Class AuthorizationPlugin
- java.lang.Object
-
- com.ibm.rules.res.xu.plugin.internal.PluginBase
-
- com.ibm.rules.res.xu.plugin.Plugin
-
- com.ibm.rules.res.xu.plugin.AuthorizationPlugin
-
- All Implemented Interfaces:
- com.ibm.rules.res.xu.engine.internal.AuthorizationProvider, ilog.rules.res.xu.plugin.internal.IlrPlugin
public class AuthorizationPlugin extends Plugin implements com.ibm.rules.res.xu.engine.internal.AuthorizationProvider
Extend this plug-in to authorize or not the execution of the rulesets.The declaration of the
AuthorizationPlugin
can be done in the same way than other XU plug-ins. Unlike other XU plug-ins, only one instance of anAuthorizationPlugin
can be declared.Example of using the configuration API of the RuleSession:
cfg = IlrJ2SESessionFactory.createDefaultConfig(); xuCfg = cfg.getXUConfig(); xuCfg.setLogLevel(Level.ALL); xuCfg.setLogWriter(new PrintWriter(System.out)); plugins = new ArrayList<IlrPluginConfig>(1); plugin = xuCfg.createPluginConfig(AuthPlugin.class.getName()); plugins.add(plugin); xuCfg.setPluginConfigs(plugins); factory = new IlrJ2SESessionFactory(cfg);
The "userdata" parameter of a session, which can be passed from the
IlrSession
to theAuthorizationPlugin
, can be used to pass to the XU, the credential, or other data that identifies the user who is willing to execute the ruleset.The Rule Execution Server ruleset archive properties, which are passed to the
isRulesetExecutionAllowed
method, can be used to specify the list of authorized users for each ruleset.class User { private final String name; public User(String name) { this.name = name; } } public class AuthPlugin extends AuthorizationPlugin { /** * Authorize only the users specified by the 'allowedUser' * RES ruleset archive properties. */ @Override public boolean isRulesetExecutionAllowed(String taskName, IlrPath canonicalPath, Map<String, String> rulesetProps, Object userData) { String allowedUser; allowedUser = rulesetProps.get("allowedUser"); if (userData == null || !(userData instanceof User)) return false; if (allowedUser != null && !allowedUser.trim().isEmpty()) return allowedUser.equals(((User) userData).name); return true; } } class Application { [..] sess = factory.createStatefulSession(path, new User("odmuser"), null, false, false); sess.execute(); // will fail if the user is not authorized [..]
- Since:
- 8.8
- See Also:
Plugin
-
-
Constructor Summary
Constructors Constructor and Description AuthorizationPlugin()
-
Method Summary
Methods Modifier and Type Method and Description boolean
isRulesetExecutionAllowed(java.lang.String taskName, IlrPath canonicalPath, java.util.Map<java.lang.String,java.lang.String> rulesetProps, java.lang.Object userData)
Whether the execution of a given ruleset is allowed.-
Methods inherited from class com.ibm.rules.res.xu.plugin.Plugin
getRulesetUsageInformationMonitor, notifyRulesetArchiveChanged, release, start
-
Methods inherited from class com.ibm.rules.res.xu.plugin.internal.PluginBase
destroy, executeRuleset, executeRuleset, getInteractionExtension, getWorkManager, getXUConfig, getXUInfo, getXUInfo, isLoggable, log, setConnectionFactory, setLogHandler, setProperties, setResourceAdapter, setRulesetUsageInformationMonitor, setXUConfig, start, subscribe, unsubscribe
-
-
-
-
Method Detail
-
isRulesetExecutionAllowed
public boolean isRulesetExecutionAllowed(java.lang.String taskName, IlrPath canonicalPath, java.util.Map<java.lang.String,java.lang.String> rulesetProps, java.lang.Object userData)
Whether the execution of a given ruleset is allowed.By default this method always returns
true
. Override this method to authorize or refuse the execution of rulesets.The implementation of this method must be thread-safe.
- Specified by:
isRulesetExecutionAllowed
in interfacecom.ibm.rules.res.xu.engine.internal.AuthorizationProvider
- Parameters:
taskName
- The name of the task of the ruleset to be executed.null
if the execution request does not specify a task.canonicalPath
- The canonical ruleset path of the ruleset.rulesetProps
- The RES ruleset archive properties of the ruleset.userData
- The userData that is passed by the caller of the ruleset execution. Can benull
.- Returns:
true
if ruleset execution is allowed.
-
-