org.owasp.esapi
Interface AccessController

All Known Implementing Classes:

FileBasedAccessController

public interface AccessController

The IAccessController interface defines a set of methods that can be used in a wide variety of applications to enforce access control. In most applications, access control must be performed in multiple different locations across the various applicaton layers. This class provides access control for URLs, business functions, data, services, and files.

The implementation of this interface will need to access some sort of user information repository to determine what roles or permissions are assigned to the accountName passed into the various methods. In addition, the implementation will also need information about the resources that are being accessed. Using the user information and the resource information, the implementation should return an access control decision.

Implementers are encouraged to build on existing access control mechanisms, such as methods like isUserInRole() or hasPrivilege(). While powerful, these methods can be confusing, as users may be in multiple roles or possess multiple overlapping privileges. These methods encourage the use of complex boolean tests throughout the code. The point of this interface is to centralize access control logic so that it is easy to use and easy to verify.

 try {
     ESAPI.accessController().assertAuthorizedForFunction( BUSINESS_FUNCTION );
     // execute BUSINESS_FUNCTION
 } catch (AccessControlException ace) {
 ... attack in progress
 }
 

Note that in the user interface layer, access control checks can be used to control whether particular controls are rendered or not. These checks are supposed to fail when an unauthorized user is logged in, and do not represent attacks. Remember that regardless of how the user interface appears, an attacker can attempt to invoke any business function or access any data in your application. Therefore, access control checks in the user interface should be repeated in both the business logic and data layers.

 <% if ( ESAPI.accessController().isAuthorizedForFunction( ADMIN_FUNCTION ) ) { %>
 <a href="/doAdminFunction">ADMIN</a>
 <% } else { %>
 <a href="/doNormalFunction">NORMAL</a>
 <% } %>
 

Author:

Jeff Williams (jeff.williams@aspectsecurity.com)

Method Summary

void	assertAuthorizedForData(java.lang.String key) Checks if an account is authorized to access the referenced data.
void	assertAuthorizedForFile(java.lang.String filepath) Checks if an account is authorized to access the referenced file.
void	assertAuthorizedForFunction(java.lang.String functionName) Checks if an account is authorized to access the referenced function.
void	assertAuthorizedForService(java.lang.String serviceName) Checks if an account is authorized to access the referenced service.
void	assertAuthorizedForURL(java.lang.String url) Checks if an account is authorized to access the referenced URL.
boolean	isAuthorizedForData(java.lang.String key) Checks if an account is authorized to access the referenced data.
boolean	isAuthorizedForFile(java.lang.String filepath) Checks if an account is authorized to access the referenced file.
boolean	isAuthorizedForFunction(java.lang.String functionName) Checks if an account is authorized to access the referenced function.
boolean	isAuthorizedForService(java.lang.String serviceName) Checks if an account is authorized to access the referenced service.
boolean	isAuthorizedForURL(java.lang.String url) Checks if an account is authorized to access the referenced URL.

Method Detail

isAuthorizedForURL

public boolean isAuthorizedForURL(java.lang.String url)

Checks if an account is authorized to access the referenced URL. The implementation should allow access to be granted to any part of the URL. Generally, this method should be invoked in the application's controller or a filter as follows:

ESAPI.accessController().isAuthorizedForURL(request.getRequestURI().toString());

Returns:

true, if is authorized for URL

isAuthorizedForFunction

public boolean isAuthorizedForFunction(java.lang.String functionName)

Checks if an account is authorized to access the referenced function. The implementation should define the function "namespace" to be enforced. Choosing something simple like the classname of action classes or menu item names will make this implementation easier to use.

Parameters:

functionName - the function name

Returns:

true, if is authorized for function

isAuthorizedForData

public boolean isAuthorizedForData(java.lang.String key)

Checks if an account is authorized to access the referenced data. The implementation should define the data "namespace" to be enforced.

Parameters:

key - the key

Returns:

true, if is authorized for data

isAuthorizedForFile

public boolean isAuthorizedForFile(java.lang.String filepath)

Checks if an account is authorized to access the referenced file. The implementation should be extremely careful about canonicalization.

Parameters:

filepath - the filepath

Returns:

true, if is authorized for file

See Also:

Encoder.canonicalize(String)

isAuthorizedForService

public boolean isAuthorizedForService(java.lang.String serviceName)

Checks if an account is authorized to access the referenced service. This can be used in applications that provide access to a variety of backend services.

Parameters:

serviceName - the service name

Returns:

true, if is authorized for service

assertAuthorizedForURL

public void assertAuthorizedForURL(java.lang.String url)
                            throws AccessControlException

Checks if an account is authorized to access the referenced URL. The implementation should allow access to be granted to any part of the URL. Generally, this method should be invoked in the application's controller or a filter as follows:

ESAPI.accessController().assertAuthorizedForURL(request.getRequestURI().toString());

Parameters:

url - the url as returned by request.getRequestURI().toString()

Throws:

AccessControlException - if access is not permitted

assertAuthorizedForFunction

public void assertAuthorizedForFunction(java.lang.String functionName)
                                 throws AccessControlException

Checks if an account is authorized to access the referenced function. The implementation should define the function "namespace" to be enforced. Choosing something simple like the classname of action classes or menu item names will make this implementation easier to use.

Parameters:

functionName - the function name

Throws:

AccessControlException - if access is not permitted

assertAuthorizedForData

public void assertAuthorizedForData(java.lang.String key)
                             throws AccessControlException

Checks if an account is authorized to access the referenced data. The implementation should define the data "namespace" to be enforced.

Parameters:

key - the key

Throws:

AccessControlException - is access is not permitted

assertAuthorizedForFile

public void assertAuthorizedForFile(java.lang.String filepath)
                             throws AccessControlException

Checks if an account is authorized to access the referenced file. The implementation should be extremely careful about canonicalization.

Parameters:

filepath - the filepath

Throws:

AccessControlException - is access is not permitted

See Also:

Encoder.canonicalize(String)

assertAuthorizedForService

public void assertAuthorizedForService(java.lang.String serviceName)
                                throws AccessControlException

Checks if an account is authorized to access the referenced service. This can be used in applications that provide access to a variety of backend services.

Parameters:

serviceName - the service name

Throws:

AccessControlException