/* Copyright (c) 2001 - 2007 TOPP - www.openplans.org. All rights reserved.
* This code is licensed under the GPL 2.0 license, available at the root
* application directory.
*/
package org.geoserver.xacml.role;
import org.springframework.security.Authentication;
import org.springframework.security.userdetails.UserDetails;
/**
* A RoleAssignmentAuthority is NOT responsible for assignment from roles to subjects
*
*
* The purpose of this Authority is
*
* 1) add needed role parameters 2) check against the XACML repository if the role is enabled (e.g
* the role is enabled only between 8:00 and 16:00)
*
* Some important notes about the XACML RBAC role specification
*
* 1) Each role has a "role permission set". Roles for themselves are not hierarchical, but the
* permission sets are. Permission sets can also use multiple inheritance.
*
* 2) According to 1) if a parent role is disabled (e.g time constraints), the current role is not
*
* 3) According to 1) role parameters are not inherited, you have to specify the whole set of role
* parameters for each role
*
* @author Christian Mueller
*
*/
public interface XACMLRoleAuthority {
public void prepareRoles(Authentication auth);
public <T extends UserDetails> void transformUserDetails(T details);
}