public interface AuthzAuthority
Instances of this interface are typically registered with AdaptorContext.setAuthzAuthority(com.google.enterprise.adaptor.AuthzAuthority).
| Modifier and Type | Method and Description |
|---|---|
Map<DocId,AuthzStatus> |
isUserAuthorized(AuthnIdentity userIdentity,
Collection<DocId> ids)
Determines whether the user identified is allowed to access the
DocIds. |
Map<DocId,AuthzStatus> isUserAuthorized(AuthnIdentity userIdentity, Collection<DocId> ids) throws IOException
DocIds. The user is either anonymous or assumed to be previously
authenticated. If an anonymous user is denied access to a document, then
the caller may prompt the user to go through an authentication process and
then try again.
Returns AuthzStatus.PERMIT for DocIds the user is
allowed to access. Retutrns AuthzStatus.DENY for DocIds the
user is not allowed to access. If the document exists, AuthzStatus.INDETERMINATE will not be returned for that DocId.
If the document doesn't exist, then there are several possibilities. If
the repository is fully-public then it will return PERMIT. This
will allow the caller to provide a cached version of the file to the user
or call Adaptor.getDocContent(com.google.enterprise.adaptor.Request, com.google.enterprise.adaptor.Response) which should call Response.respondNotFound(). If the adaptor is not sensitive to users knowing
that certain documents do not exist, then it will return INDETERMINATE. This will be interpreted as the document does not exist; no
cached copy will be provided to the user but the user may be informed the
document doesn't exist. Highly sensitive repositories may return DENY.
If you experience a fatal error, feel free to throw an IOException or RuntimeException. In the case of an error, the
users will be denied access to the resources.
userIdentity - user to authorize, or null for anonymous
usersids - Collection of DocIds that need to be checkedAuthzStatus for each DocId provided in idsIOException - on failure