AuthorizationPlugin (Rule Execution Server API)

java.lang.Object
- com.ibm.rules.res.xu.plugin.internal.PluginBase
- - com.ibm.rules.res.xu.plugin.Plugin
  - - com.ibm.rules.res.xu.plugin.AuthorizationPlugin

All Implemented Interfaces:: com.ibm.rules.res.xu.engine.internal.AuthorizationProvider, ilog.rules.res.xu.plugin.internal.IlrPlugin

public class AuthorizationPlugin
extends Plugin
implements com.ibm.rules.res.xu.engine.internal.AuthorizationProvider

Extend this plug-in to authorize or not the execution of the rulesets.

The declaration of the AuthorizationPlugin can be done in the same way than other XU plug-ins. Unlike other XU plug-ins, only one instance of an AuthorizationPlugin can be declared.

Example of using the configuration API of the RuleSession:

 cfg = IlrJ2SESessionFactory.createDefaultConfig();

 xuCfg = cfg.getXUConfig();
 xuCfg.setLogLevel(Level.ALL);
 xuCfg.setLogWriter(new PrintWriter(System.out));

 plugins = new ArrayList<IlrPluginConfig>(1);
 plugin = xuCfg.createPluginConfig(AuthPlugin.class.getName());
 plugins.add(plugin);

 xuCfg.setPluginConfigs(plugins);

 factory = new IlrJ2SESessionFactory(cfg);

The "userdata" parameter of a session, which can be passed from the IlrSession to the AuthorizationPlugin, can be used to pass to the XU, the credential, or other data that identifies the user who is willing to execute the ruleset.

The Rule Execution Server ruleset archive properties, which are passed to the isRulesetExecutionAllowed method, can be used to specify the list of authorized users for each ruleset.

 class User {
         private final String name;

         public User(String name) {
                 this.name = name;
         }
 }

 public class AuthPlugin extends AuthorizationPlugin {

         /**
          * Authorize only the users specified by the 'allowedUser'
          * RES ruleset archive properties.
          */
         @Override
         public boolean isRulesetExecutionAllowed(String taskName,
                                                  IlrPath canonicalPath,
                                                  Map<String, String> rulesetProps,
                                                  Object userData) {
                 String allowedUser;

                 allowedUser = rulesetProps.get("allowedUser");

                 if (userData == null || !(userData instanceof User))
                         return false;

                 if (allowedUser != null && !allowedUser.trim().isEmpty())
                         return allowedUser.equals(((User) userData).name);

                 return true;
         }
 }

 class Application {
 [..]
 sess = factory.createStatefulSession(path, new User("odmuser"), null, false, false);
 sess.execute(); // will fail if the user is not authorized
 [..]

Since:: 8.8
See Also:: Plugin

Constructor Summary

Constructors
Constructor and Description

AuthorizationPlugin()

Constructors
Constructor and Description
`AuthorizationPlugin()`

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`isRulesetExecutionAllowed(java.lang.String taskName, IlrPath canonicalPath, java.util.Map<java.lang.String,java.lang.String> rulesetProps, java.lang.Object userData)` Whether the execution of a given ruleset is allowed.

Methods inherited from class com.ibm.rules.res.xu.plugin.Plugin
getRulesetUsageInformationMonitor, notifyRulesetArchiveChanged, release, start

Methods inherited from class com.ibm.rules.res.xu.plugin.internal.PluginBase
destroy, executeRuleset, executeRuleset, getInteractionExtension, getWorkManager, getXUConfig, getXUInfo, getXUInfo, isLoggable, log, setConnectionFactory, setLogHandler, setProperties, setResourceAdapter, setRulesetUsageInformationMonitor, setXUConfig, start, subscribe, unsubscribe

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AuthorizationPlugin
```
public AuthorizationPlugin()
```
- Method Detail
  - isRulesetExecutionAllowed
```
public boolean isRulesetExecutionAllowed(java.lang.String taskName,
                                IlrPath canonicalPath,
                                java.util.Map<java.lang.String,java.lang.String> rulesetProps,
                                java.lang.Object userData)
```
    Whether the execution of a given ruleset is allowed.
    By default this method always returns true. Override this method to authorize or refuse the execution of rulesets.
    
    The implementation of this method must be thread-safe.
    
    Specified by:
    
    isRulesetExecutionAllowed in interface com.ibm.rules.res.xu.engine.internal.AuthorizationProvider
    
    Parameters:
    taskName - The name of the task of the ruleset to be executed. null if the execution request does not specify a task.
    canonicalPath - The canonical ruleset path of the ruleset.
    rulesetProps - The RES ruleset archive properties of the ruleset.
    userData - The userData that is passed by the caller of the ruleset execution. Can be null.
    
    Returns:
    true if ruleset execution is allowed.

Methods inherited from class com.ibm.rules.res.xu.plugin.Plugin

Methods inherited from class com.ibm.rules.res.xu.plugin.internal.PluginBase

Methods inherited from class java.lang.Object

AuthorizationPlugin

isRulesetExecutionAllowed