001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id $
026 *
027 */
028
029package com.sun.identity.wss.security.handler;
030
031import javax.security.auth.Subject;
032import com.sun.identity.wss.security.SecurityMechanism;
033import com.sun.identity.wss.security.SecurityToken;
034import com.sun.identity.wss.security.SecurityException;
035import com.sun.identity.wss.provider.ProviderConfig;
036
037/**
038 * This interface provides a pluggable authorizer for the webservices
039 * to authorize the web service clients.
040 * @supported.all.api
041 */
042public interface MessageAuthorizer {
043
044    
045    /**
046     * Authorizes the web services client.
047     * @param subject authenticated subject.
048     * @param secureMessage the secure SOAPMessage.
049     *      If the message security is provided by the WS-I profies, the
050     *      secureMessage object is of type
051     *     <code>com.sun.identity.wss.security.handler.SecureSOAPMessage</code>. 
052     *     If the message security is provided by the Liberty ID-WSF
053     *     profiles, the secure message is of type
054     *     <code>com.sun.identity.liberty.ws.soapbinding.Message</code>.
055     * @param securityMechanism the security mechanism that will be used to
056     *        authenticate the web services client.
057     * @param securityToken the security token that is used.
058     * @param config the provider configuration.
059     * @param isLiberty boolean variable to indicate that the message
060     *        security is provided by the liberty security profiles.
061     * @exception SecurityException if there is an exception
062     *            during authorization.
063     */
064    public boolean authorize(
065             Subject subject,
066             Object secureMessage,
067             SecurityMechanism securityMechanism,
068             SecurityToken securityToken,
069             ProviderConfig config,             
070             boolean isLiberty) throws SecurityException;
071
072}