1 /*******************************************************************************
\r
2 * ============LICENSE_START==================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
25 package org.onap.dmaap.datarouter.authz;
\r
27 import java.util.Map;
\r
28 import javax.servlet.http.HttpServletRequest;
\r
31 * A Data Router API that requires authorization of incoming requests creates an instance of a class that implements
\r
32 * the <code>Authorizer</code> interface. The class implements all of the logic necessary to determine if an API
\r
33 * request is permitted. In Data Router R1, the classes that implement the <code>Authorizer</code> interface will have
\r
34 * local logic that makes the authorization decision. After R1, these classes will instead have logic that creates XACML
\r
35 * authorization requests, sends these requests to a Policy Decision Point (PDP), and parses the XACML responses.
\r
37 * @author J. F. Lucas
\r
40 public interface Authorizer {
\r
42 * Determine if the API request carried in the <code>request</code> parameter is permitted.
\r
44 * @param request the HTTP request for which an authorization decision is needed
\r
45 * @return an object implementing the <code>AuthorizationResponse</code> interface. This object includes the
\r
46 * permit/deny decision for the request and (after R1) supplemental information related to the response in the form
\r
47 * of advice and obligations.
\r
49 public AuthorizationResponse decide(HttpServletRequest request);
\r
52 * Determine if the API request carried in the <code>request</code> parameter, with additional attributes provided in
\r
53 * the <code>additionalAttrs</code> parameter, is permitted.
\r
55 * @param request the HTTP request for which an authorization decision is needed
\r
56 * @param additionalAttrs additional attributes that the <code>Authorizer</code> can in making an authorization decision
\r
57 * @return an object implementing the <code>AuthorizationResponse</code> interface. This object includes the
\r
58 * permit/deny decision for the request and (after R1) supplemental information related to the response in the form
\r
59 * of advice and obligations.
\r
61 public AuthorizationResponse decide(HttpServletRequest request, Map<String,String> additionalAttrs);
\r