Authorization

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.prolifics.servlet
Interface Authorization

public interface Authorization

Applications may implement the Authorization interface for use with an external authorization mechanism. The external authorization mechanism for Panther's Requester Servlet requires the implementation of two interfaces that are within the com.prolifics.servlet package. These are AuthorizationFactory and Authorization. Classes of the package, com.prolifics.servlet.auth0, provide the implementation for these interfaces for use with Auth0. Source code for these classes is provided in proauth0.jar.

If authorization is enabled (See AuthorizationFactory), the ProlificsHttpServlet instance calls the getAuthorization() method of the AuthorizationFactory instance to return an Authorization instance that is consistent with information provided in the HTTP Authorization header. It does this upon each request to the requester servlet.

It calls isAuthorized() on the Authorization instance, passing it a resource String and a method String as arguments, in order to determine whether processing for the requested resource and method should be permitted.

The resource String is the result of getPathInfo() for the servlet. Thus, it begins with a slash, followed by a primary resource name. The primary resource name is typically the name of a Panther screen. It may be followed by additional slash separated sub-components, or filters, which the isAuthorized() method may choose to use or to ignore.

The second parameter to isAuthorized() is the HTTP method name that was used for the request: GET, PUT, POST, or DELETE.

If isAuthorized() returns false, ProlificsHttpServlet returns HttpServletResponse.SC_UNAUTHORIZED in the response header for the request, and the request is not processed any further. Otherwise, it passes the request on to the Jserver. Implementation classes may throw an AuthorizationException instead of returning false, thereby forcing a different HTTP status code to be returned in the response header.

ProlificsHttpServlet calls the getUser() method of the Authorization instance before sending a request to the Jserver. If getUser() returns a non null String, that String is assigned to the REMOTE_USER CGI header that is sent to the Jserver with the request. Application code in the Jserver can retrieve this value by means of the built-in Panther Web variable, @cgi_remote_user.

Since:: Panther 5.52

Method Summary
`java.lang.String`	`getUser()` Retrieves a user ID String, generally derived from the Authorization header.
`boolean`	`isAuthorized(java.lang.String resource, java.lang.String method)` Tests authorization for the given resource and HTTP method.

Method Detail

isAuthorized

boolean isAuthorized(java.lang.String resource,
                     java.lang.String method)
                     throws AuthorizationException

Tests authorization for the given resource and HTTP method. Implementations may throw an AuthorizationException rather than return false.

Parameters:: resource - The servlet's PathInfo; method - The HTTP method used for the request
Throws:: AuthorizationException

getUser

java.lang.String getUser()
                         throws AuthorizationException

Retrieves a user ID String, generally derived from the Authorization header. For example, it may be the "sub" value derived from a JWT.

Throws:: AuthorizationException