Access Management 7.4.1

Extend UMA

AM exposes extension points that enable you to extend UMA services when built-in functionality does not fit your deployment.

AM provides a number of extension points for extending the UMA workflow that are provided as filters and that are dynamically loaded by using the Java ServiceLoader framework during the UMA workflow.

Resource registration extension point

Use the ResourceRegistrationFilter extension point to extend UMA resource registration functionality.

Resource registration extension methods
Method Parameters Description

beforeResourceRegistration

resourceSet (type: ResourceSetDescription)

Invoked before a resource is registered in the backend.

Changes made to the resourceSet object at this stage will be persisted.

afterResourceRegistration

resourceSet (type: ResourceSetDescription)

Invoked after a resource is registered in the backend.

Changes made to the resourceSet object at this stage will not be persisted.

Permission request extension point

Use the PermissionRequestFilter extension point to extend UMA permission request functionality.

Permission request extension methods
Method Parameters Description

onPermissionRequest

resourceSet (type: ResourceSetDescription)

requestedScopes (type: Set<String>)

requestingClientId (type: String)

Invoked before a permission request is created.

Authorization request extension point

Use the RequestAuthorizationFilter extension point to extend UMA authorization functionality.

Authorization request extension methods
Method Parameters Description

beforeAuthorization

permissionTicket (type: PermissionTicket)

requestingParty (type: Subject)

resourceOwner (type: Subject)

requestedScope (type: Set<String>)

Invoked before authorization of a request is attempted.

Throws UmaException if authorization of the request should not be attempted.

afterSuccessfulAuthorization

permissionTicket (type: PermissionTicket)

requestingParty (type: Subject)

resourceOwner (type: Subject)

requestedScope (type: Set<String>)

grantedScope (type: Set<String>)

Invoked after a successful request authorization attempt.

afterFailedAuthorization

permissionTicket (type: PermissionTicket)

requestingParty (type: Subject)

resourceOwner (type: Subject)

requestedScope (type: Set<String>)

Invoked after a failed request authorization attempt.

Resource sharing extension point

Use the ResourceDelegationFilter extension point to extend UMA resource sharing functionality.

Resource sharing extension methods
Method Parameters Description

beforeResourceShared

umaPolicy (type: UmaPolicy)

Invoked before creating a sharing policy for a resource.

Changes to the umaPolicy object at this stage will be persisted.

Throws ResourceException if a sharing policy for the resource should not be created.

afterResourceShared

umaPolicy (type: UmaPolicy)

Invoked after creating a sharing policy for a resource.

Changes to the umaPolicy object at this stage will not be persisted.

beforeResourceSharedModification

currentUmaPolicy (type: UmaPolicy)

updatedUmaPolicy (type: UmaPolicy)

Invoked before altering the sharing policy of a resource.

Changes to the updatedUmaPolicy object at this stage will be persisted.

Throws ResourceException if the sharing policy of the resource should not be modified.

onResourceSharedDeletion

umaPolicy (type: UmaPolicy)

Invoked before deleting the sharing policy of a resource.

Throws ResourceException if the sharing policy of the resource should not be deleted.

beforeQueryResourceSets

userId (type: String)

queryFilter (type: QueryFilter<JsonPointer>)

Invoked before querying the resources owned or shared with a user.

The userId parameter provides the ID of the user making the query request.

The queryFilter parameter provides the incoming request query filter.

Returns a QueryFilter that can be used to return the user’s resources.

Copyright © 2010-2024 ForgeRock, all rights reserved.