forked from ESAPI/esapi-java-legacy
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAccessController.java
More file actions
197 lines (181 loc) · 7.84 KB
/
Copy pathAccessController.java
File metadata and controls
197 lines (181 loc) · 7.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
/**
* OWASP Enterprise Security API (ESAPI)
*
* This file is part of the Open Web Application Security Project (OWASP)
* Enterprise Security API (ESAPI) project. For details, please see
* <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
*
* Copyright (c) 2007 - The OWASP Foundation
*
* The ESAPI is published by OWASP under the BSD license. You should read and accept the
* LICENSE before you use, modify, and/or redistribute this software.
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
* @created 2007
*/
package org.owasp.esapi;
import org.owasp.esapi.errors.AccessControlException;
/**
* The IAccessController interface defines a set of methods that can be used in a wide variety of applications to
* enforce access control. In most applications, access control must be performed in multiple different locations across
* the various applicaton layers. This class provides access control for URLs, business functions, data, services, and
* files.
* <P>
* <img src="doc-files/AccessController.jpg" height="600">
* <P>
* The implementation of this interface will need to access some sort of user information repository to determine what
* roles or permissions are assigned to the accountName passed into the various methods. In addition, the implementation
* will also need information about the resources that are being accessed. Using the user information and the resource
* information, the implementation should return an access control decision.
* <P>
* Implementers are encouraged to build on existing access control mechanisms, such as methods like isUserInRole() or
* hasPrivilege(). While powerful, these methods can be confusing, as users may be in multiple roles or possess multiple
* overlapping privileges. These methods encourage the use of complex boolean tests throughout the code. The point of
* this interface is to centralize access control logic so that it is easy to use and easy to verify.
*
* <pre>
* try {
* ESAPI.accessController().assertAuthorizedForFunction( BUSINESS_FUNCTION );
* // execute BUSINESS_FUNCTION
* } catch (AccessControlException ace) {
* ... attack in progress
* }
* </pre>
*
* Note that in the user interface layer, access control checks can be used to control whether particular controls are
* rendered or not. These checks are supposed to fail when an unauthorized user is logged in, and do not represent
* attacks. Remember that regardless of how the user interface appears, an attacker can attempt to invoke any business
* function or access any data in your application. Therefore, access control checks in the user interface should be
* repeated in both the business logic and data layers.
*
* <pre>
* <% if ( ESAPI.accessController().isAuthorizedForFunction( ADMIN_FUNCTION ) ) { %>
* <a href="/doAdminFunction">ADMIN</a>
* <% } else { %>
* <a href="/doNormalFunction">NORMAL</a>
* <% } %>
* </pre>
*
* @author Jeff Williams (jeff.williams@aspectsecurity.com)
*/
public interface AccessController {
/**
* Checks if an account is authorized to access the referenced URL. The implementation should allow
* access to be granted to any part of the URL. Generally, this method should be invoked in the
* application's controller or a filter as follows:
* <PRE>ESAPI.accessController().isAuthorizedForURL(request.getRequestURI().toString());</PRE>
*
* @param uri
* the uri as returned by request.getRequestURI().toString()
*
* @return
* true, if is authorized for URL
*/
boolean isAuthorizedForURL(String url);
/**
* Checks if an account is authorized to access the referenced function. The implementation should define the
* function "namespace" to be enforced. Choosing something simple like the classname of action classes or menu item
* names will make this implementation easier to use.
*
* @param functionName
* the function name
*
* @return
* true, if is authorized for function
*/
boolean isAuthorizedForFunction(String functionName);
/**
* Checks if an account is authorized to access the referenced data. The implementation should define the data
* "namespace" to be enforced.
*
* @param key
* the key
*
* @return
* true, if is authorized for data
*/
boolean isAuthorizedForData(String key);
/**
* Checks if an account is authorized to access the referenced file. The implementation should be extremely careful
* about canonicalization.
*
* @see org.owasp.esapi.Encoder#canonicalize(String)
*
* @param filepath
* the path of the file to be checked, including filename
*
* @return
* true, if is authorized for file
*/
boolean isAuthorizedForFile(String filepath);
/**
* Checks if an account is authorized to access the referenced service. This can be used in applications that
* provide access to a variety of backend services.
*
* @param serviceName
* the service name
*
* @return
* true, if is authorized for service
*/
boolean isAuthorizedForService(String serviceName);
/**
* Checks if an account is authorized to access the referenced URL. The implementation should allow
* access to be granted to any part of the URL. Generally, this method should be invoked in the
* application's controller or a filter as follows:
* <PRE>ESAPI.accessController().assertAuthorizedForURL(request.getRequestURI().toString());</PRE>
*
* @param url
* the url as returned by request.getRequestURI().toString()
*
* @throws AccessControlException
* if access is not permitted
*/
void assertAuthorizedForURL(String url) throws AccessControlException;
/**
* Checks if an account is authorized to access the referenced function. The implementation should define the
* function "namespace" to be enforced. Choosing something simple like the classname of action classes or menu item
* names will make this implementation easier to use.
*
* @param functionName
* the function name
*
* @throws AccessControlException
* if access is not permitted
*/
void assertAuthorizedForFunction(String functionName) throws AccessControlException;
/**
* Checks if an account is authorized to access the referenced data. The implementation should define the data
* "namespace" to be enforced.
*
* @param key
* the key
*
* @throws AccessControlException
* is access is not permitted
*/
void assertAuthorizedForData(String key) throws AccessControlException;
/**
* Checks if an account is authorized to access the referenced file. The implementation should be extremely careful
* about canonicalization.
*
* @see org.owasp.esapi.Encoder#canonicalize(String)
*
* @param filepath
* the path of the file to be checked, including filename
*
* @throws AccessControlException
* is access is not permitted
*/
void assertAuthorizedForFile(String filepath) throws AccessControlException;
/**
* Checks if an account is authorized to access the referenced service. This can be used in applications that
* provide access to a variety of backend services.
*
* @param serviceName
* the service name
*
* @throws AccessControlException
*/
void assertAuthorizedForService(String serviceName) throws AccessControlException;
}