Examples of AuthorizationManager

• com.bitmovers.maui.engine.AuthorizationManager
  This is used to match up license levels with allowed activities.
• com.ecyrd.jspwiki.auth.AuthorizationManager

  Manages all access control and authorization; determines what authenticated users are allowed to do.

  Privileges in JSPWiki are expressed as Java-standard {@link java.security.Permission}classes. There are two types of permissions:

  • {@link com.ecyrd.jspwiki.auth.permissions.WikiPermission} - privileges that applyto an entire wiki instance: e.g., editing user profiles, creating pages, creating groups
  • {@link com.ecyrd.jspwiki.auth.permissions.PagePermission} - privileges that applyto a single wiki page or range of pages: e.g., reading, editing, renaming

  Calling classes determine whether they are entitled to perform a particular action by constructing the appropriate permission first, then passing it and the current {@link com.ecyrd.jspwiki.WikiSession} to the{@link #checkPermission(WikiSession,Permission)} method. If the session'sSubject possesses the permission, the action is allowed.

  For WikiPermissions, the decision criteria is relatively simple: the caller either possesses the permission, as granted by the wiki security policy -- or not.

  For PagePermissions, the logic is exactly the same if the page being checked does not have an access control list. However, if the page does have an ACL, the authorization decision is made based the union of the permissions granted in the ACL and in the security policy. In other words, the user must be named in the ACL (or belong to a group or role that is named in the ACL) and be granted (at least) the same permission in the security policy. We do this to prevent a user from gaining more permissions than they already have, based on the security policy.

  See the {@link #checkPermission(WikiSession,Permission)} and{@link #hasRoleOrPrincipal(WikiSession,Principal)} methods for more informationon the authorization logic.

  @author Andrew Jaquith @since 2.3 @see AuthenticationManager
• com.google.enterprise.connector.spi.AuthorizationManager
  Authorization Manager. All calls related to authorizing particular users to see particular documents pass through this interface. @since 1.0
• com.vmware.vim25.mo.AuthorizationManager
  blecloud.org)
• de.iritgo.aktera.authorization.AuthorizationManager
  An AuthorizationManager is a service that is able to determine if the specified operation is allowed for the given user. How it determines this is entirely up to the implementation of the security manager. It is possible that a security manager implementation may "nest" other security managers - e.g. call other security managers and make sure that they all agree that the user has access to the given operation. @author Michael Nash
• es.ipsa.atril.sec.user.AuthorizationManager
• io.undertow.servlet.api.AuthorizationManager
  Authorization manager. The servlet implementation delegates all authorization checks to this interface. @author Stuart Douglas
• org.apache.isis.core.runtime.authorization.AuthorizationManager
  Authorises the user in the current session view and use members of an object.
• org.apache.wiki.auth.AuthorizationManager

  Manages all access control and authorization; determines what authenticated users are allowed to do.

  Privileges in JSPWiki are expressed as Java-standard {@link java.security.Permission}classes. There are two types of permissions:

  • {@link org.apache.wiki.auth.permissions.WikiPermission} - privileges that applyto an entire wiki instance: e.g., editing user profiles, creating pages, creating groups
  • {@link org.apache.wiki.auth.permissions.PagePermission} - privileges that applyto a single wiki page or range of pages: e.g., reading, editing, renaming

  Calling classes determine whether they are entitled to perform a particular action by constructing the appropriate permission first, then passing it and the current {@link org.apache.wiki.WikiSession} to the{@link #checkPermission(WikiSession,Permission)} method. If the session'sSubject possesses the permission, the action is allowed.

  For WikiPermissions, the decision criteria is relatively simple: the caller either possesses the permission, as granted by the wiki security policy -- or not.

  For PagePermissions, the logic is exactly the same if the page being checked does not have an access control list. However, if the page does have an ACL, the authorization decision is made based the union of the permissions granted in the ACL and in the security policy. In other words, the user must be named in the ACL (or belong to a group or role that is named in the ACL) and be granted (at least) the same permission in the security policy. We do this to prevent a user from gaining more permissions than they already have, based on the security policy.

  See the {@link #checkPermission(WikiSession,Permission)} and{@link #hasRoleOrPrincipal(WikiSession,Principal)} methods for more informationon the authorization logic.

