Authorization Methods
This document explains how to develop an authorization method for OpenASelect. See Authorization for more information about authorization within OpenASelect.
Design
Authorization methods comply to the following interface:
com.alfaariss.oa.sso.authorization.web.IWebAuthorizationMethod
The main method specified by this interface is the authorize method, which performs the actual authorization. The following figure shows a basic authorization method:
How it works
The default type of authorization methods desribed in this document are web authorization methods. Web authorization methods are called upon during the authentication process. Each method performs a check based on HTTP request parameters and headers, authentication session attributes, user attributes, etc. The results are used to decide whether or not to execute an authorization action. If the method decides to execute the action, the result of the action should be returned. The other option is to allow the method to choose the result itself. Authorization results can be found in com.alfaariss.oa.UserEvent enumeration.
These are the specific authentication results that can be used:
| Result | Description |
| AUTHZ_METHOD_SUCCESSFUL | The authorization is unsuccessful and the process continues to the next authorization method or next phase |
| AUTHZ_METHOD_FAILED | The authorization has failed and the user is denied access. The authentication process stops. |
| AUTHZ_METHOD_IN_PROGRESS | The authorization method has performed user interaction and the request is finished. |
When an authorization method requires user interaction and a page or other response is sent to the user, the method should return AUTHZ_METHOD_IN_PROGRESS.
The concept of executing an authorization method is shown in the following figure:
Event logging
The authorization method is an Authority and should therefore log all state changes to the OpenASelect event logging. The IAuthority interface specifies one method which should return the unique authority name of the authorization method:
public String getAuthority();
How to create an authorization method
The best way to start developing an authorization method is to take a look at the IP authorization method. This method contains all the principles of how an OpenASelect authorization method should function.
Attachments
- authz_method_flow.png (10.4 kB) -
Authorization Method flow diagram
, added by mme on 07/10/08 16:49:54. - authz_method_class.png (16.8 kB) -
Authorization Method class diagram
, added by mme on 07/10/08 16:50:44.