io.stargate.auth

Interface AuthorizationService

public interface AuthorizationService

Method Summary

Modifier and Type	Method and Description
void	authorizeDataRead(AuthenticationSubject authenticationSubject, String keyspace, String table, SourceAPI sourceAPI) Using the provided token will perform pre-authorization and if not successful throws an exception.
void	authorizeDataWrite(AuthenticationSubject authenticationSubject, String keyspace, String table, List<TypedKeyValue> typedKeyValues, Scope scope, SourceAPI sourceAPI) Using the provided token will perform pre-authorization where possible.
void	authorizeDataWrite(AuthenticationSubject authenticationSubject, String keyspace, String table, Scope scope, SourceAPI sourceAPI) Using the provided token will perform pre-authorization and if not successful throws an exception.
ResultSet	authorizedDataRead(Callable<ResultSet> action, AuthenticationSubject authenticationSubject, String keyspace, String table, List<TypedKeyValue> typedKeyValues, SourceAPI sourceAPI) Using the provided token will perform pre-authorization where possible, executes the query provided, and then authorizes the response of the query.
void	authorizePermissionManagement(AuthenticationSubject authenticationSubject, String resource, String grantee, Scope scope, SourceAPI sourceAPI) Using the provided token will perform pre-authorization of permission management.
void	authorizePermissionRead(AuthenticationSubject authenticationSubject, String role, SourceAPI sourceAPI) Using the provided token will perform pre-authorization of permission access.
void	authorizeRoleManagement(AuthenticationSubject authenticationSubject, String role, Scope scope, SourceAPI sourceAPI) Using the provided token will perform pre-authorization of role management.
void	authorizeRoleManagement(AuthenticationSubject authenticationSubject, String role, String grantee, Scope scope, SourceAPI sourceAPI) Using the provided token will perform pre-authorization of role management.
void	authorizeRoleRead(AuthenticationSubject authenticationSubject, String role, SourceAPI sourceAPI) Using the provided token will perform pre-authorization of role access.
void	authorizeSchemaRead(AuthenticationSubject authenticationSubject, List<String> keyspaceNames, List<String> tableNames, SourceAPI sourceAPI, ResourceKind resource) Using the provided token will perform pre-authorization of accessing the provided resources.
void	authorizeSchemaWrite(AuthenticationSubject authenticationSubject, String keyspace, String table, Scope scope, SourceAPI sourceAPI, ResourceKind resource) Using the provided token will perform pre-authorization where possible and if not successful throws an exception.

Method Detail

authorizedDataRead

ResultSet authorizedDataRead(Callable<ResultSet> action,
                             AuthenticationSubject authenticationSubject,
                             String keyspace,
                             String table,
                             List<TypedKeyValue> typedKeyValues,
                             SourceAPI sourceAPI)
                      throws Exception

Using the provided token will perform pre-authorization where possible, executes the query provided, and then authorizes the response of the query.

Parameters:

action - The action to be executed and authorized against a token.

authenticationSubject - The authenticated user to use for authorization.

keyspace - The keyspace containing the table with data to be read.

table - The table within the provided keyspace containing the data to be read.

typedKeyValues - A list of TypedKeyValue that will be used in the query and should be authorized against the token.

sourceAPI - The source api which calls this method.

Returns:

On success will return the result of the query and otherwise will return an exception relating to the failure to authorize.

Throws:

Exception - An exception relating to the failure to authorize.

authorizeDataRead

void authorizeDataRead(AuthenticationSubject authenticationSubject,
                       String keyspace,
                       String table,
                       SourceAPI sourceAPI)
                throws UnauthorizedException

Using the provided token will perform pre-authorization and if not successful throws an exception. Intended to be used when the keys for the query are not readily accessible or when a higher level of authorization is acceptable.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

keyspace - The keyspace containing the table with data to be read.

table - The table within the provided keyspace containing the data to be read.

sourceAPI - The source api which calls this method.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.

authorizeDataWrite

void authorizeDataWrite(AuthenticationSubject authenticationSubject,
                        String keyspace,
                        String table,
                        Scope scope,
                        SourceAPI sourceAPI)
                 throws UnauthorizedException

