Examples of Authorization

• com.Yasna.forum.Authorization
  Proves that a user has successfully logged in. The existence of an Authorization object indicates that a person has logged in correctly and has authentication to act as the user associated with the authentication. An instance of this object can be obtained from an AuthorizationFactory and must be passed in to to get an intstance of ForumFactory.

  In the case of using the core forum services through a web interface, the expected behavior is to have a user login and then store the Authorization object in their session.

  (Note by Matt) It's my opinion that this authorization method needs better security. At the moment, this method is certainly ok if forum skins can be trusted. However, the security goal has always been to protect as much as possible against malicious skins. Therefore, the implementation of this class will be changed in the near future to use signed objects. Some thought will have to be given to a public/private key management system, so I'm going to delay implementing it for now. This means -- be sure you can trust your skins!! @see AuthorizationFactory @see ForumFactory

• com.almende.eve.entity.calendar.Authorization
• com.centraview.administration.authorization.Authorization
  This is remote interface which is called from client
• com.cosmo.security.auth.Authorization
  Interface que deben implementar los agentes de autorizaci�n. @author Gerard Llort
• com.github.zhangkaitao.shiro.chapter23.entity.Authorization

  User: Zhang Kaitao

  Date: 14-3-13

  Version: 1.0

• com.sshtools.common.configuration.Authorization
  @author $author$ @version $Revision: 1.12 $
• com.wordnik.swagger.model.Authorization
• facebook4j.auth.Authorization
  An interface represents credentials. @author Ryuji Yamashita - roundrop at gmail.com
• gov.nist.javax.sip.header.Authorization
  Authorization SIP header. @see ProxyAuthorization @author M. Ranganathan NIST/ITL/ANTD
  @version 1.2 $Revision: 1.6 $ $Date: 2009-07-17 18:57:27 $
• org.apache.jmeter.protocol.http.control.Authorization
  This class is an Authorization encapsulator.
• org.camunda.bpm.engine.authorization.Authorization

  An {@link Authorization} assigns a set of {@link Permission Permissions}to an identity to interact with a given {@link Resource}.

  EXAMPLES:

  • User 'jonny' is authorized to start new instances of the 'invoice' process
  • Group 'marketing' is not authorized to cancel process instances.
  • Group 'marketing' is not allowed to use the tasklist application.
  • Nobody is allowed to edit process variables in the cockpit application, except the distinct user 'admin'.

  Identities

  camunda BPM distinguished two types of identities: users and groups. Authorizations can either range over all users (userId = {@link #ANY}), an individual {@link User} or a {@link Group} of users.

  Permissions

  A {@link Permission} defines the way an identity is allowed to interactwith a certain resource. Examples of permissions are {@link Permissions#CREATE CREATE}, {@link Permissions#READ READ}, {@link Permissions#UPDATE UPDATE}, {@link Permissions#DELETE DELETE}, ... See {@link Permissions} for a set ofbuilt-in permissions.

  A single authorization object may assign multiple permissions to a single user and resource:

   authorization.addPermission(Permissions.READ); authorization.addPermission(Permissions.WRITE); authorization.addPermission(Permissions.DELETE); 

  On top of the built-in permissions, camunda BPM allows using custom permission types.

  Resources

  Resources are the entities the user interacts with. Examples of resources are {@link Resources#GROUP GROUPS}, {@link Resources#USER USERS}, process-definitions, process-instances, tasks ... See {@link Resources} for a setof built-in resource. The camunda BPM framework supports custom resources.

  Authorization Type

  There are three types of authorizations:

  • Global Authorizations ( {@link #AUTH_TYPE_GLOBAL}) range over all users and groups (userId = {@link #ANY}) and are usually used for fixing the "base" permission for a resource.
  • Grant Authorizations ( {@link #AUTH_TYPE_GRANT}) range over users and groups and grant a set of permissions. Grant authorizations are commonly used for adding permissions to a user or group that the global authorization revokes.
  • Revoke Authorizations ( {@link #AUTH_TYPE_REVOKE}) range over users and groups and revoke a set of permissions. Revoke authorizations are commonly used for revoking permissions to a user or group the the global authorization grants.

  Authorization Precedence

  Authorizations may range over all users, an individual user or a group of users or . They may apply to an individual resource instance or all instances of the same type (resourceId = {@link #ANY}). The precedence is as follows:

  1. An authorization applying to an individual resource instance preceds over an authorization applying to all instances of the same resource type.
  2. An authorization for an individual user preceds over an authorization for a group.
  3. A Group authorization preced over a {@link #AUTH_TYPE_GLOBAL GLOBAL} authorization.
  4. A Group {@link #AUTH_TYPE_REVOKE REVOKE} authorization preced over a Group{@link #AUTH_TYPE_GRANT GRANT} authorization.

