Extending UMA

AM exposes extension points that enable you to extend UMA services when built-in functionality does not fit your deployment.

AM provides a number of extension points for extending the UMA workflow that are provided as filters and that are dynamically loaded by using the Java ServiceLoader framework during the UMA workflow.

The extension points available are described in the sections below:

Resource Registration Extension Point

AM provides the ResourceRegistrationFilter extension point, which can be used to extend UMA resource registration functionality.

Resource Registration Extension Methods

Method	Parameters	Description
`beforeResourceRegistration`	resourceSet (type: `ResourceSetDescription`)	Invoked before a resource is registered in the backend. Changes made to the resourceSet object at this stage will be persisted.
`afterResourceRegistration`	resourceSet (type: `ResourceSetDescription`)	Invoked after a resource is registered in the backend. Changes made to the resourceSet object at this stage will not be persisted.

Permission Request Extension Point

AM provides the PermissionRequestFilter extension point, which can be used to extend UMA permission request functionality.

Permission Request Extension Methods

Method	Parameters	Description
`onPermissionRequest`	resourceSet (type: `ResourceSetDescription`) requestedScopes (type: `Set<String>`) requestingClientId (type: `String`)	Invoked before a permission request is created.

Authorization Request Extension Point

AM provides the RequestAuthorizationFilter extension point, which can be used to extend UMA authorization functionality.

Authorization Request Extension Methods

Method	Parameters	Description
`beforeAuthorization`	permissionTicket (type: `PermissionTicket`) requestingParty (type: `Subject`) resourceOwner (type: `Subject`) requestedScope (type: `Set<String>`)	Invoked before authorization of a request is attempted. Throws `UmaException` if authorization of the request should not be attempted.
`afterSuccessfulAuthorization`	permissionTicket (type: `PermissionTicket`) requestingParty (type: `Subject`) resourceOwner (type: `Subject`) requestedScope (type: `Set<String>`) grantedScope (type: `Set<String>`)	Invoked after a successful request authorization attempt.
`afterFailedAuthorization`	permissionTicket (type: `PermissionTicket`) requestingParty (type: `Subject`) resourceOwner (type: `Subject`) requestedScope (type: `Set<String>`)	Invoked after a failed request authorization attempt.

Resource Sharing Extension Point

AM provides the ResourceDelegationFilter extension point, which can be used to extend UMA resource sharing functionality.

Resource Sharing Extension Methods

Method	Parameters	Description
`beforeResourceShared`	umaPolicy (type: `UmaPolicy`)	Invoked before creating a sharing policy for a resource. Changes to the umaPolicy object at this stage will be persisted. Throws `ResourceException` if a sharing policy for the resource should not be created.
`afterResourceShared`	umaPolicy (type: `UmaPolicy`)	Invoked after creating a sharing policy for a resource. Changes to the umaPolicy object at this stage will not be persisted.
`beforeResourceSharedModification`	currentUmaPolicy (type: `UmaPolicy`) updatedUmaPolicy (type: `UmaPolicy`)	Invoked before altering the sharing policy of a resource. Changes to the updatedUmaPolicy object at this stage will be persisted. Throws `ResourceException` if the sharing policy of the resource should not be modified.
`onResourceSharedDeletion`	umaPolicy (type: `UmaPolicy`)	Invoked before deleting the sharing policy of a resource. Throws `ResourceException` if the sharing policy of the resource should not be deleted.
`beforeQueryResourceSets`	userId (type: `String`) queryFilter (type: `QueryFilter<JsonPointer>`)	Invoked before querying the resources owned or shared with a user. The userId parameter provides the ID of the user making the query request. The queryFilter parameter provides the incoming request query filter. Returns a `QueryFilter` that can be used to return the user's resources.