Legacy platform

Implementing authorization

When you implement authorization, you must first decide if you want to customize or use the default implementation of authorization provided by the application.

You have the following options:
  • The default implementation.

    To use this implementation, just install the application.

  • A customized implementation without the default implementation.
  • A customized implementation of the default implementation.

IBM® recommends that permissions for users be cached.

Customizing authorization

The custom authorization mechanism for the application consists of the AuthorizationProvider class that implements the ISCUIAuthorizationProvider interface and ResourcePermission that implements the ISCUIResourcePermission interface. ResourcePermission is returned by the AuthorizationProvider class after the authorization. AuthorizationProvider is plugged in using the context parameter in web.xml as shown in the following example:

<context-param>	
   <param-name>scui-authorization-provider</param-name>
	  <param-value>com.app.MyAppAuthorizationProvider</param-value>
</context-param>

You can generate resource permission code using the resource permission template of the Code Template Generator.

The following shows an example of a custom AuthorizationProvider that uses the provider specified in the web.xml example:

public class MyAppAuthorizationProvider implements 
ISCUIAuthorizationProvider 
{
	  ....
	  public boolean hasPermission(SCUIContext uiContext, String resourceId)
	     {
	       ISCUIResourcePermission getPermission(uiContext, resourceId);
	       ....
	      	}
	  public ISCUIResourcePermission getPermission(SCUIContext uiContext,
String resourceId)
	    {
	      //authorize the user from the SCUISecurityContext
	      ...
	    }
	   public void init() 
	    {
	      // initialize the authorization mechanism.
	      ...
	     }
	   public void sessionDestroyed(HttpSessionEvent sessionEvent) 
	   {
	      //close the connection and release it back into the pool	     ...     
	   }
}