  @author Daniel Meyer @since 7.0
• org.cipango.sip.security.Authorization
• org.eclipse.egit.github.core.Authorization
• org.fcrepo.server.security.Authorization
  @author Bill Niebel
• org.globus.gsi.gssapi.auth.Authorization
• org.glyptodon.guacamole.net.basic.auth.Authorization
  Mapping of username/password pair to configuration set. In addition to basic storage of the username, password, and configurations, this class also provides password validation functions. @author Mike Jumper
• org.mortbay.jetty.client.security.Authorization
  Simple authentication interface that sets required fields on the exchange.
• org.nemesis.forum.Authorization
  Proves that a user has successfully logged in. The existence of an Authorization object indicates that a person has logged in correctly and has authentication to act as the user associated with the authentication. An instance of this object can be obtained from an AuthorizationFactory and must be passed in to to get an intstance of ForumFactory.

  In the case of using the core forum services through a web interface, the expected behavior is to have a user login and then store the Authorization object in their session.

  (Note by Matt) It's my opinion that this authorization method needs better security. At the moment, this method is certainly ok if forum skins can be trusted. However, the security goal has always been to protect as much as possible against malicious skins. Therefore, the implementation of this class will be changed in the near future to use signed objects. Some thought will have to be given to a public/private key management system, so I'm going to delay implementing it for now. This means -- be sure you can trust your skins!! @see AuthorizationFactory @see ForumFactory

• org.ofbiz.security.authz.Authorization
• org.osforce.connect.entity.oauth.Authorization
  ourceforce.org">开源力量
• org.osgi.service.useradmin.Authorization
  The {@code Authorization} interface encapsulates an authorization context onwhich bundles can base authorization decisions, where appropriate.

  Bundles associate the privilege to access restricted resources or operations with roles. Before granting access to a restricted resource or operation, a bundle will check if the {@code Authorization} object passed to it possessthe required role, by calling its {@code hasRole} method.

  Authorization contexts are instantiated by calling the {@link UserAdmin#getAuthorization(User)} method.

  Trusting Authorization objects

  There are no restrictions regarding the creation of {@code Authorization}objects. Hence, a service must only accept {@code Authorization} objects frombundles that has been authorized to use the service using code based (or Java 2) permissions.

  In some cases it is useful to use {@code ServicePermission} to do the codebased access control. A service basing user access control on {@code Authorization} objects passed to it, will then require that a callingbundle has the {@code ServicePermission} to get the service in question. Thisis the most convenient way. The OSGi environment will do the code based permission check when the calling bundle attempts to get the service from the service registry.

  Example: A servlet using a service on a user's behalf. The bundle with the servlet must be given the {@code ServicePermission} to get the Http Service.

  However, in some cases the code based permission checks need to be more fine-grained. A service might allow all bundles to get it, but require certain code based permissions for some of its methods.

  Example: A servlet using a service on a user's behalf, where some service functionality is open to anyone, and some is restricted by code based permissions. When a restricted method is called (e.g., one handing over an {@code Authorization} object), the service explicitly checks that the callingbundle has permission to make the call. @noimplement @author $Id: 4786641d1725f18fb3bc160059d7f8b28e46bbab $

• org.thymeleaf.extras.springsecurity3.auth.Authorization
  @author Daniel Fernández
• tigase.xmpp.Authorization
• twitter4j.auth.Authorization
  An interface represents credentials. @author Yusuke Yamamoto - yusuke at mac.com

Examples of com.centraview.administration.authorization.Authorization

        remote.updateActivity(activityVO, IndividualId);

        AuthorizationHome authHome = (AuthorizationHome)CVUtility.getHomeObject(
            "com.centraview.administration.authorization.AuthorizationHome", "Authorization");
        Authorization authRemote = authHome.create();
        authRemote.setDataSource(dataSource);

