AuthorizationService (camunda BPM Javadocs 7.1.10-ee)

All Known Implementing Classes:

AuthorizationServiceImpl
```
public interface AuthorizationService
```
The authorization service allows managing Authorizations.

Creating an authorization

An authorization is created between a user/group and a resource. It describes the user/group's permissions to access that resource. An authorization may express different permissions, such as the permission to READ, WRITE, DELETE the resource. (See Authorization for details).

Granting / revoking permissions

In order to grant the permission to access a certain resource, an authorization object is created:
```
 Authorization auth = authorizationService.createNewAuthorization();
 //... configure auth
 authorizationService.saveAuthorization(auth);
 
```
The authorization object can be configured either for a user or a group:
```
 auth.setUserId("john");
   -OR-
 auth.setGroupId("management");
 
```
and a resource:
```
 auth.setResource("processDefinition");
 auth.setResourceId("2313");
 
```
finally the permissions to access that resource can be assigned:
```
 auth.addPermission(Permissions.READ);
 
```
and the authorization object is saved:
```
 authorizationService.saveAuthorization(auth);
 
```
As a result, the given user or group will have permission to READ the referenced process definition.
Since:

7.0

Author:

Daniel Meyer

Method Summary

Methods
Modifier and Type	Method and Description
`AuthorizationQuery`	`createAuthorizationQuery()` Constructs an authorization query.
`Authorization`	`createNewAuthorization(int authorizationType)` Returns a new (transient) `Authorization` object.
`void`	`deleteAuthorization(String authorizationId)` Allows deleting a persistent `Authorization` object.
`boolean`	`isUserAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource)` Allows performing an authorization check.
`boolean`	`isUserAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId)` Allows performing an authorization check.
`Authorization`	`saveAuthorization(Authorization authorization)` Allows saving an `Authorization` object.

- Method Detail
  - createNewAuthorization
```
Authorization createNewAuthorization(int authorizationType)
```
    Returns a new (transient) Authorization object. The Object is not yet persistent and must be saved using the saveAuthorization(Authorization) method.
    
    Parameters:
    authorizationType - the type of the authorization. Legal values: Authorization.AUTH_TYPE_GLOBAL, Authorization.AUTH_TYPE_GRANT, Authorization.AUTH_TYPE_REVOKE
    
    Returns:
    an non-persistent Authorization object.
    
    Throws:
    
    AuthorizationException - if the user has no Permissions.CREATE permissions on Resources.AUTHORIZATION.
  - saveAuthorization
```
Authorization saveAuthorization(Authorization authorization)
```
    Allows saving an Authorization object. Use this method for persisting new transient Authorization objects obtained through createNewAuthorization(int) or for updating persistent objects.
    
    Parameters:
    authorization - a Authorization object.
    
    Returns:
    the authorization object.
    
    Throws:
    
    ProcessEngineException - in case an internal error occurs
    
    AuthorizationException - if the user has no Permissions.CREATE permissions (in case of persisting a transient object) or no Permissions.UPDATE permissions (in case of updating a persistent object) on Resources.AUTHORIZATION
  - deleteAuthorization
```
void deleteAuthorization(String authorizationId)
```
    Allows deleting a persistent Authorization object.
    
    Parameters:
    authorizationId - the id of the Authorization object to delete.
    
    Throws:
    
    ProcessEngineException - if no such authorization exists or if an internal error occurs.
    
    AuthorizationException - if the user has no Permissions.DELETE permissions on Resources.AUTHORIZATION.
  - createAuthorizationQuery
```
AuthorizationQuery createAuthorizationQuery()
```
    Constructs an authorization query.
  - isUserAuthorized
```
boolean isUserAuthorized(String userId,
                       List<String> groupIds,
                       Permission permission,
                       Resource resource)
```
    Allows performing an authorization check.
    
    Returns true if the given user has permissions for interacting with the resource is the requested way.
    
    This method checks for the resource type, see Authorization.ANY
    
    Parameters:
    userId - the id of the user for which the check is performed.
    groupIds - a list of group ids the user is member of
    permission - the permission(s) to check for.
    resource - the resource for which the authorization is checked.
  - isUserAuthorized
```
boolean isUserAuthorized(String userId,
                       List<String> groupIds,
                       Permission permission,
                       Resource resource,
                       String resourceId)
```
    Allows performing an authorization check.
    
    Returns true if the given user has permissions for interacting with the resource is the requested way.
    
    Parameters:
    userId - the id of the user for which the check is performed.
    groupIds - a list of group ids the user is member of
    permission - the permission(s) to check for.
    resource - the resource for which the authorization is checked.
    resourceId - the resource id for which the authorization check is performed.

Interface AuthorizationService

Creating an authorization

Granting / revoking permissions

Method Summary

Method Detail

createNewAuthorization

saveAuthorization

deleteAuthorization

createAuthorizationQuery

isUserAuthorized

isUserAuthorized