Package org.openiam.srvc.am
Interface AuthorizationManagerWebService
-
- All Known Implementing Classes:
AuthorizationManagerWebServiceImpl
public interface AuthorizationManagerWebService
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description ResponsefixDataInconsistencies()This method should be called only from tests.Map<String,Boolean>getEntitlementMap(String userId, Set<String> resourceIds)based on the userId and resourceId, returns a map with the key being the resourceId, and the value being true/false.Set<GroupAuthorizationRight>getGroupsForUser(String userId)Set<OrganizationAuthorizationRight>getOrganizationsForUser(String userId)Set<ResourceAuthorizationRight>getResourcesForUser(String userId)Set<RoleAuthorizationRight>getRolesForUser(String userId)voidinvalidateUserEntitlementsFromCache(String userId)Invalidate user from local entitlements cachebooleanisMemberOfGroup(String userId, String groupId)booleanisMemberOfGroupWithRight(String userId, String groupId, String rightId)booleanisMemberOfOrganization(String userId, String organizationId)booleanisMemberOfOrganizationWithRight(String userId, String organizationId, String rightId)booleanisMemberOfRole(String userId, String roleId)booleanisMemberOfRoleWithRight(String userId, String roleId, String rightId)booleanisUserEntitledToResource(String userId, String resourceId)booleanisUserEntitledToResourceWithRight(String userId, String resourceId, String rightId)ResponserefreshCache()This method should be called only from tests.ResponserefreshEdgeIdCache()Refreshes the Edge ID Cache on all nodes Should only be called from tests.ResponseremoveExpiredEdges()This method should be called only from tests.
-
-
-
Method Detail
-
isUserEntitledToResource
boolean isUserEntitledToResource(String userId, String resourceId)
- Parameters:
userId-resourceId-- Returns:
- is the user entitled to this resource?
-
isMemberOfGroup
boolean isMemberOfGroup(String userId, String groupId)
- Parameters:
userId-groupId-- Returns:
- is the user a member of this group?
-
isMemberOfRole
boolean isMemberOfRole(String userId, String roleId)
- Parameters:
userId-roleId-- Returns:
- is the user a member of this role?
-
isMemberOfOrganization
boolean isMemberOfOrganization(String userId, String organizationId)
- Parameters:
userId-organizationId-- Returns:
- is the user a member of this organization?
-
isUserEntitledToResourceWithRight
boolean isUserEntitledToResourceWithRight(String userId, String resourceId, String rightId)
- Parameters:
userId-resourceId-rightId-- Returns:
- is the user entitled to this resource with the given right?
-
isMemberOfGroupWithRight
boolean isMemberOfGroupWithRight(String userId, String groupId, String rightId)
- Parameters:
userId-groupId-rightId-- Returns:
- is the user a member of this group with the given right?
-
isMemberOfRoleWithRight
boolean isMemberOfRoleWithRight(String userId, String roleId, String rightId)
- Parameters:
userId-roleId-rightId-- Returns:
- is the user a member of this role with the given right?
-
isMemberOfOrganizationWithRight
boolean isMemberOfOrganizationWithRight(String userId, String organizationId, String rightId)
- Parameters:
userId-organizationId-rightId-- Returns:
- is the user a member of this organization with the given right?
-
getResourcesForUser
Set<ResourceAuthorizationRight> getResourcesForUser(String userId)
- Parameters:
userId-- Returns:
- all resources for the requested user. No distinction is made between direct or hierarchial membership
-
getGroupsForUser
Set<GroupAuthorizationRight> getGroupsForUser(String userId)
- Parameters:
userId-- Returns:
- all groups for the requested user. No distinction is made between direct or hierarchial membership
-
getRolesForUser
Set<RoleAuthorizationRight> getRolesForUser(String userId)
- Parameters:
userId-- Returns:
- all roles for the requested user. No distinction is made between direct or hierarchial membership
-
getOrganizationsForUser
Set<OrganizationAuthorizationRight> getOrganizationsForUser(String userId)
- Parameters:
userId-- Returns:
- all organizations for the requested user. No distinction is made between direct or hierarchial membership
-
refreshCache
Response refreshCache()
This method should be called only from tests. It will rebuild the entire Entitlement Graph from scratch It refreshes the cache synchronously only on the current node
-
fixDataInconsistencies
Response fixDataInconsistencies()
This method should be called only from tests. It will fix any data inconsistencies.
-
removeExpiredEdges
Response removeExpiredEdges()
This method should be called only from tests. It will remove any expired edges
-
getEntitlementMap
Map<String,Boolean> getEntitlementMap(String userId, Set<String> resourceIds)
based on the userId and resourceId, returns a map with the key being the resourceId, and the value being true/false. True designates that the user is entitled to that resource, false designates that the user is not entitled to that resource- Parameters:
userId-resourceIds-- Returns:
-
invalidateUserEntitlementsFromCache
void invalidateUserEntitlementsFromCache(String userId)
Invalidate user from local entitlements cache- Parameters:
userId-
-
refreshEdgeIdCache
Response refreshEdgeIdCache()
Refreshes the Edge ID Cache on all nodes Should only be called from tests.- Returns:
-
-