3232 * will also need information about the resources that are being accessed. Using the user information and the resource
3333 * information, the implementation should return an access control decision.
3434 * <P>
35- * Implementers are encouraged to implement the ESAPI access control methods , like assertAuthorizedForFunction() using
35+ * Implementers are encouraged to implement the ESAPI access control rules , like assertAuthorizedForFunction() using
3636 * existing access control mechanisms, such as methods like isUserInRole() or hasPrivilege(). While powerful,
3737 * methods like isUserInRole() can be confusing for developers, as users may be in multiple roles or possess multiple
3838 * overlapping privileges. Direct use of these finer grained access control methods encourages the use of complex boolean
3939 * tests throughout the code, which can easily lead to developer mistakes.
4040 * <P>
4141 * The point of the ESAPI access control interface is to centralize access control logic behind easy to use calls like
42- * assertAuthorizedForData () so that access control is easy to use and easy to verify. Here is an example of a very
42+ * assertAuthorized () so that access control is easy to use and easy to verify. Here is an example of a very
4343 * straightforward to implement, understand, and verify ESAPI access control check:
4444 *
4545 * <pre>
4646 * try {
47- * ESAPI.accessController().assertAuthorizedForFunction( BUSINESS_FUNCTION );
47+ * ESAPI.accessController().assertAuthorized("businessFunction", runtimeData );
4848 * // execute BUSINESS_FUNCTION
4949 * } catch (AccessControlException ace) {
5050 * ... attack in progress
5858 * repeated in both the business logic and data layers.
5959 *
6060 * <pre>
61- * <% if ( ESAPI.accessController().isAuthorizedForFunction( ADMIN_FUNCTION ) ) { %>
61+ * <% if ( ESAPI.accessController().isAuthorized( "businessFunction", runtimeData ) ) { %>
6262 * <a href="/doAdminFunction">ADMIN</a>
6363 * <% } else { %>
6464 * <a href="/doNormalFunction">NORMAL</a>
6565 * <% } %>
6666 * </pre>
6767 *
68- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
68+ * @author Mike H. Fauzy (mike.fauzy@aspectsecurity.com) ESAPI v1.6-
69+ * @author Jeff Williams (jeff.williams@aspectsecurity.com) ESAPI v0-1.5
6970 */
7071public interface AccessController {
7172
73+ /**
74+ * <code>isAuthorized</code> executes the <code>AccessControlRule</code>
75+ * that is identified by <code>key</code> and listed in the
76+ * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It returns
77+ * true if the <code>AccessControlRule</code> decides that the operation
78+ * should be allowed. Otherwise, it returns false. Any exception thrown by
79+ * the <code>AccessControlRule</code> must result in false. If
80+ * <code>key</code> does not map to an <code>AccessControlRule</code>, then
81+ * false is returned.
82+ *
83+ * Developers should call isAuthorized to control execution flow. For
84+ * example, if you want to decide whether to display a UI widget in the
85+ * browser using the same logic that you will use to enforce permissions
86+ * on the server, then isAuthorized is the method that you want to use.
87+ *
88+ * Typically, assertAuthorized should be used to enforce permissions on the
89+ * server.
90+ *
91+ * @param key <code>key</code> maps to
92+ * <code><AccessControlPolicy><AccessControlRules>
93+ * <AccessControlRule name="key"</code>
94+ * @param runtimeParameter runtimeParameter can contain anything that
95+ * the AccessControlRule needs from the runtime system.
96+ * @return Returns <code>true</code> if and only if the AccessControlRule specified
97+ * by <code>key</code> exists and returned <code>true</code>.
98+ * Otherwise returns <code>false</code>
99+ */
100+ public boolean isAuthorized (Object key , Object runtimeParameter );
101+
102+ /**
103+ * <code>assertAuthorized</code> executes the <code>AccessControlRule</code>
104+ * that is identified by <code>key</code> and listed in the
105+ * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It does
106+ * nothing if the <code>AccessControlRule</code> decides that the operation
107+ * should be allowed. Otherwise, it throws an
108+ * <code>org.owasp.esapi.errors.AccessControlException</code>. Any exception
109+ * thrown by the <code>AccessControlRule</code> will also result in an
110+ * <code>AccesControlException</code>. If <code>key</code> does not map to
111+ * an <code>AccessControlRule</code>, then an <code>AccessControlException
112+ * </code> is thrown.
