<O extends ObjectType,T extends ObjectType> void |
SecurityEnforcer.authorize(String operationUrl,
AuthorizationPhaseType phase,
AuthorizationParameters<O,T> params,
OwnerResolver ownerResolver,
Task task,
OperationResult result) |
Evaluates authorization: simply returns if the currently logged it user is authorized for a
specified action.
|
<T extends ObjectType,O extends ObjectType> boolean |
SecurityEnforcer.canSearch(String[] operationUrls,
AuthorizationPhaseType phase,
Class<T> searchResultType,
PrismObject<O> object,
boolean includeSpecial,
ObjectFilter filter,
Task task,
OperationResult result) |
Question: does object make any sense here? E.g.
|
<T extends ObjectType,O extends ObjectType,F> F |
SecurityEnforcer.computeSecurityFilter(MidPointPrincipal principal,
String[] operationUrls,
AuthorizationPhaseType phase,
Class<T> searchResultType,
PrismObject<O> object,
ObjectFilter origFilter,
String limitAuthorizationAction,
List<OrderConstraintsType> paramOrderConstraints,
FilterGizmo<F> gizmo,
Task task,
OperationResult result) |
|
<O extends ObjectType> AccessDecision |
SecurityEnforcer.determineSubitemDecision(ObjectSecurityConstraints securityConstraints,
ObjectDelta<O> delta,
PrismObject<O> currentObject,
String operationUrl,
AuthorizationPhaseType phase,
ItemPath subitemRootPath) |
|
<C extends Containerable> AccessDecision |
SecurityEnforcer.determineSubitemDecision(ObjectSecurityConstraints securityConstraints,
PrismContainerValue<C> containerValue,
String operationUrl,
AuthorizationPhaseType phase,
ItemPath subitemRootPath,
PlusMinusZero plusMinusZero,
String decisionContextDesc) |
|
<O extends ObjectType,T extends ObjectType> void |
SecurityEnforcer.failAuthorization(String operationUrl,
AuthorizationPhaseType phase,
AuthorizationParameters<O,T> params,
OperationResult result) |
Produces authorization error with proper message and logs it using proper logger.
|
AuthorizationDecisionType |
ObjectSecurityConstraints.findAllItemsDecision(String[] actionUrls,
AuthorizationPhaseType phase) |
Almost the same as findAllItemsDecision(String, ...), but in this case there are several equivalent action URLs.
|
AuthorizationDecisionType |
ObjectSecurityConstraints.findAllItemsDecision(String actionUrl,
AuthorizationPhaseType phase) |
Returns decision for the whole action.
|
AuthorizationDecisionType |
ObjectSecurityConstraints.findItemDecision(ItemPath nameOnlyItemPath,
String[] actionUrls,
AuthorizationPhaseType phase) |
|
AuthorizationDecisionType |
ObjectSecurityConstraints.findItemDecision(ItemPath nameOnlyItemPath,
String actionUrl,
AuthorizationPhaseType phase) |
|
<O extends ObjectType,T extends ObjectType> boolean |
SecurityEnforcer.isAuthorized(String operationUrl,
AuthorizationPhaseType phase,
AuthorizationParameters<O,T> params,
OwnerResolver ownerResolver,
Task task,
OperationResult result) |
Returns true if the currently logged-in user is authorized for specified action, returns false otherwise.
|
<T extends ObjectType,O extends ObjectType> ObjectFilter |
SecurityEnforcer.preProcessObjectFilter(String[] operationUrls,
AuthorizationPhaseType phase,
Class<T> searchResultType,
PrismObject<O> object,
ObjectFilter origFilter,
String limitAuthorizationAction,
List<OrderConstraintsType> paramOrderConstraints,
Task task,
OperationResult result) |
Returns a filter that applies to all the objects/targets for which the principal is authorized.
|