  @since 2.3 @see AuthenticationManager
• org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager
  @author Daniel Meyer
• org.infinispan.security.AuthorizationManager
  The AuthorizationManager is a cache-scoped component which verifies that the {@link Subject}associated with the current {@link AccessControlContext} has the requested permissions. @author Tristan Tarrant @since 7.0
• org.jboss.security.AuthorizationManager
  Generalized Authorization Manager Interface.
  
  Replaces the legacy RealmMapping interface @see org.jboss.security.RealmMapping @author Anil Saldhana @since Jan 2, 2006 @version $Revision: 68778 $
• org.sonatype.security.authorization.AuthorizationManager
  A DAO for Roles and Privileges comming from a given source. @author Brian Demers
• org.uberfire.security.authz.AuthorizationManager
• org.wso2.carbon.user.api.AuthorizationManager
• org.wso2.carbon.user.core.AuthorizationManager

Examples of org.wso2.carbon.user.core.AuthorizationManager

        if (currentUserName == null) {
            //do nothing
        } else if (currentUserName.equals(targetUser)) {
            isAuthrized = true;
        } else {
            AuthorizationManager authorizer = realm.getAuthorizationManager();
            isAuthrized = authorizer.isUserAuthorized(currentUserName,
                    CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + "/manage/modify/user-profile",
                    "ui.execute");
        }
        return isAuthrized;
    }

Examples of org.wso2.carbon.user.core.AuthorizationManager

                if (!transactionStarted) {
                    registry.beginTransaction();
                }
                registry.removeAssociation(resourceUri, servicePath,
                        SecurityConstants.ASSOCIATION_SERVICE_SECURING_POLICY);
                AuthorizationManager acAdmin = realm.getAuthorizationManager();
                String[] roles = acAdmin.getAllowedRolesForResource(servicePath,
                        UserCoreConstants.INVOKE_SERVICE_PERMISSION);
                for (int i = 0; i < roles.length; i++) {
                    acAdmin.clearRoleAuthorization(roles[i], servicePath,
                            UserCoreConstants.INVOKE_SERVICE_PERMISSION);
                }

                Association[] kss = registry.getAssociations(RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                                                                 servicePath,

Examples of org.wso2.carbon.user.core.AuthorizationManager

            } else {
                trustedStores = new String[0];
            }

            if (userGroups != null) {
                AuthorizationManager acAdmin = realm.getAuthorizationManager();

                for (int i = 0; i < userGroups.length; i++) {
                    String value = userGroups[i];
                    acAdmin.authorizeRole(value, servicePath,
                            UserCoreConstants.INVOKE_SERVICE_PERMISSION);
                }
            }

            if (isRahasEngaged) {

Examples of org.wso2.carbon.user.core.AuthorizationManager

            data = new SecurityConfigData();

            String servicePath = RegistryResources.SERVICE_GROUPS
                    + service.getAxisServiceGroup().getServiceGroupName()
                    + RegistryResources.SERVICES + serviceName;
            AuthorizationManager acReader = realm.getAuthorizationManager();
            String[] roles = acReader.getAllowedRolesForResource(servicePath,
                    UserCoreConstants.INVOKE_SERVICE_PERMISSION);
            data.setUserGroups(roles);

            Association[] pvtStores = registry.getAssociations(servicePath,
                    SecurityConstants.ASSOCIATION_PRIVATE_KEYSTORE);

Examples of org.wso2.carbon.user.core.AuthorizationManager

            // Set permission for anonymous read. We do it here because it should happen always in order
            // to support mounting a remote registry.

            if (registry != null) {
                AuthorizationManager accessControlAdmin =
                        registry.getUserRealm().getAuthorizationManager();

                if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                        REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET)) {
                    accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                            REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET);
                }

                File gadgetsDir = new File(extractedArchiveDir);
                if (gadgetsDir.exists()) {

Examples of org.wso2.carbon.user.core.AuthorizationManager

                    }

                    // Set permission for anonymous read. We do it here because it should happen always in order
                    // to support mounting a remote registry.
                    UserRegistry userRegistry = getRegistry(tenantId);
                    AuthorizationManager accessControlAdmin =
                            userRegistry.getUserRealm().getAuthorizationManager();

                    if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                            REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET)) {
                        accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                                REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET);
                    }

                    // recurse
                    transferDirectoryContentToRegistry(file, registry, rootPath, tenantId);