113+ *
114+ * Developers should call assertAuthorized to enforce privileged access to
115+ * the system. It should be used to answer the question: "Should execution
116+ * continue." Ideally, the call to <code>assertAuthorized</code> should
117+ * be integrated into the application framework so that it is called
118+ * automatically.
119+ *
120+ * @param key <code>key</code> maps to
121+ * <AccessControlPolicy><AccessControlRules>
122+ * <AccessControlRule name="key"
123+ * @param runtimeParameter runtimeParameter can contain anything that
124+ * the AccessControlRule needs from the runtime system.
125+ * @return Returns <code>true</code> if and only if the AccessControlRule specified
126+ * by <code>key</code> exists and returned <code>true</code>.
127+ * Otherwise returns <code>false</code>
128+ */
129+ public void assertAuthorized (Object key , Object runtimeParameter )
130+ throws AccessControlException ;
131+
132+
133+
134+
135+ /*** Below this line has been deprecated as of ESAPI 1.6 ***/
136+
137+
138+
139+
72140 /**
73141 * Checks if the current user is authorized to access the referenced URL. Generally, this method should be invoked in the
74142 * application's controller or a filter as follows:
@@ -83,6 +151,7 @@ public interface AccessController {
83151 *
84152 * @return
85153 * true, if is authorized for URL
154+ * @deprecated
86155 */
87156 boolean isAuthorizedForURL (String url );
88157
@@ -97,6 +166,7 @@ public interface AccessController {
97166 *
98167 * @return
99168 * true, if is authorized for function
169+ * @deprecated
100170 */
101171 boolean isAuthorizedForFunction (String functionName );
102172
@@ -116,6 +186,7 @@ public interface AccessController {
116186 *
117187 * @return
118188 * true, if is authorized for the data
189+ * @deprecated
119190 */
120191 boolean isAuthorizedForData (String action , Object data );
121192
@@ -130,6 +201,7 @@ public interface AccessController {
130201 *
131202 * @return
132203 * true, if is authorized for the file
204+ * @deprecated
133205 */
134206 boolean isAuthorizedForFile (String filepath );
135207
@@ -145,6 +217,7 @@ public interface AccessController {
145217 *
146218 * @return
147219 * true, if is authorized for the service
220+ * @deprecated
148221 */
149222 boolean isAuthorizedForService (String serviceName );
150223
@@ -173,6 +246,7 @@ public interface AccessController {
173246 *
174247 * @throws AccessControlException
175248 * if access is not permitted
249+ * @deprecated
176250 */
177251 void assertAuthorizedForURL (String url ) throws AccessControlException ;
178252
@@ -201,6 +275,7 @@ public interface AccessController {
201275 *
202276 * @throws AccessControlException
203277 * if access is not permitted
278+ * @deprecated
204279 */
205280 void assertAuthorizedForFunction (String functionName ) throws AccessControlException ;
206281
@@ -230,6 +305,7 @@ public interface AccessController {
230305 *
231306 * @throws AccessControlException
232307 * if access is not permitted
308+ * @deprecated
233309 */
234310 void assertAuthorizedForData (String action , Object data ) throws AccessControlException ;
235311
@@ -255,6 +331,7 @@ public interface AccessController {
255331 * @param filepath
256332 * Path to the file to be checked
257333 * @throws AccessControlException if access is denied
334+ * @deprecated
258335 */
259336 void assertAuthorizedForFile (String filepath ) throws AccessControlException ;
260337
@@ -282,6 +359,7 @@ public interface AccessController {
282359 *
283360 * @throws AccessControlException
284361 * if access is not permitted
362+ * @deprecated
285363 */
286364 void assertAuthorizedForService (String serviceName ) throws AccessControlException ;
287365
0 commit comments