001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: Authorizer.java,v 1.2 2008/06/25 05:47:18 qcheng Exp $
026 *
027 */
028
029package com.sun.identity.liberty.ws.interfaces;
030
031/**
032 * This class <code>Authorizer</code> is an interface for identity service
033 * to check authorization of a <code>WSC</code>.
034 * @supported.all.api
035 */
036public interface Authorizer {
037
038    /**
039     * Key of a parameter Map which contains information useful for policy
040     * evaluation. The value of this key is id of the user whose resource id
041     * being accessed.
042     */
043    public static final String USER_ID = "userID";
044
045    /**
046     * Key of a parameter Map which contains information useful for policy
047     * evaluation. The value of this key is the authentication mechanism
048     * web service consumer used.
049     */
050    public static final String AUTH_TYPE = "authType";
051
052    /**
053     * Key of a parameter Map which contains information useful for policy
054     * evaluation. The value of this key is
055     * <code>com.sun.identity.liberty.ws.soapbinding.Message</code>.
056     */
057    public static final String MESSAGE = "message";
058
059
060    /**
061     * Checks if the <code>WSC</code> is authorized to query or modify the
062     * select data.
063     *
064     * @param credential credential of a <code>WSC</code>.
065     * @param action request action.
066     * @param data Object who is being accessed.
067     * @param env A Map contains information useful for policy evaluation.
068     *          The following key is defined and its value should be 
069     *          passed in:
070     *          Key: <code>USER_ID</code>
071     *          Value: id of the user whose resource is being accessed.
072     *          Key: <code>AUTH_TYPE</code>
073     *          Value: The authentication mechanism <code>WSC</code> used.
074     *          Key: <code>MESSAGE</code>
075     *          Value:
076     *          <code>com.sun.identity.liberty.ws.soapbinding.Message
077     *          </code>.
078     * @return true if the <code>WSC</code> is authorized.
079     */
080    public boolean isAuthorized(Object credential, String action, 
081                                Object data, java.util.Map env);
082
083    /**
084     * Returns authorization decision for the given action(query or modify)
085     * and to the given select data 
086     * @param credential credential of a <code>WSC</code>.
087     * @param action request action.
088     * @param data Object who is being accessed.
089     * @param env A Map contains information useful for policy evaluation.
090     *          The following key is defined and its value should be passed in:
091     *          Key: <code>USER_ID</code>
092     *          Value: id of the user whose resource is being accessed.
093     *          Key: <code>AUTH_TYPE</code>
094     *          Value: The authentication mechanism <code>WSC</code> used.
095     *          Key: <code>MESSAGE</code>
096     *          Value:
097     *          <code>com.sun.identity.liberty.ws.soapbinding.Message</code>.
098     * @return <code>AuthorizationDecision</code> object contains authorization 
099     *             decision information for the given resource.
100     * @exception Exception
101     */
102    public Object getAuthorizationDecision(
103                  Object credential,
104                  String action,
105                  Object data,
106                  java.util.Map env)
107    throws Exception;
108
109}