Package io.stargate.auth

Interface AuthorizationService

  • public interface AuthorizationService

    • Method Detail

      • authorizedDataRead

        ResultSet authorizedDataRead​(Callable<ResultSet> action,
                             AuthenticationSubject authenticationSubject,
                             String keyspace,
                             String table,
                             List<TypedKeyValue> typedKeyValues,
                             SourceAPI sourceAPI)
                      throws Exception
        Using the provided token will perform pre-authorization where possible, executes the query provided, and then authorizes the response of the query.
        Parameters:
        action - The action to be executed and authorized against a token.
        authenticationSubject - The authenticated user to use for authorization.
        keyspace - The keyspace containing the table with data to be read.
        table - The table within the provided keyspace containing the data to be read.
        typedKeyValues - A list of TypedKeyValue that will be used in the query and should be authorized against the token.
        sourceAPI - The source api which calls this method.
        Returns:
        On success will return the result of the query and otherwise will return an exception relating to the failure to authorize.
        Throws:
        Exception - An exception relating to the failure to authorize.

      • authorizeDataRead

        void authorizeDataRead​(AuthenticationSubject authenticationSubject,
                       String keyspace,
                       String table,
                       SourceAPI sourceAPI)
                throws UnauthorizedException
        Using the provided token will perform pre-authorization and if not successful throws an exception. Intended to be used when the keys for the query are not readily accessible or when a higher level of authorization is acceptable.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        keyspace - The keyspace containing the table with data to be read.
        table - The table within the provided keyspace containing the data to be read.
        sourceAPI - The source api which calls this method.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.

      • authorizeDataWrite

        void authorizeDataWrite​(AuthenticationSubject authenticationSubject,
                        String keyspace,
                        String table,
                        Scope scope,
                        SourceAPI sourceAPI)
                 throws UnauthorizedException
        Using the provided token will perform pre-authorization and if not successful throws an exception. Intended to be used when the keys for the query are not readily accessible or when a higher level of authorization is acceptable.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        keyspace - Either the keyspace containing the resource to be modified or the actual resource being modified.
        table - The table within the provided keyspace containing the data to be modified.
        scope - The table within the provided keyspace that is being modified.
        sourceAPI - The source api which calls this method.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.

      • authorizeDataWrite

        void authorizeDataWrite​(AuthenticationSubject authenticationSubject,
                        String keyspace,
                        String table,
                        List<TypedKeyValue> typedKeyValues,
                        Scope scope,
                        SourceAPI sourceAPI)
                 throws UnauthorizedException
        Using the provided token will perform pre-authorization where possible.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        typedKeyValues - A list of TypedKeyValue that will be used in the query and should be authorized against the token.
        scope - The Scope of the action to be performed.
        sourceAPI - The source api which calls this method.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.

      • authorizeSchemaRead

        void authorizeSchemaRead​(AuthenticationSubject authenticationSubject,
                         List<String> keyspaceNames,
                         List<String> tableNames,
                         SourceAPI sourceAPI,
                         ResourceKind resource)
                  throws UnauthorizedException
        Using the provided token will perform pre-authorization of accessing the provided resources.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        keyspaceNames - Either the keyspace(s) containing the resource(s) to be read or the actual resource being read.
        tableNames - The table(s) within the provided keyspace(s) that is being read.
        sourceAPI - The source api which calls this method.
        resource - The resource for which read authorization is being requested.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.

      • authorizeSchemaWrite

        void authorizeSchemaWrite​(AuthenticationSubject authenticationSubject,
                          String keyspace,
                          String table,
                          Scope scope,
                          SourceAPI sourceAPI,
                          ResourceKind resource)
                   throws UnauthorizedException
        Using the provided token will perform pre-authorization where possible and if not successful throws an exception.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        keyspace - Either the keyspace containing the resource to be modified or the actual resource being modified.
        table - The table within the provided keyspace that is being modified.
        scope - The Scope of the action to be performed.
        sourceAPI - The source api which calls this method.
        resource - The resource for which read authorization is being requested.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.

      • authorizeRoleManagement

        void authorizeRoleManagement​(AuthenticationSubject authenticationSubject,
                             String role,
                             Scope scope,
                             SourceAPI sourceAPI)
                      throws UnauthorizedException
        Using the provided token will perform pre-authorization of role management.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        role - The role which is being modified.
        scope - The Scope of the action to be performed.
        sourceAPI - The source api which calls this method.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.

      • authorizeRoleManagement

        void authorizeRoleManagement​(AuthenticationSubject authenticationSubject,
                             String role,
                             String grantee,
                             Scope scope,
                             SourceAPI sourceAPI)
                      throws UnauthorizedException
        Using the provided token will perform pre-authorization of role management.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        role - The role containing all of the permissions to be given to the grantee.
        grantee - The role that is being granted or revoked the role.
        scope - The Scope of the action to be performed.
        sourceAPI - The source api which calls this method.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.

      • authorizeRoleRead

        void authorizeRoleRead​(AuthenticationSubject authenticationSubject,
                       String role,
                       SourceAPI sourceAPI)
                throws UnauthorizedException
        Using the provided token will perform pre-authorization of role access.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        role - The role that is being accessed.
        sourceAPI - The source api which calls this method.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.

      • authorizePermissionManagement

        void authorizePermissionManagement​(AuthenticationSubject authenticationSubject,
                                   String resource,
                                   String grantee,
                                   Scope scope,
                                   SourceAPI sourceAPI)
                            throws UnauthorizedException
        Using the provided token will perform pre-authorization of permission management.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        resource - The resource that the grantee is being given permissions to.
        grantee - The role that is being granted access to the resource.
        scope - The Scope of the action to be performed.
        sourceAPI - The source api which calls this method.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.

      • authorizePermissionRead

        void authorizePermissionRead​(AuthenticationSubject authenticationSubject,
                             String role,
                             SourceAPI sourceAPI)
                      throws UnauthorizedException
        Using the provided token will perform pre-authorization of permission access.
        Parameters:
        authenticationSubject - The authenticated user to use for authorization.
        role - The role for which the permissions are being accessed.
        sourceAPI - The source api which calls this method.
        Throws:
        UnauthorizedException - An exception relating to the failure to authorize.