Interface AuthorizationSession

All Superinterfaces:
AutoCloseable, Closeable, OsidSession, OsidSession
public interface AuthorizationSession extends OsidSession

This is the basic session for verifying authorizations.

  • Method Details

    • getVaultId

      Id getVaultId()
      Gets the Vault Id associated with this session.
      Returns:
      the Vault Id associated with this session
      Compliance:
      mandatory - This method must be implemented.

    • getVault

      Vault getVault() throws OperationFailedException, PermissionDeniedException
      Gets the Vault associated with this session.
      Returns:
      the Vault associated with this session
      Throws:
      OperationFailedException - unable to complete request
      PermissionDeniedException - authorization failure
      Compliance:
      mandatory - This method must be implemented.

    • canAccessAuthorizations

      boolean canAccessAuthorizations()
      Tests if this user can perform authorization checks. A return of true does not guarantee successful authorization. A return of false indicates that it is known all methods in this session will result in a PERMISSION_DENIED . This is intended as a hint to an application that may opt not to offer lookup operations to unauthorized users.
      Returns:
      false if authorization methods are not authorized, true otherwise
      Compliance:
      mandatory - This method must be implemented.

    • isAuthorized

      boolean isAuthorized(Id agentId, Id functionId, Id qualifierId) throws NotFoundException, OperationFailedException, PermissionDeniedException
      Determines if the given agent is authorized. An agent is authorized if an active authorization exists whose Agent , Function and Qualifier matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the Agent and the Qualifier but are queried in the de-nornmalized form. The Agent is generally determined through the use of an Authentication OSID. The Function and Qualifier are already known as they map to the desired authorization to validate.
      Parameters:
      agentId - the Id of an Agent
      functionId - the Id of a Function
      qualifierId - the Id of a Qualifier
      Returns:
      true if the user is authorized, false othersise
      Throws:
      NotFoundException - functionId is not found
      NullArgumentException - agentId , functionId or qualifierId is null
      OperationFailedException - unable to complete request
      PermissionDeniedException - authorization failure making request
      Compliance:
      mandatory - This method must be implemented.
      Notes:
      Authorizations - may be stored in a normalized form with respect to various Resources and created using specific nodes in a {@code Function} or {@code Qualifer} hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query. Querying the authorization service may in itself require a separate authorization. A {@code PERMISSION_DENIED} is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return {@code false} .

    • getAuthorizationCondition

      AuthorizationCondition getAuthorizationCondition(Id functionId) throws NotFoundException, OperationFailedException, PermissionDeniedException
      Gets the AuthorizationCondition for making conditional authorization checks.
      Parameters:
      functionId - the Id of a Function
      Returns:
      an authorization condition
      Throws:
      NotFoundException - functionId is not found
      NullArgumentException - functionId is null
      OperationFailedException - unable to complete request
      PermissionDeniedException - authorization failure making request
      Compliance:
      mandatory - This method must be implemented.

    • isAuthorizedOnCondition

      boolean isAuthorizedOnCondition(Id agentId, Id functionId, Id qualifierId, AuthorizationCondition condition) throws NotFoundException, OperationFailedException, PermissionDeniedException
      Determines if the given agent is authorized. An agent is authorized if an active authorization exists whose Agent , Function and Qualifier matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the Agent and the Qualifier but are queried in the de-nornmalized form. The Agent is generally determined through the use of an Authentication OSID. The Function and Qualifier are already known as they map to the desired authorization to validate.
      Parameters:
      agentId - the Id of an Agent
      functionId - the Id of a Function
      qualifierId - the Id of a Qualifier
      condition - an authorization condition
      Returns:
      true if the user is authorized, false othersise
      Throws:
      NotFoundException - functionId is not found
      NullArgumentException - agentId , functionId, qualifierId , or condition is null
      OperationFailedException - unable to complete request
      PermissionDeniedException - authorization failure making request
      UnsupportedException - condition did not originate from getAuthorizationCondition()
      Compliance:
      mandatory - This method must be implemented.
      Notes:
      Authorizations - may be stored in a normalized form with respect to various {@code Resources} and created using specific nodes in a {@code Function} or {@code Qualifer} hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query. Querying the authorization service may in itself require a separate authorization. A {@code PERMISSION_DENIED} is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return {@code false} .