Interface AuthorizationRule
public interface AuthorizationRule
A rule restricting access to the requested REST resource.
REST resources access has been divided into two steps:
- the authentication, allowing to know from whom the request came.
- the authorization, allowing to know if the user has enough rights to perform this request.
AuthorizationRule
s are considered only during the second step
to check the user's rights. Warning: these authorization rules must
only cover the REST resources access scope and must not replace
EBX®'s permissions.
Since authorization rules are evaluated for every REST request,
overly complex checks can cause performance issues.
An implementation of AuthorizationRule
may use any of the JAX-RS
and toolkit injectable contexts.
- Since:
- 5.9.0
-
Method Summary
Modifier and TypeMethodDescriptioncheck
(AuthorizationContext aContext) Checks if the user has the proper rights to perform the request.
-
Method Details
-
check
Checks if the user has the proper rights to perform the request.- Parameters:
aContext
- an authorization context holding useful information for check processing- Returns:
- an
AuthorizationOutcome
instance specifying the authorization state and information that may be returned to the client.
-