Examples of AuthorizationManager

• com.bitmovers.maui.engine.AuthorizationManager
  This is used to match up license levels with allowed activities.
• com.ecyrd.jspwiki.auth.AuthorizationManager

  Manages all access control and authorization; determines what authenticated users are allowed to do.

  Privileges in JSPWiki are expressed as Java-standard {@link java.security.Permission}classes. There are two types of permissions:

  • {@link com.ecyrd.jspwiki.auth.permissions.WikiPermission} - privileges that applyto an entire wiki instance: e.g., editing user profiles, creating pages, creating groups
  • {@link com.ecyrd.jspwiki.auth.permissions.PagePermission} - privileges that applyto a single wiki page or range of pages: e.g., reading, editing, renaming

  Calling classes determine whether they are entitled to perform a particular action by constructing the appropriate permission first, then passing it and the current {@link com.ecyrd.jspwiki.WikiSession} to the{@link #checkPermission(WikiSession,Permission)} method. If the session'sSubject possesses the permission, the action is allowed.

  For WikiPermissions, the decision criteria is relatively simple: the caller either possesses the permission, as granted by the wiki security policy -- or not.

  For PagePermissions, the logic is exactly the same if the page being checked does not have an access control list. However, if the page does have an ACL, the authorization decision is made based the union of the permissions granted in the ACL and in the security policy. In other words, the user must be named in the ACL (or belong to a group or role that is named in the ACL) and be granted (at least) the same permission in the security policy. We do this to prevent a user from gaining more permissions than they already have, based on the security policy.

  See the {@link #checkPermission(WikiSession,Permission)} and{@link #hasRoleOrPrincipal(WikiSession,Principal)} methods for more informationon the authorization logic.

  @author Andrew Jaquith @since 2.3 @see AuthenticationManager
• com.google.enterprise.connector.spi.AuthorizationManager
  Authorization Manager. All calls related to authorizing particular users to see particular documents pass through this interface. @since 1.0
• com.vmware.vim25.mo.AuthorizationManager
  blecloud.org)
• de.iritgo.aktera.authorization.AuthorizationManager
  An AuthorizationManager is a service that is able to determine if the specified operation is allowed for the given user. How it determines this is entirely up to the implementation of the security manager. It is possible that a security manager implementation may "nest" other security managers - e.g. call other security managers and make sure that they all agree that the user has access to the given operation. @author Michael Nash
• es.ipsa.atril.sec.user.AuthorizationManager
• io.undertow.servlet.api.AuthorizationManager
  Authorization manager. The servlet implementation delegates all authorization checks to this interface. @author Stuart Douglas
• org.apache.isis.core.runtime.authorization.AuthorizationManager
  Authorises the user in the current session view and use members of an object.
• org.apache.wiki.auth.AuthorizationManager

  Manages all access control and authorization; determines what authenticated users are allowed to do.

  Privileges in JSPWiki are expressed as Java-standard {@link java.security.Permission}classes. There are two types of permissions:

  • {@link org.apache.wiki.auth.permissions.WikiPermission} - privileges that applyto an entire wiki instance: e.g., editing user profiles, creating pages, creating groups
  • {@link org.apache.wiki.auth.permissions.PagePermission} - privileges that applyto a single wiki page or range of pages: e.g., reading, editing, renaming

  Calling classes determine whether they are entitled to perform a particular action by constructing the appropriate permission first, then passing it and the current {@link org.apache.wiki.WikiSession} to the{@link #checkPermission(WikiSession,Permission)} method. If the session'sSubject possesses the permission, the action is allowed.

  For WikiPermissions, the decision criteria is relatively simple: the caller either possesses the permission, as granted by the wiki security policy -- or not.

  For PagePermissions, the logic is exactly the same if the page being checked does not have an access control list. However, if the page does have an ACL, the authorization decision is made based the union of the permissions granted in the ACL and in the security policy. In other words, the user must be named in the ACL (or belong to a group or role that is named in the ACL) and be granted (at least) the same permission in the security policy. We do this to prevent a user from gaining more permissions than they already have, based on the security policy.

