Package ch.admin.bag.covidcertificate.authorization

Interface AuthorizationService

All Known Implementing Classes:
AuthorizationServiceImpl, MockAuthorizationServiceImpl
public interface AuthorizationService

  • Field Details

  • Method Details

    • getCurrent

      Set<String> getCurrent(String service, List<String> rawRoles)
      Returns all permitted functions by given roles at given service. This permission is bound to time and may change during time.
      Parameters:
      service - the requesting service
      rawRoles - the current roles of the user (either from eIAM or from Claim)
      Returns:
      list of permitted functions

    • getDefinition

      ServiceData getDefinition(String service)
      Returns the definition of given service.
      Parameters:
      service - the requesting service
      Returns:
      the service's definition

    • getRoleMapping

      List<RoleData> getRoleMapping()
      Returns the role mapping.

      Roles consist of different perspectives. The mapping aligns them:

      • claim = role name used in JWT tokens
      • eiam = role name used in eIAM
      • intern = role name used in this libraries function permissions
      Returns:
      the mapping for the supported roles

    • isUserPermitted

      boolean isUserPermitted(Collection<String> rawRoles)
      Returns true if the user based upon his roles is permitted to generally use the application.
      Parameters:
      rawRoles - the current roles of the user (either from eIAM or from Claim)
      Returns:
      true if permitted, otherwise false

    • identifyFunction

      List<ServiceData.Function> identifyFunction(String service, String uri, String httpMethod)
      Returns a list of ServiceData.Function that match given uri and http method.

      A single entry is a trustful identification, more or less than that indicates that the identification is NOT trustworthy.

      Parameters:
      service - identifies the current service
      uri - the uri the function has to match
      httpMethod - the http method the function has to match
      Returns:
      List of ServiceData.Function that match given uri and http method

    • isGranted

      boolean isGranted(Set<String> rawRoles, ServiceData.Function function)
      Returns true for given function if the one-of setting contains the role needed for the function to be accessed. If one-of isn't configured false will be returned.
      Parameters:
      rawRoles - the current roles of the user (either from eIAM or from Claim)
      function - the function to check
      Returns:
      true for given function if the one-of setting contains the role needed for the function to be accessed. If one-of isn't configured false will be returned.

    • mapRawRoles

      Set<String> mapRawRoles(Collection<String> rawRoles)
      Returns a set with the role names as expected by the ServiceData.Function.
      Parameters:
      rawRoles - the current roles of the user (either from eIAM or from Claim)
      Returns:
      List with role names