4.2 - Check Access

boolean checkAccess(Session session, Permission perm) throws SecurityException

Perform user RBAC authorization. This function returns a Boolean value meaning whether the subject of a given session is allowed to perform a given operation on a given object.

The function is valid if and only if:

  • the session is a valid Fortress session
  • the object is a member of the OBJS data set
  • the operation is a member of the OPS data set.

The session’s subject has the permission to perform the operation on that object if and only if that permission is assigned to (at least) one of the session’s active roles. This implementation will verify the roles or userId correspond to the subject’s active roles are registered in the object’s access control list.

Parameters:

  • perm - must contain the object, Permission.objName, and operation, Permission.opName, of permission User is trying to access.
  • session - object contains the user’s returned RBAC session from the createSession method.

Returns:

  • True if user has access, False otherwise.

Throws:

  • SecurityException - in the event of data validation failure, security policy violation or DAO error.

checkAccess

import org.apache.directory.fortress.core.AccessMgr;
import org.apache.directory.fortress.core.AccessMgrFactory;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.Permission;

@test
public static void testCheckAccess( Session session, String objectName, String operationName )
{
    String szLocation = ".testCheckAccess";
    try
    {
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance();
        Permission inPerm = new Permission( objectName, operationName );
        
        // Using Session object returned from createSession
        boolean result = accessMgr.checkAccess( session, inPerm );
        assertTrue( szLocation, result );
    }
    catch ( SecurityException ex )
    {
        LOG.error( szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex );
        fail( ex.getMessage() );
    }
}