public interface AuthorizationService
The authorization service allows managing Authorizations
.
An authorization is created between a user/group and a resource. It describes
the user/group's permissions to access that resource. An authorization may
express different permissions, such as the permission to READ, WRITE, DELETE the
resource. (See Authorization
for details).
In order to grant the permission to access a certain resource, an authorization object is created:
Authorization auth = authorizationService.createNewAuthorization(); //... configure auth authorizationService.saveAuthorization(auth);The authorization object can be configured either for a user or a group:
auth.setUserId("john"); -OR- auth.setGroupId("management");and a resource:
auth.setResource("processDefinition"); auth.setResourceId("2313");finally the permissions to access that resource can be assigned:
auth.addPermission(Permissions.READ);and the authorization object is saved:
authorizationService.saveAuthorization(auth);As a result, the given user or group will have permission to READ the referenced process definition.
Modifier and Type | Method and Description |
---|---|
AuthorizationQuery |
createAuthorizationQuery()
Constructs an authorization query.
|
Authorization |
createNewAuthorization(int authorizationType)
Returns a new (transient)
Authorization object. |
void |
deleteAuthorization(String authorizationId)
Allows deleting a persistent
Authorization object. |
boolean |
isUserAuthorized(String userId,
List<String> groupIds,
Permission permission,
Resource resource)
Allows performing an authorization check.
|
boolean |
isUserAuthorized(String userId,
List<String> groupIds,
Permission permission,
Resource resource,
String resourceId)
Allows performing an authorization check.
|
Authorization |
saveAuthorization(Authorization authorization)
Allows saving an
Authorization object. |
Authorization createNewAuthorization(int authorizationType)
Returns a new (transient) Authorization
object. The Object is not
yet persistent and must be saved using the saveAuthorization(Authorization)
method.
authorizationType
- the type of the authorization. Legal values: Authorization.AUTH_TYPE_GLOBAL
,
Authorization.AUTH_TYPE_GRANT
, Authorization.AUTH_TYPE_REVOKE
AuthorizationException
- if the user has no Permissions.CREATE
permissions on Resources.AUTHORIZATION
.Authorization saveAuthorization(Authorization authorization)
Authorization
object. Use this method for persisting new
transient Authorization
objects obtained through createNewAuthorization(int)
or
for updating persistent objects.authorization
- a Authorization object.ProcessEngineException
- in case an internal error occursAuthorizationException
- if the user has no
Permissions.CREATE
permissions (in case of persisting a transient object) or no
Permissions.UPDATE
permissions (in case of updating a persistent object)
on Resources.AUTHORIZATION
void deleteAuthorization(String authorizationId)
Authorization
object.authorizationId
- the id of the Authorization object to delete.ProcessEngineException
- if no such authorization exists or if an internal error occurs.AuthorizationException
- if the user has no Permissions.DELETE
permissions on Resources.AUTHORIZATION
.AuthorizationQuery createAuthorizationQuery()
boolean isUserAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource)
Allows performing an authorization check.
Returns true if the given user has permissions for interacting with the resource is the requested way.
This method checks for the resource type, see Authorization.ANY
userId
- the id of the user for which the check is performed.groupIds
- a list of group ids the user is member ofpermission
- the permission(s) to check for.resource
- the resource for which the authorization is checked.boolean isUserAuthorized(String userId, List<String> groupIds, Permission permission, Resource resource, String resourceId)
Allows performing an authorization check.
Returns true if the given user has permissions for interacting with the resource is the requested way.
userId
- the id of the user for which the check is performed.groupIds
- a list of group ids the user is member ofpermission
- the permission(s) to check for.resource
- the resource for which the authorization is checked.resourceId
- the resource id for which the authorization check is performed.Copyright © 2020. All rights reserved.