  See the {@link #checkPermission(WikiSession,Permission)} and{@link #hasRoleOrPrincipal(WikiSession,Principal)} methods for more informationon the authorization logic.

  @since 2.3 @see AuthenticationManager
• org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager
  @author Daniel Meyer
• org.infinispan.security.AuthorizationManager
  The AuthorizationManager is a cache-scoped component which verifies that the {@link Subject}associated with the current {@link AccessControlContext} has the requested permissions. @author Tristan Tarrant @since 7.0
• org.jboss.security.AuthorizationManager
  Generalized Authorization Manager Interface.
  
  Replaces the legacy RealmMapping interface @see org.jboss.security.RealmMapping @author Anil Saldhana @since Jan 2, 2006 @version $Revision: 68778 $
• org.sonatype.security.authorization.AuthorizationManager
  A DAO for Roles and Privileges comming from a given source. @author Brian Demers
• org.uberfire.security.authz.AuthorizationManager
• org.wso2.carbon.user.api.AuthorizationManager
• org.wso2.carbon.user.core.AuthorizationManager

Examples of org.jboss.security.AuthorizationManager

    @return The Set<Principal> for the application domain roles that the
    principal has been assigned.
   */
   public Set<Principal> getUserRoles(Principal principal)
   {
      AuthorizationManager am = SecurityUtil.getAuthorizationManager(securityDomain,
            SecurityConstants.JAAS_CONTEXT_ROOT);
      return am.getUserRoles(principal);
   }

Examples of org.sonatype.security.authorization.AuthorizationManager

    PrivilegeStatusResourceResponse result = new PrivilegeStatusResourceResponse();

    Privilege priv = null;

    try {
      AuthorizationManager authzManager = getSecuritySystem().getAuthorizationManager(PRIVILEGE_SOURCE);
      priv = authzManager.getPrivilege(getPrivilegeId(request));
    }
    catch (NoSuchPrivilegeException e) {
      throw new ResourceException(Status.CLIENT_ERROR_NOT_FOUND, "Privilege could not be found.");
    }
    catch (NoSuchAuthorizationManagerException e) {

Examples of org.uberfire.security.authz.AuthorizationManager

        final String forceURL = getForceURL( options );
        final AuthenticationScheme authScheme = getAuthenticationScheme( options );
        final AuthenticationManager authManager = getAuthenticationManager( options );
        final AuthenticationProvider authProvider = getAuthenticationProvider( options );
        final ResourceManager resourceManager = getResourceManager( options );
        final AuthorizationManager authzManager = getAuthorizationManager( options );
        final VotingStrategy urlVotingStrategy = getURLVotingStrategy( options );
        final ResourceDecisionManager accessDecisionManager = getURLAccessDecisionManager( options );
        final RoleDecisionManager roleDecisionManager = getRoleDecisionManager( options );
        final RoleProvider roleProvider = getRoleProvider( options );
        final SubjectPropertiesProvider propertiesProvider = getPropertiesProvider( options );

Examples of org.wso2.carbon.user.api.AuthorizationManager

     * @throws MessageBoxException if fails to check authorizations
     */
    public boolean isAuthorized(String messageBoxId, String operation) throws MessageBoxException {
        String loggedInUser = UserCoreUtil.getTenantLessUsername(CarbonContext.getCurrentContext().getUsername());
        try {
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();

            String messageBoxPath = MessageBoxConstants.MB_MESSAGE_BOX_STORAGE_PATH + "/" +
                                    messageBoxId;

            return authorizationManager.isUserAuthorized(loggedInUser, messageBoxPath, operation);
        } catch (UserStoreException e) {
            String error = "Failed to check is " + loggedInUser + " authorized to " + operation +
                           " to " + messageBoxId;
            log.error(error);
            throw new MessageBoxException(error, e);

