public interface AccessManager
| Modifier and Type | Method and Description |
|---|---|
void |
checkAccess(java.lang.String appName,
java.lang.String resourceName,
java.lang.String methodName,
java.lang.String resourceType,
java.lang.String[] rolesAllowed,
boolean isDenyAll,
boolean isPermitAll,
javax.security.auth.Subject subject)
The checkAccess method determines if a given subject has access to any of
a given set of roles within the context of a given application.
|
void |
popApplicationContext(java.lang.String appName)
The popApplicationContext method signals a return of control from the
specified application.
|
boolean |
pushApplicationContext(java.lang.String appName)
The pushApplicationContext method signals a flow of control into the
specified application.
|
java.lang.Object |
runAs(java.lang.String appName,
java.lang.String resourceName,
java.lang.String methodName,
java.lang.String runAsRole,
java.security.PrivilegedExceptionAction action)
The runAs method performs the given PrivilegedExceptionAction with the
Java thread identity set to the user associated with a given runAs role.
|
boolean pushApplicationContext(java.lang.String appName)
appName - - name of the applicationvoid popApplicationContext(java.lang.String appName)
appName - - name of the applicationjava.lang.IllegalArgumentException - if the application name does not match the one
used on the preceding pushApplicationContext callEmptyStackException - if there is no active application context on the threadvoid checkAccess(java.lang.String appName,
java.lang.String resourceName,
java.lang.String methodName,
java.lang.String resourceType,
java.lang.String[] rolesAllowed,
boolean isDenyAll,
boolean isPermitAll,
javax.security.auth.Subject subject)
throws AccessException
appName - - name of the applicationresourceName - - name of the target object, for example a bean namemethodName - - name of the method invoked on the target objectresourceType - - identifier that describes the type of resourcerolesAllowed - - array of role names to be checked for permissionisDenyAll - - indicates whether to always deny accessisPermitAll - - indicates whether to always permit accesssubject - - holds the credentials of the principal to be verifiedAccessException - Thrown if access is deniedjava.lang.Object runAs(java.lang.String appName,
java.lang.String resourceName,
java.lang.String methodName,
java.lang.String runAsRole,
java.security.PrivilegedExceptionAction action)
throws java.security.PrivilegedActionException,
DelegationException
appName - - name of the applicationresourceName - - name of the target object, for example a bean namemethodName - - name of the method invoked on the target objectrunAsRole - - name of RunAs roleaction - - the action to performjava.security.PrivilegedActionException - if the action's run method threw a checked exceptionDelegationException - if there is an error setting the thread identity from the runAs role