com.tibco.tibems.tibemsd.security

Class AuthorizationResult

java.lang.Object

com.tibco.tibems.tibemsd.security.AuthorizationResult

public class AuthorizationResult
extends java.lang.Object

This class represents the answer to an authorization request. The server will cache AuthorizationResults as they are returned by the isAllowed() method of an Authorizer. The exact caching behavior depends on the attributes of the AuthorizationResult.

A timeout of zero means that the answer will not be cached at all. The authorization decision will only be returned to the server for immediate use. The values of this AuthorizationResult's destination and types will be ignored, and the result will only apply to the particular destination and Action.Type that were passed to isAllowed().

Any other timeout value will cause the server to cache this result. The server will not ask the Authorizer again about the given destination any earlier than the given timeout. The server will attempt to remove the result from the cache promptly after the timeout, causing the next matching query to be passed on to the Authorizer.

Any timeout greater than the server's maximum timeout will be silently set to that maximum. The current maximum timeout value is returned by getMaxTimeout().

An AuthorizationResult need not have a destination set. In this case, the server will cache the result under the exact destination that was passed to the Authorizer's isAllowed() method.

However, when an authorizer is asked about a specific destination, it may be useful to return information about a class of destinations, to make the cache more efficient. For instance, if the server asks about "foo.bar.baz", the Authorizer could return a result that allows access to "foo.>". If the AuthorizationResult has a non-null destination set, and it is a wildcard that contains the destination passed to Authorizer.isAllowed(), then the server will cache the result under that wildcard. The exact definition of "contains" is given by Util.isDestinationContainedBy().

Similarly, an AuthorizationResult can specify a set of Action.Types to which it applies.

Constructor Summary

Constructors

Constructor and Description
AuthorizationResult(boolean allowed) Creates a new AuthorizationResult with timeout 0, and destination null.
AuthorizationResult(boolean allowed, long timeout, java.util.concurrent.TimeUnit unit) Creates a new authorization result, with destination null.
AuthorizationResult(boolean allowed, long timeout, java.util.concurrent.TimeUnit unit, java.lang.String destination) Creates a new authorization result.
AuthorizationResult(boolean allowed, long timeout, java.util.concurrent.TimeUnit unit, java.lang.String destination, Action.Type... types) Creates a new authorization result.
AuthorizationResult(boolean allowed, long timeout, java.util.concurrent.TimeUnit unit, java.lang.String destination, java.util.Set<Action.Type> types) Creates a new authorization result.
AuthorizationResult(boolean allowed, java.lang.String destination) Creates a new AuthorizationResult with timeout 0.

Method Summary

Modifier and Type	Method and Description
boolean	appliesTo(java.lang.String candidate)
static AuthorizationResult	denyMax(java.lang.String destination)
static AuthorizationResult	denyNow()
java.lang.String	getDestination()
static long	getMaxTimeout(java.util.concurrent.TimeUnit unit) Returns the maximum time to live for an AuthorizationResult.
long	getTimeout(java.util.concurrent.TimeUnit unit)
Action.Type[]	getTypes()
static AuthorizationResult	grantMax(java.lang.String destination)
static AuthorizationResult	grantNow()
boolean	isAllowed()

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationResult

public AuthorizationResult(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit,
                           java.lang.String destination,
                           Action.Type... types)

Creates a new authorization result.

Parameters:

allowed - true if the operation should be allowed. false otherwise.

timeout - minimum time for this result to be cached

unit - time unit for timeout parameter

destination - destination for which this result should be cached

types - an array of Action.Type for which this result should be cached

AuthorizationResult

public AuthorizationResult(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit,
                           java.lang.String destination,
                           java.util.Set<Action.Type> types)

Creates a new authorization result.

Parameters:

allowed - true if the operation should be allowed. false otherwise.

timeout - minimum time for this result to be cached

unit - time unit for timeout parameter

destination - destination for which this result should be cached

types - a set of Action.Type for which this result should be cached

AuthorizationResult

public AuthorizationResult(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit,
                           java.lang.String destination)

Creates a new authorization result.

Parameters:

allowed - true if the operation should be allowed. false otherwise.

timeout - minimum time for this result to be cached

unit - time unit for timeout parameter

destination - destination for which this result should be cached

AuthorizationResult

public AuthorizationResult(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit)

Creates a new authorization result, with destination null.

AuthorizationResult

public AuthorizationResult(boolean allowed)

Creates a new AuthorizationResult with timeout 0, and destination null.

AuthorizationResult

public AuthorizationResult(boolean allowed,
                           java.lang.String destination)

Creates a new AuthorizationResult with timeout 0.

Method Detail

denyNow

public static AuthorizationResult denyNow()

Parameters:

destination -

Returns:

a negative AuthorizationResult that will not be cached.

getMaxTimeout

public static long getMaxTimeout(java.util.concurrent.TimeUnit unit)

Returns the maximum time to live for an AuthorizationResult. Any AuthorizationResult created with a timeout greater than this will silently be reset to this timeout.

Parameters:

unit - The time unit in which to express the return value

Returns:

The maximum time to live for AutorizationResults

denyMax

public static AuthorizationResult denyMax(java.lang.String destination)

Parameters:

destination -

Returns:

a negative AuthorizationResult with the given destination, that will be cached for the maximum time allowed.

grantNow

public static AuthorizationResult grantNow()

Parameters:

destination -

Returns:

a positive AuthorizationResult that will not be cached.

grantMax

public static AuthorizationResult grantMax(java.lang.String destination)

Parameters:

destination -

Returns:

a positive AuthorizationResult with the given destination, that will be cached for the maximum time allowed.

isAllowed

public boolean isAllowed()

getTimeout

public long getTimeout(java.util.concurrent.TimeUnit unit)

getDestination

public java.lang.String getDestination()

appliesTo

public boolean appliesTo(java.lang.String candidate)

Parameters:

candidate - a destination to test.

Returns:

true if this AuthorizationResult specifies a wildcard destination that contains the candidate destination.

getTypes

public Action.Type[] getTypes()

Returns:

the types