--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START==================================================\r
+ * * org.onap.dmaap\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+\r
+\r
+package org.onap.dmaap.datarouter.authz;\r
+\r
+import java.util.Map;\r
+import javax.servlet.http.HttpServletRequest;\r
+\r
+/**\r
+ * A Data Router API that requires authorization of incoming requests creates an instance of a class that implements\r
+ * the <code>Authorizer</code> interface. The class implements all of the logic necessary to determine if an API\r
+ * request is permitted. In Data Router R1, the classes that implement the <code>Authorizer</code> interface will have\r
+ * local logic that makes the authorization decision. After R1, these classes will instead have logic that creates XACML\r
+ * authorization requests, sends these requests to a Policy Decision Point (PDP), and parses the XACML responses.\r
+ * \r
+ * @author J. F. Lucas\r
+ *\r
+ */\r
+public interface Authorizer {\r
+ /**\r
+ * Determine if the API request carried in the <code>request</code> parameter is permitted.\r
+ * \r
+ * @param request the HTTP request for which an authorization decision is needed\r
+ * @return an object implementing the <code>AuthorizationResponse</code> interface. This object includes the\r
+ * permit/deny decision for the request and (after R1) supplemental information related to the response in the form\r
+ * of advice and obligations.\r
+ */\r
+ public AuthorizationResponse decide(HttpServletRequest request);\r
+ \r
+ /**\r
+ * Determine if the API request carried in the <code>request</code> parameter, with additional attributes provided in\r
+ * the <code>additionalAttrs</code> parameter, is permitted.\r
+ * \r
+ * @param request the HTTP request for which an authorization decision is needed\r
+ * @param additionalAttrs additional attributes that the <code>Authorizer</code> can in making an authorization decision\r
+ * @return an object implementing the <code>AuthorizationResponse</code> interface. This object includes the\r
+ * permit/deny decision for the request and (after R1) supplemental information related to the response in the form\r
+ * of advice and obligations.\r
+ */\r
+ public AuthorizationResponse decide(HttpServletRequest request, Map<String,String> additionalAttrs);\r
+}\r
Code Review / dmaap / datarouter.git / blobdiff