|
| 1 | +package org.owasp.esapi.core.accesscontrol; |
| 2 | + |
| 3 | +/** |
| 4 | + * The AccessController interface defines a set of methods that can be used in a wide variety of applications to |
| 5 | + * enforce access control. In most applications, access control must be performed in multiple different locations across |
| 6 | + * the various application layers. |
| 7 | + * <P> |
| 8 | + * The implementation of this interface will need to access the current User object (from Authenticator.getCurrentUser()) |
| 9 | + * to determine roles or permissions. In addition, the implementation will also need information about the resources that |
| 10 | + * are being accessed. Using the user information and the resource information, the implementation should return an |
| 11 | + * access control decision. |
| 12 | + * <P> |
| 13 | + * The point of the ESAPI access control interface is to centralize access control logic behind easy to use calls like |
| 14 | + * assertAuthorized() so that access control is easy to use and easy to verify. Here is an example of a very |
| 15 | + * straightforward to implement, understand, and verify ESAPI access control check: |
| 16 | + * |
| 17 | + * <pre> |
| 18 | + * try { |
| 19 | + * ESAPI.accessController().assertAuthorized("businessFunction", runtimeData); |
| 20 | + * // execute BUSINESS_FUNCTION |
| 21 | + * } catch (AccessControlException ace) { |
| 22 | + * ... attack in progress |
| 23 | + * } |
| 24 | + * </pre> |
| 25 | + * |
| 26 | + * Note that in the user interface layer, access control checks can be used to control whether particular controls are |
| 27 | + * rendered or not. These checks are supposed to fail when an unauthorized user is logged in, and do not represent |
| 28 | + * attacks. Remember that regardless of how the user interface appears, an attacker can attempt to invoke any business |
| 29 | + * function or access any data in your application. Therefore, access control checks in the user interface should be |
| 30 | + * repeated in both the business logic and data layers. |
| 31 | + * |
| 32 | + * <pre> |
| 33 | + * <% if ( ESAPI.accessController().isAuthorized( "businessFunction", runtimeData ) ) { %> |
| 34 | + * <a href="/doAdminFunction">ADMIN</a> |
| 35 | + * <% } else { %> |
| 36 | + * <a href="/doNormalFunction">NORMAL</a> |
| 37 | + * <% } %> |
| 38 | + * </pre> |
| 39 | + * |
| 40 | + * @author Mike H. Fauzy ([email protected]) ESAPI v1.6- |
| 41 | + * @author Jeff Williams ([email protected]) ESAPI v0-1.5 |
| 42 | + * @author Chris Schmidt ([email protected]) ESAPI v3.0 |
| 43 | + */ |
| 44 | +public interface AccessController { |
| 45 | + /** |
| 46 | + * Developers should call isAuthorized to control execution flow. For |
| 47 | + * example, if you want to decide whether to display a UI widget in the |
| 48 | + * browser using the same logic that you will use to enforce permissions |
| 49 | + * on the server, then isAuthorized is the method that you want to use. |
| 50 | + * |
| 51 | + * Typically, assertAuthorized should be used to enforce permissions on the |
| 52 | + * server. |
| 53 | + * |
| 54 | + * @param key |
| 55 | + * @param runtimeParameter |
| 56 | + * @return |
| 57 | + */ |
| 58 | + public boolean isAuthorized(Object key, Object runtimeParameter); |
| 59 | + |
| 60 | + /** |
| 61 | + * Developers should call {@code assertAuthorized} to enforce privileged access to |
| 62 | + * the system. It should be used to answer the question: "Should execution |
| 63 | + * continue." Ideally, the call to <code>assertAuthorized</code> should |
| 64 | + * be integrated into the application framework so that it is called |
| 65 | + * automatically. |
| 66 | + * |
| 67 | + * @param key |
| 68 | + * @param runtimeParameter |
| 69 | + */ |
| 70 | + public void assertAuthorized(Object key, Object runtimeParameter) throws AccessControlException; |
| 71 | + |
| 72 | +} |
0 commit comments