AuthzAuthority

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.google.enterprise.adaptor
Interface AuthzAuthority

All Known Implementing Classes:: AdaptorWithCrawlTimeMetadataTemplate, CommandLineAdaptor

public interface AuthzAuthority

Interface for adaptors capable of authorizing users.

Instances of this interface are typically registered with AdaptorContext.setAuthzAuthority(com.google.enterprise.adaptor.AuthzAuthority).

Method Summary
`Map<DocId,AuthzStatus>`	`isUserAuthorized(AuthnIdentity userIdentity, Collection<DocId> ids)` Determines whether the user identified is allowed to access the `DocId`s.

Method Detail

isUserAuthorized

Map<DocId,AuthzStatus> isUserAuthorized(AuthnIdentity userIdentity,
                                        Collection<DocId> ids)
                                        throws IOException

Determines whether the user identified is allowed to access the DocIds. The user is either anonymous or assumed to be previously authenticated. If an anonymous user is denied access to a document, then the caller may prompt the user to go through an authentication process and then try again.

Returns AuthzStatus.PERMIT for DocIds the user is allowed to access. Retutrns AuthzStatus.DENY for DocIds the user is not allowed to access. If the document exists, AuthzStatus.INDETERMINATE will not be returned for that DocId.

If the document doesn't exist, then there are several possibilities. If the repository is fully-public then it will return PERMIT. This will allow the caller to provide a cached version of the file to the user or call Adaptor.getDocContent(com.google.enterprise.adaptor.Request, com.google.enterprise.adaptor.Response) which should call Response.respondNotFound(). If the adaptor is not sensitive to users knowing that certain documents do not exist, then it will return INDETERMINATE. This will be interpreted as the document does not exist; no cached copy will be provided to the user but the user may be informed the document doesn't exist. Highly sensitive repositories may return DENY.

If you experience a fatal error, feel free to throw an IOException or RuntimeException. In the case of an error, the users will be denied access to the resources.

Parameters:: userIdentity - user to authorize, or null for anonymous users; ids - Collection of DocIds that need to be checked
Returns:: an AuthzStatus for each DocId provided in ids
Throws:: IOException