Interface AuthorizationService
-
- All Known Implementing Classes:
AuthorizationServiceImpl
public interface AuthorizationService
The authorization service allows managing
Authorizations
.Creating an authorization
An authorization is created between a user/group and a resource. It describes the user/group's permissions to access that resource. An authorization may express different permissions, such as the permission to READ, UPDATE, DELETE the resource. (See
Authorization
for details).Granting / revoking permissions
In order to grant the permission to access a certain resource, an authorization object is created:
Authorization auth = authorizationService.createNewAuthorization(); //... configure auth authorizationService.saveAuthorization(auth);
The authorization object can be configured either for a user or a group:auth.setUserId("john"); -OR- auth.setGroupId("management");
and a resource:auth.setResource("processDefinition"); auth.setResourceId("2313");
finally the permissions to access that resource can be assigned:auth.addPermission(Permissions.READ);
and the authorization object is saved:authorizationService.saveAuthorization(auth);
As a result, the given user or group will have permission to READ the referenced process definition.- Since:
- 7.0
- Author:
- Daniel Meyer
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description AuthorizationQuery
createAuthorizationQuery()
Constructs an authorization query.Authorization
createNewAuthorization(int authorizationType)
Returns a new (transient)Authorization
object.void
deleteAuthorization(java.lang.String authorizationId)
Allows deleting a persistentAuthorization
object.boolean
isUserAuthorized(java.lang.String userId, java.util.List<java.lang.String> groupIds, Permission permission, Resource resource)
Allows performing an authorization check.boolean
isUserAuthorized(java.lang.String userId, java.util.List<java.lang.String> groupIds, Permission permission, Resource resource, java.lang.String resourceId)
Allows performing an authorization check.Authorization
saveAuthorization(Authorization authorization)
Allows saving anAuthorization
object.
-
-
-
Method Detail
-
createNewAuthorization
Authorization createNewAuthorization(int authorizationType)
Returns a new (transient)
Authorization
object. The Object is not yet persistent and must be saved using thesaveAuthorization(Authorization)
method.- Parameters:
authorizationType
- the type of the authorization. Legal values:Authorization.AUTH_TYPE_GLOBAL
,Authorization.AUTH_TYPE_GRANT
,Authorization.AUTH_TYPE_REVOKE
- Returns:
- an non-persistent Authorization object.
- Throws:
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.AUTHORIZATION
.
-
saveAuthorization
Authorization saveAuthorization(Authorization authorization)
Allows saving anAuthorization
object. Use this method for persisting new transientAuthorization
objects obtained throughcreateNewAuthorization(int)
or for updating persistent objects.- Parameters:
authorization
- a Authorization object.- Returns:
- the authorization object.
- Throws:
ProcessEngineException
- in case an internal error occursAuthorizationException
- if the user has noPermissions.CREATE
permissions (in case of persisting a transient object) or noPermissions.UPDATE
permissions (in case of updating a persistent object) onResources.AUTHORIZATION
-
deleteAuthorization
void deleteAuthorization(java.lang.String authorizationId)
Allows deleting a persistentAuthorization
object.- Parameters:
authorizationId
- the id of the Authorization object to delete.- Throws:
ProcessEngineException
- if no such authorization exists or if an internal error occurs.AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.AUTHORIZATION
.
-
createAuthorizationQuery
AuthorizationQuery createAuthorizationQuery()
Constructs an authorization query.
-
isUserAuthorized
boolean isUserAuthorized(java.lang.String userId, java.util.List<java.lang.String> groupIds, Permission permission, Resource resource)
Allows performing an authorization check.
Returns true if the given user has permissions for interacting with the resource is the requested way.
This method checks for the resource type, see
Authorization.ANY
- Parameters:
userId
- the id of the user for which the check is performed.groupIds
- a list of group ids the user is member ofpermission
- the permission(s) to check for.resource
- the resource for which the authorization is checked.- Throws:
BadUserRequestException
- whenresource
is aHistoric Task
orHistoric Process Instance
and historic instance permissions are disabled.
-
isUserAuthorized
boolean isUserAuthorized(java.lang.String userId, java.util.List<java.lang.String> groupIds, Permission permission, Resource resource, java.lang.String resourceId)
Allows performing an authorization check.
Returns true if the given user has permissions for interacting with the resource is the requested way.
- Parameters:
userId
- the id of the user for which the check is performed.groupIds
- a list of group ids the user is member ofpermission
- the permission(s) to check for.resource
- the resource for which the authorization is checked.resourceId
- the resource id for which the authorization check is performed.- Throws:
BadUserRequestException
- whenresource
is aHistoric Task
orHistoric Process Instance
and historic instance permissions are disabled.
-
-