CSI provides the capabilities API to allow a CSI client to interrogate the capabilities of the underlying providers within CSI.
A capability query result has a Boolean value, either true or false. Capabilities are dynamic and may change over time even within the same security context. Standard capabilities are defined in the com.sybase.security.Const class. Some of these are listed in the table below:
| Capability Name | Description |
|---|---|
| com.sybase.security.capabilities.provider.SelfRegistration | If the security context has the ability to
perform self registration, this capability is available. Note: Not used in SAP Mobile Platform.
|
| com.sybase.security.capabilities.provider.X509Authentication | If the security context is able to authenticate X.509 certificates, this capability is available. |
| com.sybase.security.capabilities.provider.PasswordChange | Not used in SAP Mobile Platform. |
| com.sybase.security.capabilities.provider.FineGrainAccessControl | The provider implements the checkAccess methods, not just the checkRole methods. |
The capability API supports provider-specific capabilities. This allows a provider to define its own set of capabilities that may be checked by SAP Mobile Platform. Providers can implement the com.sybase.security.provider.SecProviderCapabilites interface to respond to a capabilities query.
Capabilities API that may be implemented by providers is as follows:
package com.sybase.security.provider;
/**
* Optional provider interface that allows providers to respond to capability requests.
*/
public interface SecProviderCapabilities
{
/**
* Called when when building the capability set of a provider. The
* result of this call will not be cached by the SecContext implementation.
* @param context the context map
* @param capability the capability to check
* @throws SecException if some sort of error occurs that should abort
* the entire capability query.
*/
boolean hasCapability(Map<String, Object> context, String capability) throws SecException;
}
For example, a method implementation in a provider implements SecProviderCapabilities interface and supports certificate authentication capability:
public boolean hasCapability(Map<String, Object> context, String capability) throws SecException
{
if (capability.equals(CAPABILITY_X509_AUTHENTICATION))
{
return true;
}
return false;
}