stored in a normalized form with respect
to various Resources and created using specific nodes in a
Function
or Qualifer
hierarchy.
The provider needs to maintain a de-normalized implicit
authorization store or expand the applicable hierarchies on
the fly to honor this query.
Querying the authorization service may in itself require a
separate authorization. A PERMISSION_DENIED
is
a result of this authorization failure. If no explicit or
implicit authorization exists for the queried tuple, this
method should return false.
AuthorizationCondition getAuthorizationCondition(Id functionId) throws NotFoundException, OperationFailedException, PermissionDeniedException
AuthorizationCondition
for making conditional
authorization checks.functionId
- the Id
of a Function
NotFoundException
- functionId
is not
foundNullArgumentException
- functionId
is
null
OperationFailedException
- unable to complete requestPermissionDeniedException
- authorization failure
making requestmandatory
- This method must be implemented. boolean isAuthorizedOnCondition(Id agentId, Id functionId, Id qualifierId, AuthorizationCondition condition) throws NotFoundException, OperationFailedException, PermissionDeniedException
Agent,
Function
and Qualifier
matches the supplied
parameters. Authorizations may be defined using groupings or
hieratchical structures for both the Agent
and the
Qualifier
but are queried in the de-nornmalized form.
The Agent
is generally determined through the use of an
Authentication OSID. The Function
and Qualifier
are already known as they map to the desired authorization to
validate.agentId
- the Id
of an Agent
functionId
- the Id
of a Function
qualifierId
- the Id
of a Qualifier
condition
- an authorization condition true
if the user is authorized, false
othersiseNotFoundException
- functionId
is not
foundNullArgumentException
- agentId
,
functionId, qualifierId
, or condition
is null
OperationFailedException
- unable to complete requestPermissionDeniedException
- authorization failure
making requestUnsupportedException
- condition
is not
of this servicemandatory
- This method must be implemented. Authorizations
- may be stored in a normalized form with respect
to various Resources and created using specific nodes in a
Function
or Qualifer
hierarchy.
The provider needs to maintain a de-normalized implicit
authorization store or expand the applicable hierarchies on
the fly to honor this query.
Querying the authorization service may in itself require a
separate authorization. A PERMISSION_DENIED
is
a result of this authorization failure. If no explicit or
implicit authorization exists for the queried tuple, this
method should return false.