Versions Compared

Old Version 71

changes.mady.by.user Bhooshan Mogal

Saved on

compared with

New Version 72

changes.mady.by.user Bhooshan Mogal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This system exposes a set of interfaces defined below. 

...

AuthEnforcer

The AuthCheckerAuthEnforcer interface provides a way to check if an operation is authorized. At various points in the CDAP code (NamespaceHttpHandler, AppLifecycleHttpHandler, ProgramLifecycleHttpHandler, StreamHandler in 3.4), this interface will be used to check if an operation is authorized.

Code Block
themeConfluence
languagejava
titleAuthChecker Interface
firstline1
linenumberstrue
interface AuthCheckerAuthEnforcer {
	/**
     * ChecksEnforces ifauthorization afor userthe isspecified allowed{@link toPrincipal} performfor athe setspecified of{@link actionsAction} on an entity the specified {@link EntityId}.
     *
     * @param Principalprincipal the Principalprincipal that performs the actions. This could be a user, group or a role
     * @param entity the entity on which an action is being performed
     * @param action the action being performed
     * @throws AuthorizationException if the Principalprincipal is not authorized to perform action on the entity
     */
	void checkAuthorizedenforce(Principal Principal, Entity entity, Action action) throws AuthorizationException;
}

...

Code Block
themeConfluence
languagejava
titleAuthorizer Interface
firstline1
linenumberstrue
interface Authorizer extends AuthCheckerAuthEnforcer {
	/**
     * Grants a principal authorization to perform a set of actions on an entity.
     *
     * @param entity the entity on which an action is being performed
     * @param principal the Principal that performs the actions. This could be a user, group or a role
     * @param actions the set of actions to grant
     */
    void grant(EntityId entity, Principal principal, Set<Action> actions);

	/**
     * Grants a Principal authorization to perform all actions on an entity.
     *
     * @param entity the entity on which an action is being performed
     * @param principal the Principal that performs the actions. This could be a user, group or a role
     */
    void grant(EntityId entity, Principal principal, Set<Action> actions);
	/**
     * Revokes a principal's authorization to perform a set of actions on an entity.
     *
     * @param entity the entity on which an action is being performed
     * @param principal the principal that performs the actions. This could be a user, group or a role
     * @param actions the set of actions to revoke permissions on
     */
    void revoke(EntityId entity, Principal principal, Set<Action> actions);

	/**
     * Revokes a principal's authorization to perform any action on an entity.
     *
     * @param entity the entity on which an action is being performed
     * @param principal the principal that performs the actions. This could be a user, group or a role
     */
    void revoke(EntityId entity, Principal Principal);

    /**
     * Revokes all principals' authorization to perform any action on an entity.
     *
     * @param entity the entity on which an action is being performed
     */
    void revoke(EntityId entity);
}

...