Using the provided token will perform pre-authorization and if not successful throws an exception. Intended to be used when the keys for the query are not readily accessible or when a higher level of authorization is acceptable.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

keyspace - Either the keyspace containing the resource to be modified or the actual resource being modified.

table - The table within the provided keyspace containing the data to be modified.

scope - The table within the provided keyspace that is being modified.

sourceAPI - The source api which calls this method.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.

authorizeDataWrite

void authorizeDataWrite(AuthenticationSubject authenticationSubject,
                        String keyspace,
                        String table,
                        List<TypedKeyValue> typedKeyValues,
                        Scope scope,
                        SourceAPI sourceAPI)
                 throws UnauthorizedException

Using the provided token will perform pre-authorization where possible.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

typedKeyValues - A list of TypedKeyValue that will be used in the query and should be authorized against the token.

scope - The Scope of the action to be performed.

sourceAPI - The source api which calls this method.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.

authorizeSchemaRead

void authorizeSchemaRead(AuthenticationSubject authenticationSubject,
                         List<String> keyspaceNames,
                         List<String> tableNames,
                         SourceAPI sourceAPI,
                         ResourceKind resource)
                  throws UnauthorizedException

Using the provided token will perform pre-authorization of accessing the provided resources.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

keyspaceNames - Either the keyspace(s) containing the resource(s) to be read or the actual resource being read.

tableNames - The table(s) within the provided keyspace(s) that is being read.

sourceAPI - The source api which calls this method.

resource - The resource for which read authorization is being requested.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.

authorizeSchemaWrite

void authorizeSchemaWrite(AuthenticationSubject authenticationSubject,
                          String keyspace,
                          String table,
                          Scope scope,
                          SourceAPI sourceAPI,
                          ResourceKind resource)
                   throws UnauthorizedException

Using the provided token will perform pre-authorization where possible and if not successful throws an exception.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

keyspace - Either the keyspace containing the resource to be modified or the actual resource being modified.

table - The table within the provided keyspace that is being modified.

scope - The Scope of the action to be performed.

sourceAPI - The source api which calls this method.

resource - The resource for which read authorization is being requested.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.

authorizeRoleManagement

void authorizeRoleManagement(AuthenticationSubject authenticationSubject,
                             String role,
                             Scope scope,
                             SourceAPI sourceAPI)
                      throws UnauthorizedException

Using the provided token will perform pre-authorization of role management.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

role - The role which is being modified.

scope - The Scope of the action to be performed.

sourceAPI - The source api which calls this method.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.

authorizeRoleManagement

void authorizeRoleManagement(AuthenticationSubject authenticationSubject,
                             String role,
                             String grantee,
                             Scope scope,
                             SourceAPI sourceAPI)
                      throws UnauthorizedException

Using the provided token will perform pre-authorization of role management.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

role - The role containing all of the permissions to be given to the grantee.

grantee - The role that is being granted or revoked the role.

scope - The Scope of the action to be performed.

sourceAPI - The source api which calls this method.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.

authorizeRoleRead

void authorizeRoleRead(AuthenticationSubject authenticationSubject,
                       String role,
                       SourceAPI sourceAPI)
                throws UnauthorizedException

Using the provided token will perform pre-authorization of role access.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

role - The role that is being accessed.

sourceAPI - The source api which calls this method.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.

authorizePermissionManagement

void authorizePermissionManagement(AuthenticationSubject authenticationSubject,
                                   String resource,
                                   String grantee,
                                   Scope scope,
                                   SourceAPI sourceAPI)
                            throws UnauthorizedException

Using the provided token will perform pre-authorization of permission management.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

resource - The resource that the grantee is being given permissions to.

grantee - The role that is being granted access to the resource.

scope - The Scope of the action to be performed.

sourceAPI - The source api which calls this method.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.

authorizePermissionRead

void authorizePermissionRead(AuthenticationSubject authenticationSubject,
                             String role,
                             SourceAPI sourceAPI)
                      throws UnauthorizedException

Using the provided token will perform pre-authorization of permission access.

Parameters:

authenticationSubject - The authenticated user to use for authorization.

role - The role for which the permissions are being accessed.

sourceAPI - The source api which calls this method.

Throws:

UnauthorizedException - An exception relating to the failure to authorize.