public interface AccelMgr extends Manageable
This interface's implementer will NOT be thread safe if parent instance variables (Manageable.setContextId(String)
or Manageable.setAdmin(org.apache.directory.fortress.core.model.Session)
) are set.
Modifier and Type | Method and Description |
---|---|
void |
addActiveRole(Session session,
UserRole role)
This function adds a role as an active role of a session whose owner is a given user.
|
boolean |
checkAccess(Session session,
Permission perm)
Perform user RBAC authorization.
|
Session |
createSession(User user,
boolean isTrusted)
Perform user authentication
User.password and role activations. |
void |
deleteSession(Session session)
This function deletes a fortress session from the RBAC Policy Decision Point inside OpenLDAP RBAC Accelerator.
|
void |
dropActiveRole(Session session,
UserRole role)
This function deletes a role from the active role set of a session owned by a given user.
|
List<Permission> |
sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned
to its authorized roles.
|
List<UserRole> |
sessionRoles(Session session)
This function returns the active roles associated with a session.
|
setAdmin, setContextId
Session createSession(User user, boolean isTrusted) throws SecurityException
User.password
and role activations.
Session
that contains target user's RBAC
User.roles
and
Admin role User.adminRoles
.
User.pwPolicy
.
FortEntity
.
User.isLocked()
, regardless of trusted flag being set as parm
on API.
Constraint
(s) on User
, UserRole
and UserAdminRole
entities.
User.roles
.DSDChecker.validate(
org.apache.directory.fortress.core.model.Session,
org.apache.directory.fortress.core.model.Constraint,
org.apache.directory.fortress.core.util.time.Time,
org.apache.directory.fortress.core.util.VUtil.ConstraintType)
on User.roles
.
User.adminRoles
.Session
containing
Session.getUser()
,
Session.getRoles()
and (if admin user)
Session.getAdminRoles()
if everything checks out good.
SecurityException
or its derivation.SecurityException
for system failures.PasswordException
for authentication and password policy violations.ValidationException
for data validation errors.FinderException
if User id not found.User.userId
- requiredUser.password
User.roles
contains a list of RBAC role names authorized
for user and targeted for activation within this session. Default is all authorized RBAC roles will be
activated into this Session.
User.adminRoles
contains a list of Admin role names authorized
for user and targeted for activation. Default is all authorized ARBAC roles will be activated into this Session.
User.props
collection of name value pairs collected on behalf of User during signon. For example
hostname:myservername or ip:192.168.1.99
User#setRole(String)
.
user
- Contains User.userId
, User.password
(optional if isTrusted
is 'true'), optional User.roles
, optional
User.adminRoles
isTrusted
- if true password is not required.Session.errorId
,
RBAC role activations Session.getRoles()
,
Admin Role activations Session.getAdminRoles()
,
OpenLDAP pw policy codes Session.warnings
,
Session.expirationSeconds
,
Session.graceLogins
and more.SecurityException
- in the event of data validation failure, security policy violation or DAO error.void deleteSession(Session session) throws SecurityException
session
- object contains the user's returned RBAC session from the createSession method.SecurityException
- is thrown if session invalid or system. error.List<UserRole> sessionRoles(Session session) throws SecurityException
session
- object contains the user's returned RBAC session from the createSession method.SecurityException
- is thrown if session invalid or system. error.boolean checkAccess(Session session, Permission perm) throws SecurityException
perm
- must contain the object, Permission.objName
, and operation, Permission.opName
, of
permission User is trying to access.session
- This object must be instantiated by calling AccessMgr.createSession(org.apache.directory.fortress.core.model.User, boolean)
method before passing
into the method. No variables need to be set by client after returned from createSession.SecurityException
- in the event of data validation failure, security policy violation or DAO error.List<Permission> sessionPermissions(Session session) throws SecurityException
session
- This object must be instantiated by calling AccessMgr.createSession(org.apache.directory.fortress.core.model.User, boolean)
method before passing
into the method. No variables need to be set by client after returned from createSession.SecurityException
- is thrown if runtime error occurs with system.void addActiveRole(Session session, UserRole role) throws SecurityException
The function is valid if and only if:
session
- object contains the user's returned RBAC session from the createSession method.role
- object contains the role name, UserRole.name
, to be activated into session.SecurityException
- is thrown if user is not allowed to activate or runtime error occurs with system.void dropActiveRole(Session session, UserRole role) throws SecurityException
session
- object contains the user's returned RBAC session from the createSession method.role
- object contains the role name, UserRole.name
,
to be deactivated.SecurityException
- is thrown if user is not allowed to deactivate or runtime error occurs with system.Copyright © 2003-2016, The Apache Software Foundation. All Rights Reserved. Generated 20160718-1621