[FC-248] New API to combine createSession & checkAccess - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.2
Fix Version/s: 2.0.3
Labels:
None

Description

Needed to simplify interaction for stateless usages. Helps over REST, caller doesn't have to hold, parse, cache a session from createSession, before calling checkAccess. One less roundtrip when needing to do both consecutively.

Below the format for the new checkAccess API.

API Signature
public boolean checkAccess
      ( User user,
        Permission perm,
        boolean isTrusted )
throws SecurityException;

Sample XML Request:
<FortRequest>
   <contextId>HOME</contextId>
   <entity xsi:type="permission" xmlns:...">
   <objName>account</objName>
       <opName>withdrawal</opName>
   </entity>
   <entity2 xsi:type="user" xmlns:xsi=“...">
   <userId>curly</userId>
       <props>
           <entry>
           <key>locale</key>
               <value>east</value>
           </entry>
       </props>
   </entity2>
   <isFlag>true</isFlag>
</FortRequest>

Sample XML Response:
<FortResponse>
<errorCode>0</errorCode>
<isAuthorized>true</isAuthorized>

</FortResponse>

Attachments

Activity

People

Assignee:: Shawn McKinney

Reporter:: Shawn McKinney

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Oct/18 10:21

Updated:: 26/Oct/18 15:25

Resolved:: 26/Oct/18 15:25