edu.washington.lib.utilities
Class AuthorizationTools

java.lang.Object
  edu.washington.lib.utilities.AuthorizationTools

public class AuthorizationTools
extends java.lang.Object

Tools for use by consumers of edu.washington.lib.authorization package.

Implementors of authorization classes and authorization web services should refer to the edu.washington.lib.authorization package api.

Field Summary

static java.lang.String	AUTHENTICATION_SOURCE authentication source.
static java.lang.String	PATH_PROPERTIES Name of AuthorizationTools properties file.
java.util.Properties	properties Properties of AuthorizationTools.
static java.lang.String	ROLE HttpSession property indicating role found for authorization query.
static java.lang.String	ROLE_NOT_AUTHORIZED Status indicating user does not have role requested.
static java.lang.String	ROLE_USER Role indicating request for generic access to the application.
static java.lang.String	ROLE_VIEWER Role indicating request for "view" access to the application.
static java.lang.String	ROLE_WRITER Role indicating request for "write" access to the application.
static java.lang.String	URL_AUTH String identifying the property name used to specify the URL of the authorization web service.

Constructor Summary

AuthorizationTools()
Loads properties from the properties file

Method Summary

void	getRole(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpSession session, java.lang.String app) Sets HttpSession ROLE attribute to the role found matching "remoteUser" ServletRequest attribute upon performing an authorization web service query.
boolean	isInRole(java.lang.String app, java.lang.String authenticationSource, java.lang.String role, java.lang.String user) Queries authorization web service for requested user role.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ROLE

public static java.lang.String ROLE

HttpSession property indicating role found for authorization query. See getRole(request, session, app)

AUTHENTICATION_SOURCE

public static java.lang.String AUTHENTICATION_SOURCE

authentication source. Compiled to "uwnetid" in our implementation. Used by typical authorization implementations

ROLE_USER

public static java.lang.String ROLE_USER

Role indicating request for generic access to the application. Compiled to "user" in our implementation. Used by typical authorization implementations

ROLE_WRITER

public static java.lang.String ROLE_WRITER

Role indicating request for "write" access to the application. Compiled to "writer" in our implementation. Used by typical authorization implementations

ROLE_VIEWER

public static java.lang.String ROLE_VIEWER

Role indicating request for "view" access to the application. Compiled to "viewer" in our implementation. Used by typical authorization implementations

ROLE_NOT_AUTHORIZED

public static java.lang.String ROLE_NOT_AUTHORIZED

Status indicating user does not have role requested. See getRole(request, session, app).

PATH_PROPERTIES

public static java.lang.String PATH_PROPERTIES

Name of AuthorizationTools properties file. Place the properties file at the top of the class tree for the AuthorizationTools class

URL_AUTH

public static java.lang.String URL_AUTH

String identifying the property name used to specify the URL of the authorization web service. Set the property string named in this constant in the properties file to the URL for the authorization REST web service being used.

In our implementation, this is compiled to AuthorizationTools.AuthorizationUrl, thus we must set a AuthorizationTools.AuthorizationUrl property to the URL of our authorization service in the properties file.

properties

public java.util.Properties properties

Properties of AuthorizationTools. Users of AuthorizationTools must create the AuthorizationTools properties file and define the mandatory URL_AUTH property.

This file should be placed at the top of the class tree.

Constructor Detail

AuthorizationTools

public AuthorizationTools()

Loads properties from the properties file

Method Detail

getRole

public void getRole(javax.servlet.http.HttpServletRequest request,
                    javax.servlet.http.HttpSession session,
                    java.lang.String app)

Sets HttpSession ROLE attribute to the role found matching "remoteUser" ServletRequest attribute upon performing an authorization web service query. Tests first for ROLE_WRITER access. If test for ROLE_WRITER access fails, tests for ROLE_VIEWER access. If that test fails, tests for ROLE_USER access

Sets ROLE to one of the following:

• ROLE_WRITER if this test was successful
• ROLE_VIEWER if this test was successful
• ROLE_USER if this test was successful
• ROLE_NOT_AUTHORIZED if user was not found or did not have any of the above roles

Uses AUTHENTICATION_SOURCE as authentication source for all queries. Returns without peforming a query if ROLE session attibute is already set.

Parameters:

request - The ServletRequest object containing the remoteUser attribute

session - The HttpSession object in which to set the ROLE attribute

app - Authorization application to which query is sent, e.g. "helpdesk"

isInRole

public boolean isInRole(java.lang.String app,
                        java.lang.String authenticationSource,
                        java.lang.String role,
                        java.lang.String user)

Queries authorization web service for requested user role.

Parameters:

app - Name of application authorization web service to query, e.g. "helpdesk"

authenticationSource - Source used that returned this authenticated username, such as AUTHENTICATION_SOURCE

role - User role, such as ROLE_WRITER, ROLE_VIEWER, or ROLE_USER

user - Username to query for

Returns:

True if the user has the role queried for, false otherwise.