public interface AuthorizationRule
REST resources access has been divided into two steps:
AuthorizationRule
s are considered only during the second step
to check the user's rights. Warning: these authorization rules must
only cover the REST resources access scope and must not replace
EBX®'s permissions.
Since authorization rules are evaluated for every REST request,
overly complex checks can cause performance issues.
An implementation of AuthorizationRule
may use any of the JAX-RS
and toolkit injectable contexts.
Modifier and Type | Method and Description |
---|---|
AuthorizationOutcome |
check(AuthorizationContext aContext)
Checks if the user has the proper rights to perform the request.
|
AuthorizationOutcome check(AuthorizationContext aContext)
aContext
- an authorization context holding useful information for check processingAuthorizationOutcome
instance specifying the authorization
state and information that may be returned to the client.