Examples of org.wso2.carbon.user.api.AuthorizationManager

    }

    public boolean isUserAuthorized(String userName, String messageBoxId, String operation)
            throws MessageBoxException {
        try {
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();

            String messageBoxPath = MessageBoxConstants.MB_MESSAGE_BOX_STORAGE_PATH + "/" +
                                    messageBoxId;

            return authorizationManager.isUserAuthorized(userName, messageBoxPath, operation);
        } catch (UserStoreException e) {
            String error = "Failed to check is " + userName + " authorized to " + operation +
                           " to " + messageBoxId;
            log.error(error);
            throw new MessageBoxException(error, e);

Examples of org.wso2.carbon.user.api.AuthorizationManager

     * @throws MessageBoxException if failed to apply permissions
     */
    public void addPermission(String messageBoxId, PermissionLabel permissionLabel)
            throws MessageBoxException {
        try {
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();

            String messageBoxPath = MessageBoxConstants.MB_MESSAGE_BOX_STORAGE_PATH + "/" +
                                    messageBoxId;

            for (String sharedUser : permissionLabel.getSharedUsers()) {
                for (String operation : permissionLabel.getOperations()) {
                    authorizationManager.authorizeUser(sharedUser, messageBoxPath, operation);
                }
            }
        } catch (UserStoreException e) {
            String error = "Failed to add permissions to " + messageBoxId + " with permission label "
                           + permissionLabel.getLabelName();

Examples of org.wso2.carbon.user.core.AuthorizationManager

            // Check whether the system dashboard is already available if not populate
            UserRegistry registry = DashboardPopulatorContext.getRegistry(tenantId);

            // Set permission for annonymous read. We do it here because it should happen always in order
            // to support mounting a remote registry.
            AuthorizationManager accessControlAdmin =
                    registry.getUserRealm().getAuthorizationManager();

            if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                    GadgetPopulator.SYSTEM_GADGETS_PATH, ActionConstants.GET)) {
                accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                        GadgetPopulator.SYSTEM_GADGETS_PATH, ActionConstants.GET);
            }

            String serverName = CarbonUtils.getServerConfiguration().getFirstProperty("Name");

Examples of org.wso2.carbon.user.core.AuthorizationManager

            UserRegistry uReg = (UserRegistry) registry;

            // Creating the default gadget collection resource
            Collection defaultGadgetCollection = registry.newCollection();
            // Set permission for annonymous read
            AuthorizationManager authorizationManager = uReg.getUserRealm().getAuthorizationManager();
            authorizationManager.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                    SYSTEM_GS_GADGETS_PATH, ActionConstants.GET);

            /*authorizationManager.authorizeRole(RegistryConstants.GUESTS_ROLE,
                                             SYSTEM_GS_GADGETS_PATH, ActionConstants.GET);*/

Examples of org.wso2.carbon.user.core.AuthorizationManager

            // Set permission for anonymous read. We do it here because it should happen always in order
            // to support mounting a remote registry.

            if (registry != null) {
                AuthorizationManager accessControlAdmin =
                        registry.getUserRealm().getAuthorizationManager();

                if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                        REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET)) {
                    accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                            REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET);
                }

                File gadgetsDir = new File(extractedArchiveDir);
                if (gadgetsDir.exists()) {

Examples of org.wso2.carbon.user.core.AuthorizationManager

                    }

                    // Set permission for anonymous read. We do it here because it should happen always in order
                    // to support mounting a remote registry.
                    UserRegistry userRegistry = getRegistry(tenantId);
                    AuthorizationManager accessControlAdmin =
                            userRegistry.getUserRealm().getAuthorizationManager();

                    if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                            REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET)) {
                        accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                                REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET);
                    }

                    // recurse
                    transferDirectoryContentToRegistry(file, registry, rootPath, tenantId);