        Vector vectOptional = ((ActivityForm)form).getActivityAttendeeOptionalVector();
        Vector vectRequired = ((ActivityForm)form).getActivityAttendeeRequiredVector();
        Iterator iterOptional = null;
        Iterator iterRequired = null;

        int l1 = 0, l2 = 0, arrIndex = 0;
        if (vectOptional != null) {
          iterOptional = vectOptional.iterator();
          l1 = vectOptional.size();
        }

        if (vectRequired != null) {
          iterRequired = vectRequired.iterator();
          l2 = vectRequired.size();
        }

        int arrView[] = new int[l1 + l2];
        int arrBlank[] = {};

        if (iterRequired != null) {
          while (iterRequired.hasNext()) {
            DDNameValue nvalue = (DDNameValue)iterRequired.next();
            String strID = nvalue.getStrid();
            String arrStrings[] = strID.split("#");
            strID = arrStrings[0].trim();
            int id = Integer.parseInt(strID);
            arrView[arrIndex++] = id;
          }
        }

        if (iterOptional != null) {
          while (iterOptional.hasNext()) {
            DDNameValue nvalue = (DDNameValue)iterOptional.next();
            String strID = nvalue.getStrid();
            String arrStrings[] = strID.split("#");
            strID = arrStrings[0].trim();
            int id = Integer.parseInt(strID);
            arrView[arrIndex++] = id;
          }
        }

        request.setAttribute(ConstantKeys.TYPEOFOPERATION, ConstantKeys.EDIT);
        String activityVisibility = ((ActivityForm)form).getActivityVisibility();

        if (activityVisibility != null && activityVisibility.equals("PRIVATE")) {
          authRemote.saveRecordPermission(IndividualId, 0, "Activities", activityID, arrView,
              arrBlank, arrBlank);
        }

        if (activityVisibility != null && activityVisibility.equals("PUBLIC")) {
          authRemote.saveRecordPermission(IndividualId, -1, "Activities", activityID, arrView,
              arrBlank, arrBlank);
        }
      } catch (Exception e) {
        logger.error("[Exception] EditActivityHandler.Execute Handler ", e);
      }

Examples of com.centraview.administration.authorization.Authorization

        // thats why we will disable the Edit button
        boolean editFlag = false;
        if(fVO.getStatus() != null && fVO.getStatus().equals("PUBLISH")){
          AuthorizationHome homeAuthorization = (AuthorizationHome)CVUtility.getHomeObject("com.centraview.administration.authorization.AuthorizationHome", "Authorization");
          try{
            Authorization remoteAuthorization = homeAuthorization.create();
            remoteAuthorization.setDataSource(dataSource);
            editFlag = remoteAuthorization.canPerformRecordOperation(individualID, "FAQ", faqId, ModuleFieldRightMatrix.UPDATE_RIGHT);
          }
          catch (Exception e)
          {
            logger.error("[Exception] [ViewFaqHandler.execute Calling Authorization]  ", e);
            FORWARD_final = GLOBAL_FORWARD_failure;

Examples of com.centraview.administration.authorization.Authorization

        userObject = remote.getUserObject(individualId, firstName, lastName, userType);
        userObject.setLoginName(username);

        // In a certain case we will need a blank rights matrix, so prepare the remote connection now.
        AuthorizationHome ah = (AuthorizationHome)CVUtility.getHomeObject("com.centraview.administration.authorization.AuthorizationHome","Authorization");
        Authorization authorizationRemote = ah.create();
        authorizationRemote.setDataSource(dataSource);

        if (remember.equals("on")) {
          // the "Remember Me" cookie contains the a string in the format
          // "<userName>/<password>". This string is then encrypted.
          // We should probably store the SHA1 of the password, this is a major security risk!!
          // TODO: encode the SHA1 of the password in the cookie content, and not the password itself.
          // and write the corresponding login method to take the SHA1 directly.
          String cookieContent = username + "/" + password;
          String encodedString = Base64.encode(cookieContent.getBytes());
          Cookie rememberMeCookie = new Cookie("CVRMID", encodedString);
          // set the expire time - to the largest int possible
          rememberMeCookie.setMaxAge(2147483647);
          rememberMeCookie.setPath("/");
          response.addCookie(rememberMeCookie);
        }

        // get the real mfrm and put it on the UserObject
        mfrm = authorizationRemote.getUserSecurityProfileMatrix(individualId);
        up = userObject.getUserPref();
        up.setModuleAuthorizationMatrix(mfrm);
        userObject.setUserPref(up);
        session.setAttribute("userobject",userObject);

Examples of com.centraview.administration.authorization.Authorization

      boolean editFlag = false;
      if (kVO.getStatus() != null && kVO.getStatus().equals("PUBLISH")) {
        AuthorizationHome homeAuthorization = (AuthorizationHome)CVUtility.getHomeObject(
            "com.centraview.administration.authorization.AuthorizationHome", "Authorization");
        try {
          Authorization remoteAuthorization = homeAuthorization.create();
          remoteAuthorization.setDataSource(dataSource);
          editFlag = remoteAuthorization.canPerformRecordOperation(individualID, "KnowledgeBase",
              kbId, ModuleFieldRightMatrix.UPDATE_RIGHT);
        } catch (Exception e) {
          logger.error("[Exception] [ViewKnowledgebaseHandler.execute Calling Authorization]  ", e);
        }
      } else if (individualID == ownerID) {

