TIBCO Enterprise Message Service

com.tibco.tibems.tibemsd.security
Class AuthorizationResult

java.lang.Object
  extended by com.tibco.tibems.tibemsd.security.AuthorizationResult

public class AuthorizationResult
extends java.lang.Object

This class represents the answer to an authorization request. The server will cache AuthorizationResults as they are returned by the isAllowed() method of an Authorizer. The exact caching behavior depends on the attributes of the AuthorizationResult.

A timeout of zero means that the answer will not be cached at all. The authorization decision will only be returned to the server for immediate use. The values of this AuthorizationResult's destination and types will be ignored, and the result will only apply to the particular destination and Action.Type that were passed to isAllowed().

Any other timeout value will cause the server to cache this result. The server will not ask the Authorizer again about the given destination any earlier than the given timeout. The server will attempt to remove the result from the cache promptly after the timeout, causing the next matching query to be passed on to the Authorizer.

Any timeout greater than the server's maximum timeout will be silently set to that maximum. The current maximum timeout value is returned by getMaxTimeout().

An AuthorizationResult need not have a destination set. In this case, the server will cache the result under the exact destination that was passed to the Authorizer's isAllowed() method.

However, when an authorizer is asked about a specific destination, it may be useful to return information about a class of destinations, to make the cache more efficient. For instance, if the server asks about "foo.bar.baz", the Authorizer could return a result that allows access to "foo.>". If the AuthorizationResult has a non-null destination set, and it is a wildcard that contains the destination passed to Authorizer.isAllowed(), then the server will cache the result under that wildcard. The exact definition of "contains" is given by Util.isDestinationContainedBy().

Similarly, an AuthorizationResult can specify a set of Action.Types to which it applies.


Constructor Summary
AuthorizationResult(boolean allowed)
          Creates a new AuthorizationResult with timeout 0, and destination null.
AuthorizationResult(boolean allowed, long timeout, java.util.concurrent.TimeUnit unit)
          Creates a new authorization result, with destination null.
AuthorizationResult(boolean allowed, long timeout, java.util.concurrent.TimeUnit unit, java.lang.String destination)
          Creates a new authorization result.
AuthorizationResult(boolean allowed, long timeout, java.util.concurrent.TimeUnit unit, java.lang.String destination, Action.Type... types)
          Creates a new authorization result.
AuthorizationResult(boolean allowed, long timeout, java.util.concurrent.TimeUnit unit, java.lang.String destination, java.util.Set<Action.Type> types)
          Creates a new authorization result.
AuthorizationResult(boolean allowed, java.lang.String destination)
          Creates a new AuthorizationResult with timeout 0.
 
Method Summary
 boolean appliesTo(java.lang.String candidate)
           
static AuthorizationResult denyMax(java.lang.String destination)
           
static AuthorizationResult denyNow()
           
 java.lang.String getDestination()
           
static long getMaxTimeout(java.util.concurrent.TimeUnit unit)
          Returns the maximum time to live for an AuthorizationResult.
 long getTimeout(java.util.concurrent.TimeUnit unit)
           
 Action.Type[] getTypes()
           
static AuthorizationResult grantMax(java.lang.String destination)
           
static AuthorizationResult grantNow()
           
 boolean isAllowed()
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AuthorizationResult

public AuthorizationResult(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit,
                           java.lang.String destination,
                           Action.Type... types)
Creates a new authorization result.

Parameters:
allowed - true if the operation should be allowed. false otherwise.
timeout - minimum time for this result to be cached
unit - time unit for timeout parameter
destination - destination for which this result should be cached
types - an array of Action.Type for which this result should be cached

AuthorizationResult

public AuthorizationResult(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit,
                           java.lang.String destination,
                           java.util.Set<Action.Type> types)
Creates a new authorization result.

Parameters:
allowed - true if the operation should be allowed. false otherwise.
timeout - minimum time for this result to be cached
unit - time unit for timeout parameter
destination - destination for which this result should be cached
types - a set of Action.Type for which this result should be cached

AuthorizationResult

public AuthorizationResult(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit,
                           java.lang.String destination)
Creates a new authorization result.

Parameters:
allowed - true if the operation should be allowed. false otherwise.
timeout - minimum time for this result to be cached
unit - time unit for timeout parameter
destination - destination for which this result should be cached

AuthorizationResult

public AuthorizationResult(boolean allowed,
                           long timeout,
                           java.util.concurrent.TimeUnit unit)
Creates a new authorization result, with destination null.


AuthorizationResult

public AuthorizationResult(boolean allowed)
Creates a new AuthorizationResult with timeout 0, and destination null.


AuthorizationResult

public AuthorizationResult(boolean allowed,
                           java.lang.String destination)
Creates a new AuthorizationResult with timeout 0.

Method Detail

denyNow

public static AuthorizationResult denyNow()
Parameters:
destination -
Returns:
a negative AuthorizationResult that will not be cached.

getMaxTimeout

public static long getMaxTimeout(java.util.concurrent.TimeUnit unit)
Returns the maximum time to live for an AuthorizationResult. Any AuthorizationResult created with a timeout greater than this will silently be reset to this timeout.

Parameters:
unit - The time unit in which to express the return value
Returns:
The maximum time to live for AutorizationResults

denyMax

public static AuthorizationResult denyMax(java.lang.String destination)
Parameters:
destination -
Returns:
a negative AuthorizationResult with the given destination, that will be cached for the maximum time allowed.

grantNow

public static AuthorizationResult grantNow()
Parameters:
destination -
Returns:
a positive AuthorizationResult that will not be cached.

grantMax

public static AuthorizationResult grantMax(java.lang.String destination)
Parameters:
destination -
Returns:
a positive AuthorizationResult with the given destination, that will be cached for the maximum time allowed.

isAllowed

public boolean isAllowed()

getTimeout

public long getTimeout(java.util.concurrent.TimeUnit unit)

getDestination

public java.lang.String getDestination()

appliesTo

public boolean appliesTo(java.lang.String candidate)
Parameters:
candidate - a destination to test.
Returns:
true if this AthorizationResult specifies a wildcard destination that contains the candidate destination.

getTypes

public Action.Type[] getTypes()
Returns:
the types

TIBCO Enterprise Message Service

Copyright © TIBCO Software Inc. All rights reserved