org.osid.authorization

Interface AuthorizationSession

All Superinterfaces:

java.lang.AutoCloseable, java.io.Closeable, OsidSession

public interface AuthorizationSession
extends OsidSession

This is the basic session for verifying authorizations.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	canAccessAuthorizations() Tests if this user can perform authorization checks.
AuthorizationCondition	getAuthorizationCondition(Id functionId) Gets the AuthorizationCondition for making conditional authorization checks.
Vault	getVault() Gets the Vault associated with this session.
Id	getVaultId() Gets the Vault Id associated with this session.
boolean	isAuthorized(Id agentId, Id functionId, Id qualifierId) Determines if the given agent is authorized.
boolean	isAuthorizedOnCondition(Id agentId, Id functionId, Id qualifierId, AuthorizationCondition condition) Determines if the given agent is authorized.

Methods inherited from interface org.osid.OsidSession

getAuthenticatedAgent, getAuthenticatedAgentId, getClockRate, getDate, getEffectiveAgent, getEffectiveAgentId, getFormatType, getLocale, isAuthenticated, startTransaction, supportsTransactions

Methods inherited from interface org.osid.binding.java.OsidSession

close

Methods inherited from interface java.io.Closeable

close

Method Detail

getVaultId

Id getVaultId()

Gets the Vault Id associated with this session.

Returns:

the Vault Id associated with this session

Compliance:

mandatory - This method must be implemented.

getVault

Vault getVault()
               throws OperationFailedException,
                      PermissionDeniedException

Gets the Vault associated with this session.

Returns:

the Vault associated with this session

Throws:

OperationFailedException - unable to complete request

PermissionDeniedException - authorization failure

Compliance:

mandatory - This method must be implemented.

canAccessAuthorizations

boolean canAccessAuthorizations()

Tests if this user can perform authorization checks. A return of true does not guarantee successful authorization. A return of false indicates that it is known all methods in this session will result in a PERMISSION_DENIED. This is intended as a hint to an application that may opt not to offer lookup operations to unauthorized users.

Returns:

false if authorization methods are not authorized, true otherwise

Compliance:

mandatory - This method must be implemented.

isAuthorized

boolean isAuthorized(Id agentId,
                   Id functionId,
                   Id qualifierId)
                     throws NotFoundException,
                            OperationFailedException,
                            PermissionDeniedException

Determines if the given agent is authorized. An agent is authorized if an active authorization exists whose Agent, Function and Qualifier matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the Agent and the Qualifier but are queried in the de-nornmalized form. The Agent is generally determined through the use of an Authentication OSID. The Function and Qualifier are already known as they map to the desired authorization to validate.

Parameters:

agentId - the Id of an Agent

functionId - the Id of a Function

qualifierId - the Id of a Qualifier

Returns:

true if the user is authorized, false othersise

Throws:

NotFoundException - functionId is not found

NullArgumentException - agentId , functionId or qualifierId is null

OperationFailedException - unable to complete request

PermissionDeniedException - authorization failure making request

Compliance:

mandatory - This method must be implemented.

Notes:

Authorizations - may be stored in a normalized form with respect to various Resources and created using specific nodes in a Function or Qualifer hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query. Querying the authorization service may in itself require a separate authorization. A PERMISSION_DENIED is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return false.

getAuthorizationCondition

AuthorizationCondition getAuthorizationCondition(Id functionId)
                                                 throws NotFoundException,
                                                        OperationFailedException,
                                                        PermissionDeniedException

Gets the AuthorizationCondition for making conditional authorization checks.

Parameters:

functionId - the Id of a Function

Returns:

an authorization condition

Throws:

NotFoundException - functionId is not found

NullArgumentException - functionId is null

OperationFailedException - unable to complete request

PermissionDeniedException - authorization failure making request

Compliance:

mandatory - This method must be implemented.

isAuthorizedOnCondition

boolean isAuthorizedOnCondition(Id agentId,
                              Id functionId,
                              Id qualifierId,
                              AuthorizationCondition condition)
                                throws NotFoundException,
                                       OperationFailedException,
                                       PermissionDeniedException

Determines if the given agent is authorized. An agent is authorized if an active authorization exists whose Agent, Function and Qualifier matches the supplied parameters. Authorizations may be defined using groupings or hieratchical structures for both the Agent and the Qualifier but are queried in the de-nornmalized form. The Agent is generally determined through the use of an Authentication OSID. The Function and Qualifier are already known as they map to the desired authorization to validate.

Parameters:

agentId - the Id of an Agent

functionId - the Id of a Function

qualifierId - the Id of a Qualifier

condition - an authorization condition

Returns:

true if the user is authorized, false othersise

Throws:

NotFoundException - functionId is not found

NullArgumentException - agentId , functionId, qualifierId , or condition is null

OperationFailedException - unable to complete request

PermissionDeniedException - authorization failure making request

UnsupportedException - condition is not of this service

Compliance:

mandatory - This method must be implemented.

Notes:

Authorizations - may be stored in a normalized form with respect to various Resources and created using specific nodes in a Function or Qualifer hierarchy. The provider needs to maintain a de-normalized implicit authorization store or expand the applicable hierarchies on the fly to honor this query. Querying the authorization service may in itself require a separate authorization. A PERMISSION_DENIED is a result of this authorization failure. If no explicit or implicit authorization exists for the queried tuple, this method should return false.