Examples of com.centraview.administration.authorization.Authorization

      try
      {
        // check to see if the user has the right to update this record
        AuthorizationHome authHome = (AuthorizationHome)CVUtility.getHomeObject("com.centraview.administration.authorization.AuthorizationHome", "Authorization");
        Authorization authRemote = (Authorization)authHome.create();

        if (! authRemote.canPerformRecordOperation(individualID, "Individual", contactID, 10))
        {
          writer.print("FAIL: You do not have permission to delete this record.");
          return(null);
        }
      }catch(Exception e){

Examples of com.centraview.administration.authorization.Authorization

      remote.setDataSource(dataSource);

      try {
        // check to see if the user has the right to update this record
        AuthorizationHome authHome = (AuthorizationHome)CVUtility.getHomeObject("com.centraview.administration.authorization.AuthorizationHome", "Authorization");
        Authorization authRemote = (Authorization)authHome.create();

        if (! authRemote.canPerformRecordOperation(individualID, "Individual", contactID, 20)) {
          return(null);
        }
      }catch(Exception e){
        System.out.println("[Exception][SyncContactEdit] Exception thrown in editContact(2): " + e);
        //e.printStackTrace();

Examples of com.centraview.administration.authorization.Authorization

public class AdvancedSearchUtil {
  private static Logger logger = Logger.getLogger(AdvancedSearchUtil.class);

  public static String getModuleId(String moduleName, String dataSource) throws Exception
  {
    Authorization remoteAuthorization = null;
    try {
      AuthorizationHome AuthorizationHome = (AuthorizationHome) CVUtility.getHomeObject(
          "com.centraview.administration.authorization.AuthorizationHome", "Authorization");
      remoteAuthorization = AuthorizationHome.create();
      remoteAuthorization.setDataSource(dataSource);
    } catch (Exception e) {
      logger.error("[getModuleId]: Exception getting EJB connection.", e);
      throw new Exception(e);
    }

    String moduleId = remoteAuthorization.getModuleIdByPrimaryTable(moduleName);
    return moduleId;
  } // end getModuleId

Examples of com.centraview.administration.authorization.Authorization

        try {

          AuthorizationHome aa = (AuthorizationHome)CVUtility.getHomeObject(
              "com.centraview.administration.authorization.AuthorizationHome", "Authorization");
          Authorization remote = (Authorization)aa.create();
          remote.setDataSource(this.dataSource);

          returnDL = remote.getSecurityProfileList(userID, hm);

        } catch (Exception e) {
          System.out.println("[Exception][MarketingListEJB] Exception thrown in x: " + e);
        }

Examples of com.centraview.administration.authorization.Authorization

    hm.put("sortType", new Character(paramDL.getSortType()));

    try {
      AuthorizationHome aa = (AuthorizationHome)CVUtility.getHomeObject(
          "com.centraview.administration.authorization.AuthorizationHome", "Authorization");
      Authorization remote = (Authorization)aa.create();
      remote.setDataSource(this.dataSource);
      returnDL = remote.getSecurityProfileList(userid, hm);

    } catch (Exception e) {
      System.out.println("[Exception][MarketingListEJB] Exception thrown in x: " + e);
    }

Examples of com.cosmo.security.auth.Authorization

    * @throws AuthorizationException
    */
   public UserSession(Workspace workspace, String login, String pwd) throws UserNotFoundException, AuthenticationException, AuthorizationException
   {
      Authentication authenticator = null;
      Authorization authorizator = null;

      initialize();

      this.workspace = workspace;

      // Instancia el proveedor de autenticaci�n
      authenticator = AuthenticationFactory.getInstance(workspace);

      if (authenticator != null)
      {
         // Autenticaci�n
         this.currentUser = authenticator.login(login, pwd);

         try
         {
            // Instancia el proveedor de seguridad
            authorizator = AuthorizationFactory.getInstance(workspace);

            // Obtiene las pol�ticas de autorizaci�n para el usuario autenticado
            this.securityInfo = authorizator.getAuthorizationData(login);
         }
         catch (AuthorizationException ex)
         {
            // Crea una pol�tica de autorizaciones vac�a
            this.securityInfo = new UserSecurityPolicy();