Examples of org.wso2.carbon.user.core.AuthorizationManager

         try {
          requestContext.getRegistry().move(resourcePath, newresourcePath);
                if (!newRoles.equals("#") &&
                        requestContext.getRegistry().getRegistryContext() != null) {
                    try {
                        AuthorizationManager authManager = CurrentSession.getUserRealm().getAuthorizationManager();
                        authManager.clearResourceAuthorizations(newresourcePath);
                        String[] roles = newRoles.split(",");
                        for (String role: roles) {
                            String roleName = role.trim();
                            authManager.authorizeRole(roleName, newresourcePath,
                                    ActionConstants.GET);
                            authManager.authorizeRole(roleName, newresourcePath,
                                    ActionConstants.PUT);
                            authManager.authorizeRole(roleName, newresourcePath,
                                    ActionConstants.DELETE);
                        }
                    } catch (UserStoreException e) {
                        throw new RegistryException("Unable to setup roles for resource.", e);
                    }

Examples of org.wso2.carbon.user.core.AuthorizationManager

            // Creating the default gadget collection resource
            Collection defaultGadgetCollection = registry.newCollection();

            // Set permission for annonymous read
            AuthorizationManager accessControlAdmin =
                    registry.getUserRealm().getAuthorizationManager();

            if (!accessControlAdmin.isUserAuthorized(RegistryConstants.ANONYMOUS_USER,
                                             SYSTEM_GADGETS_PATH, ActionConstants.GET))  {
                accessControlAdmin.authorizeUser(RegistryConstants.ANONYMOUS_USER,
                                             SYSTEM_GADGETS_PATH, ActionConstants.GET);
            }
            try {
                registry.beginTransaction();
                registry.put(SYSTEM_GADGETS_PATH, defaultGadgetCollection);

Examples of org.wso2.carbon.user.core.AuthorizationManager

                    throw new RegistryException(e.getMessage(), e);
                }
            }

            try {
                AuthorizationManager ac = systemRegistry.getUserRealm().getAuthorizationManager();
                RealmConfiguration realmConfig;
                realmConfig = registryContext.getRealmService().getBootstrapRealmConfiguration();
                String systemUserName = CarbonConstants.REGISTRY_SYSTEM_USERNAME;


                ac.clearResourceAuthorizations("/system");

                ac.authorizeUser(systemUserName, "/system", ActionConstants.GET);
                ac.authorizeUser(systemUserName, "/system", ActionConstants.PUT);
                ac.authorizeUser(systemUserName, "/system", ActionConstants.DELETE);
                ac.authorizeUser(systemUserName, "/system", AccessControlConstants.AUTHORIZE);

                String adminUserName = CarbonConstants.REGISTRY_SYSTEM_USERNAME;

                ac.authorizeUser(adminUserName, "/system", ActionConstants.GET);

                String adminRoleName = realmConfig.getAdminRoleName();
                ac.authorizeRole(adminRoleName, "/system", ActionConstants.GET);

                // any user should be able to execute auto generated queries, though the results
                // of such queries are filtered to match current users permission level.
                String everyoneRoleName = realmConfig.getEveryOneRoleName();
                ac.authorizeRole(everyoneRoleName,
                        "/system/queries/advanced", ActionConstants.GET);

            } catch (UserStoreException e) {
                String msg = "Failed to set permissions for the system collection.";
                log.fatal(msg, e);

Examples of org.wso2.carbon.user.core.AuthorizationManager

        if (userRealm == null) {
            return;
        }

        try {
            AuthorizationManager accessControlAdmin = userRealm.getAuthorizationManager();
            RealmConfiguration realmConfig;
            try {
                realmConfig = userRealm.getRealmConfiguration();
            } catch (UserStoreException e) {
                String msg = "Failed to retrieve realm configuration.";
                log.error(msg, e);
                throw new RegistryException(msg, e);
            }

            String adminRoleName = realmConfig.getAdminRoleName();
            String everyoneRoleName = realmConfig.getEveryOneRoleName();

            accessControlAdmin.authorizeRole(adminRoleName, rootPath,
                    ActionConstants.GET);
            accessControlAdmin.authorizeRole(adminRoleName, rootPath,
                    ActionConstants.PUT);
            accessControlAdmin.authorizeRole(adminRoleName, rootPath,
                    ActionConstants.DELETE);
            accessControlAdmin.authorizeRole(adminRoleName, rootPath,
                    AccessControlConstants.AUTHORIZE);

            accessControlAdmin.authorizeRole(everyoneRoleName, rootPath,
                    ActionConstants.GET);

        } catch (UserStoreException e) {
            String msg = "Could not set authorizations for the root. \nCaused by: "
                    + e.getMessage();