Package com.tibco.tibems.tibemsd.security

Class AuthorizationResult

  • java.lang.Object
    • com.tibco.tibems.tibemsd.security.AuthorizationResult
  • public class AuthorizationResult
extends java.lang.Object
    This class represents the answer to an authorization request. The server will cache AuthorizationResults as they are returned by the isAllowed() method of an Authorizer. The exact caching behavior depends on the attributes of the AuthorizationResult.

    A timeout of zero means that the answer will not be cached at all. The authorization decision will only be returned to the server for immediate use. The values of this AuthorizationResult's destination and types will be ignored, and the result will only apply to the particular destination and Action.Type that were passed to isAllowed().

    Any other timeout value will cause the server to cache this result. The server will not ask the Authorizer again about the given destination any earlier than the given timeout. The server will attempt to remove the result from the cache promptly after the timeout, causing the next matching query to be passed on to the Authorizer.

    Any timeout greater than the server's maximum timeout will be silently set to that maximum. The current maximum timeout value is returned by getMaxTimeout().

    An AuthorizationResult need not have a destination set. In this case, the server will cache the result under the exact destination that was passed to the Authorizer's isAllowed() method.

    However, when an authorizer is asked about a specific destination, it may be useful to return information about a class of destinations, to make the cache more efficient. For instance, if the server asks about "foo.bar.baz", the Authorizer could return a result that allows access to "foo.>". If the AuthorizationResult has a non-null destination set, and it is a wildcard that contains the destination passed to Authorizer.isAllowed(), then the server will cache the result under that wildcard. The exact definition of "contains" is given by Util.isDestinationContainedBy().

    Similarly, an AuthorizationResult can specify a set of Action.Types to which it applies.

    • Constructor Detail

      • AuthorizationResult

        public AuthorizationResult​(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit,
                           java.lang.String destination,
                           Action.Type... types)
        Creates a new authorization result.
        Parameters:
        allowed - true if the operation should be allowed. false otherwise.
        timeout - minimum time for this result to be cached
        unit - time unit for timeout parameter
        destination - destination for which this result should be cached
        types - an array of Action.Type for which this result should be cached

      • AuthorizationResult

        public AuthorizationResult​(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit,
                           java.lang.String destination,
                           java.util.Set<Action.Type> types)
        Creates a new authorization result.
        Parameters:
        allowed - true if the operation should be allowed. false otherwise.
        timeout - minimum time for this result to be cached
        unit - time unit for timeout parameter
        destination - destination for which this result should be cached
        types - a set of Action.Type for which this result should be cached

      • AuthorizationResult

        public AuthorizationResult​(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit,
                           java.lang.String destination)
        Creates a new authorization result.
        Parameters:
        allowed - true if the operation should be allowed. false otherwise.
        timeout - minimum time for this result to be cached
        unit - time unit for timeout parameter
        destination - destination for which this result should be cached

      • AuthorizationResult

        public AuthorizationResult​(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit)
        Creates a new authorization result, with destination null.

      • AuthorizationResult

        public AuthorizationResult​(boolean allowed)
        Creates a new AuthorizationResult with timeout 0, and destination null.

      • AuthorizationResult

        public AuthorizationResult​(boolean allowed,
                           java.lang.String destination)
        Creates a new AuthorizationResult with timeout 0.

    • Method Detail

      • denyNow

        public static AuthorizationResult denyNow()
        Returns:
        a negative AuthorizationResult that will not be cached.

      • getMaxTimeout

        public static long getMaxTimeout​(java.util.concurrent.TimeUnit unit)
        Returns the maximum time to live for an AuthorizationResult. Any AuthorizationResult created with a timeout greater than this will silently be reset to this timeout.
        Parameters:
        unit - The time unit in which to express the return value
        Returns:
        The maximum time to live for AutorizationResults

      • denyMax

        public static AuthorizationResult denyMax​(java.lang.String destination)
        Parameters:
        destination -
        Returns:
        a negative AuthorizationResult with the given destination, that will be cached for the maximum time allowed.

      • grantNow

        public static AuthorizationResult grantNow()
        Returns:
        a positive AuthorizationResult that will not be cached.

      • grantMax

        public static AuthorizationResult grantMax​(java.lang.String destination)
        Parameters:
        destination -
        Returns:
        a positive AuthorizationResult with the given destination, that will be cached for the maximum time allowed.

      • isAllowed

        public boolean isAllowed()

      • getTimeout

        public long getTimeout​(java.util.concurrent.TimeUnit unit)

      • getDestination

        public java.lang.String getDestination()

      • appliesTo

        public boolean appliesTo​(java.lang.String candidate)
        Parameters:
        candidate - a destination to test.
        Returns:
        true if this AuthorizationResult specifies a wildcard destination that contains the candidate destination.

      • getTypes

        public Action.Type[] getTypes()
        Returns:
        the types