Package com.cedarpolicy

Interface AuthorizationEngine

All Known Implementing Classes:

BasicAuthorizationEngine

public interface AuthorizationEngine

Implementations of the AuthorizationEngine interface invoke Cedar to respond to an authorization or validation request. For authorization, the input includes the relevant slice of the policy for Cedar to consider. Clients can provide a slice in the form of Java objects constructed by the API, which will be converted to JSON internally. It is the client’s responsibility to ensure that all relevant policy information is within the slice.

Note that Cedar does not have intrinsic limits on the sizes / number of policies. We could not set such a limit as well as you, the user of the Cedar library. As such, it is your responsibility to choose and enforce these limits.

Method Summary

Modifier and Type	Method	Description
static String	getCedarLangVersion()	Get the Cedar language major version (e.g., "1.2") used by this CedarJava library.
AuthorizationResponse	isAuthorized(AuthorizationRequest request, Slice slice)	Asks whether the given AuthorizationRequest q is approved by the policies and entity hierarchy given in the slice.
ValidationResponse	validate(ValidationRequest request)	Asks whether the policies in the given ValidationRequest q are correct when validated against the schema it describes.

Method Details

isAuthorized

AuthorizationResponse isAuthorized(AuthorizationRequest request,
 Slice slice)
                            throws AuthException

Asks whether the given AuthorizationRequest q is approved by the policies and entity hierarchy given in the slice.

Parameters:

request - The request to evaluate

slice - The slice to evaluate against

Returns:

The result of the request evaluation

Throws:

AuthException - On failure to make the authorization request. Note that errors inside the authorization engine are included in the errors field on the AuthorizationResponse.

validate

ValidationResponse validate(ValidationRequest request)
                     throws AuthException

Asks whether the policies in the given ValidationRequest q are correct when validated against the schema it describes.

Parameters:

request - The request containing the policies to validate and the schema to validate them against.

Returns:

A ValidationResponse describing any validation errors found in the policies.

Throws:

BadRequestException - if any errors were found in the syntax of the policies.

AuthException - if any internal errors occurred while validating the policies.

getCedarLangVersion

static String getCedarLangVersion()

Get the Cedar language major version (e.g., "1.2") used by this CedarJava library.

Returns:

The Cedar language major version supported