org.zalando.nakadi.plugin.api.authz

Interface AuthorizationService

public interface AuthorizationService

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	AuthorizationService.Operation

Method Summary

Modifier and Type	Method and Description
boolean	isAuthorizationAttributeValid(AuthorizationAttribute attribute) Check whether an attribute is valid.
boolean	isAuthorized(Subject subject, AuthorizationService.Operation operation, Resource resource) Check whether a caller, represented by a token, is authorized to perform an operation on a resource.

Method Detail

isAuthorized

boolean isAuthorized(Subject subject,
                     AuthorizationService.Operation operation,
                     Resource resource)
              throws PluginException

Check whether a caller, represented by a token, is authorized to perform an operation on a resource.

Parameters:

subject - The subject that performs the operation on the resource

operation - the operation (read, write, admin) to authorize

resource - the resource that the subject wants to perform an operation on

Returns:

true if the subject, is authorized to perform the operation on the resource

Throws:

PluginException - if an error occurred during execution

isAuthorizationAttributeValid

boolean isAuthorizationAttributeValid(AuthorizationAttribute attribute)
                               throws PluginException

Check whether an attribute is valid. Example: Take an attribute with key 'username' and value 'nakadi'. A plugin implementing this method could check that (a) 'username' is an accepted key, and (b) 'nakadi' is a username that exists and is active.

Parameters:

attribute - the attribute to validate

Returns:

true if the attribute is valid

Throws:

PluginException - if an error occurred during execution