com.ibm.mfp.server.security.external.checks

Interface SecurityCheck

  • All Superinterfaces:
    java.io.Externalizable, java.io.Serializable
    All Known Implementing Classes:
    ExternalizableSecurityCheck

    public interface SecurityCheck
extends java.io.Externalizable
    Represents server-side state of a security check.
    Security checks are kept in a distributed cache, and are stateful, so it's the responsibility of the implementor to handle the persistent state.

    • Method Summary

      Methods 
      Modifier and Type Method and Description
      void authorize(java.util.Set scope, java.util.Map credentials, HttpServletRequest request, AuthorizationResponse response)
      Request the given scope from this security check.
      SecurityCheckConfiguration createConfiguration(java.util.Properties properties)
      Create configuration object and populate fields from the given properties.
      long getExpiresAt()
      Get the expiration of the current state of the security check.
      int getInactivityTimeoutSec()
      Get the security check inactivity timeout, usually the configured value.
      void introspect(java.util.Set scope, IntrospectionResponse response)
      Make sure this check currently grants the requested scope.
      If the scope is granted, the implementation should add the granted scope, its expiration, and custom introspection data to the response parameter.
      void logout()
      Called upon explicit logout from this security check.
      void setContext(java.lang.String name, SecurityCheckConfiguration config, AuthorizationContext authorizationContext, RegistrationContext registrationContext)
      Initialize the security check with the context and configuration properties.

      • Methods inherited from interface java.io.Externalizable

        readExternal, writeExternal

    • Method Detail

      • createConfiguration

        SecurityCheckConfiguration createConfiguration(java.util.Properties properties)
        Create configuration object and populate fields from the given properties. Use errors and warnings maps to report problems.
        Called during deployment.
        Parameters:
        properties - the merged properties to read and validate
        Returns:
        new configuration object, not null

      • setContext

        void setContext(java.lang.String name,
              SecurityCheckConfiguration config,
              AuthorizationContext authorizationContext,
              RegistrationContext registrationContext)
        Initialize the security check with the context and configuration properties. This method is called after instantiation and also on each retrieve. The security checks should not keep the configuration data in the persistent state
        Parameters:
        name - name of the security check
        config - security check configuration created by SecurityCheck.createConfiguration(Properties)
        authorizationContext - provides access to the transient state of the calling client
        registrationContext - provides access to the persistent state of the calling client

      • getInactivityTimeoutSec

        int getInactivityTimeoutSec()
        Get the security check inactivity timeout, usually the configured value. 0 means no inactivity timeout defined for this check
        Returns:
        inactivity timeout in seconds, 0 if none

      • getExpiresAt

        long getExpiresAt()
        Get the expiration of the current state of the security check. No assumption is made about the meaning of the state (success, failure, or any other). After the expiration the state of the security check is lost.
        Returns:
        the time of expiration in millis

      • authorize

        void authorize(java.util.Set scope,
             java.util.Map credentials,
             HttpServletRequest request,
             AuthorizationResponse response)
        Request the given scope from this security check. The check can return success, challenge, or failure
        Parameters:
        scope - the requested scope, comes from the scope mapping processing. Usually should not be analyzed by the security check, except of the case of a custom check that knows exactly what scopes should be granted at any point.
        credentials - the credentials sent by the client - either as a challenge response or pre-emptively
        request - the pre-authorization or registration request sent by the client
        response - the response to which this check adds its success, challenge, or failure

      • introspect

        void introspect(java.util.Set scope,
              IntrospectionResponse response)
        Make sure this check currently grants the requested scope.
        If the scope is granted, the implementation should add the granted scope, its expiration, and custom introspection data to the response parameter. If the scope is not granted, the implementation should return silently.
        Parameters:
        scope - scope expected to be granted by this check
        response - the response to which this check adds its granted scope and custom introspection data

      • logout

        void logout()
        Called upon explicit logout from this security check. The implementation may choose to modify or delete its persistent (registered) state, or other custom logic.
        The transient state of this security check is destroyed automatically.
  • Summary: 
  • Nested | 
  • Field | 
  • Constr | 
  • Method
  • Detail: 
  • Field | 
  • Constr | 
  • Method


© Copyright IBM Corp. 2006, 2015. All Rights Reserved.