com.dtolabs.rundeck.core.authorization.providers
Class SAREAuthorization

java.lang.Object
  com.dtolabs.rundeck.core.authorization.providers.SAREAuthorization

All Implemented Interfaces:

Authorization

public class SAREAuthorization
extends java.lang.Object
implements Authorization

Given a Subject, Action, Resource and Environment deliver an authorization decision.

Constructor Summary

SAREAuthorization()
Convenience constructor that looks in a predefine spot for policy files.

SAREAuthorization(java.io.File directory)
Create an authorization object that uses understands the .aclpolicy files.

Method Summary

Decision	evaluate(java.util.Map<java.lang.String,java.lang.String> resource, javax.security.auth.Subject subject, java.lang.String action, java.util.Set<Attribute> environment) Evaluate the authorization request and return if this request is valid.
java.util.Set<Decision>	evaluate(java.util.Set<java.util.Map<java.lang.String,java.lang.String>> resources, javax.security.auth.Subject subject, java.util.Set<java.lang.String> actions, java.util.Set<Attribute> environment) Make a multiple resource determination.
java.util.List<java.lang.String>	hackMeSomeRoles() Deprecated.
java.lang.String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SAREAuthorization

public SAREAuthorization(java.io.File directory)
                  throws java.io.IOException,
                         PoliciesParseException

Create an authorization object that uses understands the .aclpolicy files.

Parameters:

directory - The directory to ready *.aclpolicy from.

Throws:

java.io.IOException

PoliciesParseException

SAREAuthorization

public SAREAuthorization()
                  throws java.io.IOException,
                         PoliciesParseException

Convenience constructor that looks in a predefine spot for policy files.

Throws:

java.io.IOException

PoliciesParseException

Method Detail

evaluate

public Decision evaluate(java.util.Map<java.lang.String,java.lang.String> resource,
                         javax.security.auth.Subject subject,
                         java.lang.String action,
                         java.util.Set<Attribute> environment)

Description copied from interface: Authorization

Evaluate the authorization request and return if this request is valid. Make a single resource determination. The method is loosely based on the XACML model for structuring requests and response. These can be prefixed with a fully qualified namespace and ':'. If anything goes wrong in evaluating the request, the result will be false. No exception will be thrown.

Specified by:

evaluate in interface Authorization

Parameters:

resource - The properties that identify the resource.

subject - The properties that represent the subject.

action - A set of actions that are being requested on the resource.

environment - A set of environment properties (hostname, time of day, etc.)

Returns:

decision Return true if the subject's action on the object given the environment is authorized.

evaluate

public java.util.Set<Decision> evaluate(java.util.Set<java.util.Map<java.lang.String,java.lang.String>> resources,
                                        javax.security.auth.Subject subject,
                                        java.util.Set<java.lang.String> actions,
                                        java.util.Set<Attribute> environment)

Description copied from interface: Authorization

Make a multiple resource determination.

Specified by:

evaluate in interface Authorization

Returns:

decisions

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

hackMeSomeRoles

@Deprecated
public java.util.List<java.lang.String> hackMeSomeRoles()

Deprecated.

This WILL be refactored.

Returns: