Package com.identityworksllc.iiq.common
Class ThingAccessUtils
- java.lang.Object
-
- com.identityworksllc.iiq.common.ThingAccessUtils
-
public final class ThingAccessUtils extends Object
Implements the “Common Security” protocol described in the documentation.This allows more detailed authorization to check access to various objects within IIQ.
There are two users involved in thing access: an subject Identity and a target Identity. The subject is the one doing the thing while the target is the one the thing is being done to. Some actions may be ‘self’ actions, where both the subject and the target are the same. Other actions don’t have a ‘target’ concept and are treated as ‘self’ actions.
See the
COMMON-SECURITY.adoc
documentation.- See Also:
AccessCheck
-
-
Constructor Summary
Constructors Constructor Description ThingAccessUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static boolean
checkThingAccess(sailpoint.rest.plugin.BasePluginResource pluginContext, CommonSecurityConfig config)
Returns true if the logged in user can access the item based on the CommonSecurityConfig objectstatic boolean
checkThingAccess(sailpoint.rest.plugin.BasePluginResource pluginContext, Map<String,Object> configuration)
Returns true if the logged in user can access the item based on the Common Security configuration parameters.static boolean
checkThingAccess(sailpoint.rest.plugin.BasePluginResource pluginContext, sailpoint.object.Identity targetIdentity, String thingName, Map<String,Object> configuration)
Returns true if the logged in user can access the item based on the common configuration parameters.static boolean
checkThingAccess(sailpoint.rest.plugin.BasePluginResource pluginContext, sailpoint.object.Identity targetIdentity, Map<String,Object> configuration)
Returns true if the logged in user can access the item based on the common configuration parameters.static boolean
checkThingAccess(sailpoint.web.UserContext pluginContext, CommonSecurityConfig config)
Returns true if the logged in user can access the item based on the CommonSecurityConfig objectstatic boolean
checkThingAccess(sailpoint.web.UserContext pluginContext, Map<String,Object> configuration)
Returns true if the logged in user can access the item based on the Common Security configuration parameters.static boolean
checkThingAccess(sailpoint.web.UserContext pluginContext, sailpoint.object.Identity target, String thingName, CommonSecurityConfig config)
Returns true if the logged in user can access the item based on the common configuration parameters.static boolean
checkThingAccess(sailpoint.web.UserContext pluginContext, sailpoint.object.Identity targetIdentity, String thingName, Map<String,Object> configuration)
Returns true if the logged in user can access the item based on the common configuration parameters.static boolean
checkThingAccess(sailpoint.web.UserContext pluginContext, sailpoint.object.Identity targetIdentity, Map<String,Object> configuration)
Returns true if the logged in user can access the item based on the common configuration parameters.static void
clearCachedResults()
An optional clear-cache method that can be used by plugin codestatic sailpoint.rest.plugin.BasePluginResource
createFakePluginContext(sailpoint.api.SailPointContext context, sailpoint.object.Identity loggedInUser, String pluginName)
Creates a fake plugin context for use withcheckThingAccess(UserContext, Identity, String, Map)
outside of a plugin.
-
-
-
Constructor Detail
-
ThingAccessUtils
public ThingAccessUtils()
-
-
Method Detail
-
checkThingAccess
public static boolean checkThingAccess(sailpoint.web.UserContext pluginContext, Map<String,Object> configuration) throws sailpoint.tools.GeneralException
Returns true if the logged in user can access the item based on the Common Security configuration parameters.- Parameters:
pluginContext
- The plugin context, which provides user detailsconfiguration
- The configuration for the field or button or other object- Returns:
- True if the user has access to the thing based on the configuration
- Throws:
sailpoint.tools.GeneralException
- if any check failures occur (this should be interpreted as “no access”)
-
checkThingAccess
public static boolean checkThingAccess(sailpoint.rest.plugin.BasePluginResource pluginContext, Map<String,Object> configuration) throws sailpoint.tools.GeneralException
Returns true if the logged in user can access the item based on the Common Security configuration parameters.- Parameters:
pluginContext
- The plugin context, which provides user detailsconfiguration
- The configuration for the field or button or other object- Returns:
- True if the user has access to the thing based on the configuration
- Throws:
sailpoint.tools.GeneralException
- if any check failures occur (this should be interpreted as “no access”)
-
checkThingAccess
public static boolean checkThingAccess(sailpoint.web.UserContext pluginContext, CommonSecurityConfig config) throws sailpoint.tools.GeneralException
Returns true if the logged in user can access the item based on the CommonSecurityConfig object- Parameters:
pluginContext
- The plugin context, which provides user detailsconfig
- the CommonSecurityConfig object- Returns:
- True if the user has access to the thing based on the configuration
- Throws:
sailpoint.tools.GeneralException
- if any check failures occur (this should be interpreted as “no access”)
-
checkThingAccess
