Authorization in Oware

Oware authorization occurs when an application calls the Oware security manager, OWSecurityManager. The basic process flow is the following:

1. Instantiate an OWSecurityManager.

2. Create an OWPermission object that contains the target and actions required for a successful authorization.

3. Get the Subject associated with the user (the security manager can do this for you in some cases).

4. Call the OWSecurityManager checkPerm() method.

5. checkPerm() returns silently if the authorization succeeds. It throws a security exception if the authorization fails.

Oware uses the standard Java permission model. A permission grants a Principal rights to perform specific Actions to a Target. As described in Authentication in Oware, a Principal is the identifier for the person, device, or process that tries some action. Actions are the Principal’s permitted operations. A Target is the identifier for the entity on which to do the Action. The combination of a small number of abstract Actions with an infinite number of concrete Targets allows for complete flexibility without requiring a large, extensible dictionary of Actions.

Consider the example, com.mycompany.myapp.rule1:

Joe#[ENTITY]#EXECUTE

Adam#com.mycompany.myapp.objectA.AcctBalance#READ,WRITE