View Javadoc
1   package io.oasp.module.security.common.api.accesscontrol;
2   
3   import java.util.Set;
4   
5   /**
6    * This is the interface for a provider of {@link AccessControl}s. It allows to
7    * {@link #collectAccessControlIds(String, Set) collect} all {@link AccessControl}s for an ID of a {@link AccessControl}
8    * (typically a {@link AccessControlGroup} or role). This is used to expand the groups provided by the access-manager
9    * (authentication and identity-management) to the full set of {@link AccessControlPermission permissions} of the
10   * {@link java.security.Principal user}.<br/>
11   * The actual authorization can then check individual permissions of the user by simply checking for
12   * {@link Set#contains(Object) contains} in the collected {@link Set}, what is very fast as security checks happen
13   * frequently.
14   *
15   * @see PrincipalAccessControlProvider
16   *
17   * @author hohwille
18   */
19  public interface AccessControlProvider {
20  
21    /**
22     * @param id is the {@link AccessControl#getId() ID} of the requested {@link AccessControl}.
23     * @return the requested {@link AccessControl} or {@code null} if not found.
24     */
25    AccessControl getAccessControl(String id);
26  
27    /**
28     * This method collects the {@link AccessControl#getId() IDs} of all {@link AccessControlPermission}s (or more
29     * precisely of all {@link AccessControl}s) contained in the {@link AccessControl} {@link AccessControl#getId()
30     * identified} by the given <code>groupId</code>.
31     *
32     * @see #collectAccessControls(String, Set)
33     *
34     * @param id is the {@link AccessControl#getId() ID} of the {@link AccessControl} (typically an
35     *        {@link AccessControlGroup}) to collect.
36     * @param permissions is the {@link Set} where to {@link Set#add(Object) add} the collected
37     *        {@link AccessControl#getId() IDs}. This will include the given <code>groupId</code>.
38     * @return {@code true} if the given <code>groupId</code> has been found, {@code false} otherwise.
39     */
40    boolean collectAccessControlIds(String id, Set<String> permissions);
41  
42    /**
43     * This method collects the {@link AccessControl}s contained in the {@link AccessControl}
44     * {@link AccessControl#getId() identified} by the given <code>groupId</code>.
45     *
46     * @param id is the {@link AccessControl#getId() ID} of the {@link AccessControl} (typically an
47     *        {@link AccessControlGroup}) to collect.
48     * @param permissions is the {@link Set} where to {@link Set#add(Object) add} the collected {@link AccessControl}s.
49     *        This will include the {@link AccessControl} {@link AccessControl#getId() identified} by the given
50     *        <code>groupId</code>.
51     * @return {@code true} if the given <code>groupId</code> has been found, {@code false} otherwise.
52     */
53    boolean collectAccessControls(String id, Set<AccessControl> permissions);
54  
55  }