public static boolean checkThingAccess(sailpoint.rest.plugin.BasePluginResource pluginContext, CommonSecurityConfig config) throws sailpoint.tools.GeneralException
Returns true if the logged in user can access the item based on the CommonSecurityConfig object- Parameters:
pluginContext
- The plugin context, which provides user detailsconfig
- the CommonSecurityConfig object- Returns:
- True if the user has access to the thing based on the configuration
- Throws:
sailpoint.tools.GeneralException
- if any check failures occur (this should be interpreted as “no access”)
-
checkThingAccess
public static boolean checkThingAccess(sailpoint.web.UserContext pluginContext, sailpoint.object.Identity targetIdentity, Map<String,Object> configuration) throws sailpoint.tools.GeneralException
Returns true if the logged in user can access the item based on the common configuration parameters.- Parameters:
pluginContext
- The login context, which provides user detailstargetIdentity
- The target identity for the action (as opposed to the actor)configuration
- The configuration for the field or button or other object- Returns:
- True if the user has access to the thing based on the configuration
- Throws:
sailpoint.tools.GeneralException
- if any check failures occur (this should be interpreted as “no access”)
-
checkThingAccess
public static boolean checkThingAccess(sailpoint.rest.plugin.BasePluginResource pluginContext, sailpoint.object.Identity targetIdentity, Map<String,Object> configuration) throws sailpoint.tools.GeneralException
Returns true if the logged in user can access the item based on the common configuration parameters.- Parameters:
pluginContext
- The plugin context, which provides user detailstargetIdentity
- The target identity for the action (as opposed to the actor)configuration
- The configuration for the field or button or other object- Returns:
- True if the user has access to the thing based on the configuration
- Throws:
sailpoint.tools.GeneralException
- if any check failures occur (this should be interpreted as “no access”)
-
checkThingAccess
public static boolean checkThingAccess(sailpoint.rest.plugin.BasePluginResource pluginContext, sailpoint.object.Identity targetIdentity, String thingName, Map<String,Object> configuration) throws sailpoint.tools.GeneralException
Returns true if the logged in user can access the item based on the common configuration parameters.- Parameters:
pluginContext
- The plugin context, which provides user detailstargetIdentity
- The target identity for the action (as opposed to the actor)configuration
- The configuration for the field or button or other object- Returns:
- True if the user has access to the thing based on the configuration
- Throws:
sailpoint.tools.GeneralException
- if any check failures occur (this should be interpreted as “no access”)
-
checkThingAccess
public static boolean checkThingAccess(sailpoint.web.UserContext pluginContext, sailpoint.object.Identity targetIdentity, String thingName, Map<String,Object> configuration) throws sailpoint.tools.GeneralException
Returns true if the logged in user can access the item based on the common configuration parameters.- Parameters:
pluginContext
- A plugin REST API resource (or fake equivalent) used to get some details and settings. This must not be null.targetIdentity
- The target identitythingName
- The thing being checkedconfiguration
- The configuration for the field or button or other object- Returns:
- True if the user has access to the thing based on the configuration
- Throws:
sailpoint.tools.GeneralException
- if any check failures occur (this should be interpreted as “no access”)
-
checkThingAccess
public static boolean checkThingAccess(sailpoint.web.UserContext pluginContext, sailpoint.object.Identity target, String thingName, CommonSecurityConfig config) throws sailpoint.tools.GeneralException
Returns true if the logged in user can access the item based on the common configuration parameters.Results for the same CommonSecurityConfig, source, and target user will be cached for up to one minute unless the CommonSecurityConfig object has noCache set to true.
- Parameters:
pluginContext
- A plugin REST API resource (or fake equivalent) used to get some details and settings. This must not be null.target
- The target identitythingName
- The thing being checked, entirely for logging purposesconfig
- The configuration specifying security rights- Returns:
- True if the user has access to the thing based on the configuration
- Throws:
sailpoint.tools.GeneralException
- if any check failures occur (this should be interpreted as “no access”)
-
clearCachedResults
public static void clearCachedResults()
An optional clear-cache method that can be used by plugin code
-
createFakePluginContext
public static sailpoint.rest.plugin.BasePluginResource createFakePluginContext(sailpoint.api.SailPointContext context, sailpoint.object.Identity loggedInUser, String pluginName)
Creates a fake plugin context for use withcheckThingAccess(UserContext, Identity, String, Map)
outside of a plugin.This constructs a new instance of a dummy BasePluginResource web service endpoint class.
- Parameters:
context
- The SailPointContext to return fromBaseResource.getContext()
loggedInUser
- The Identity to return from various getLoggedIn… methodspluginName
- The name of the plugin to include in the fake plugin context- Returns:
- The fake plugin resource
-
-