public interface AccessMgr extends Manageable
This interface's implementer will NOT be thread safe if parent instance variables (Manageable.setContextId(String)
or Manageable.setAdmin(org.apache.directory.fortress.core.model.Session)
) are set.
Modifier and Type | Method and Description |
---|---|
void |
addActiveRole(Session session,
UserRole role)
This function adds a role as an active role of a session whose owner is a given user.
|
Session |
authenticate(String userId,
char[] password)
Perform user authentication only.
|
Set<String> |
authorizedRoles(Session session)
This function returns the authorized roles associated with a session based on hierarchical relationships.
|
boolean |
checkAccess(Session session,
Permission perm)
Perform user RBAC authorization.
|
Session |
createSession(User user,
boolean isTrusted)
Perform user authentication
User.password and role activations.This method must be called once per user prior to calling other methods within this class. |
void |
dropActiveRole(Session session,
UserRole role)
This function deletes a role from the active role set of a session owned by a given user.
|
User |
getUser(Session session)
This function returns the user object that is contained within the session object.
|
String |
getUserId(Session session)
This function returns the userId value that is contained within the session object.
|
List<Permission> |
sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned
to its authorized roles.
|
List<UserRole> |
sessionRoles(Session session)
This function returns the active roles associated with a session.
|
setAdmin, setContextId
Session authenticate(String userId, char[] password) throws SecurityException
userId
- Contains the userid of the user signing on.password
- Contains the user's password.SecurityException
- in the event of data validation failure, security policy violation or DAO error.Session createSession(User user, boolean isTrusted) throws SecurityException
User.password
and role activations.Session
that contains target user's RBAC
User.roles
and Admin role User.adminRoles
.User.pwPolicy
.FortEntity
.
User.isLocked()
, regardless of trusted flag being set as parm
on API.
Constraint
(s) on User
, UserRole
and UserAdminRole
entities.
User.roles
.DSDChecker.validate(
org.apache.directory.fortress.core.model.Session,
org.apache.directory.fortress.core.model.Constraint,
org.apache.directory.fortress.core.util.time.Time,
org.apache.directory.fortress.core.util.VUtil.ConstraintType)
on
User.roles
.
User.adminRoles
.Session
containing
Session.getUser()
,
Session.getRoles()
and (if admin user)
Session.getAdminRoles()
if everything checks out good.
SecurityException
or its derivation.SecurityException
for system failures.PasswordException
for authentication and password policy violations.ValidationException
for data validation errors.FinderException
if User id not found.User.userId
- requiredUser.password
User.roles
contains a list of RBAC role names authorized for user
and targeted for activation within this session. Default is all authorized RBAC roles will be activated into this
Session.
User.adminRoles
contains a list of Admin role names authorized for
user and targeted for activation. Default is all authorized ARBAC roles will be activated into this Session.
User.props
collection of name value pairs collected on behalf of User during signon. For example
hostname:myservername or ip:192.168.1.99
User#setRole(String)
.
user
- Contains User.userId
, User.password
(optional if isTrusted
is 'true'), optional User.roles
, optional
User.adminRoles
isTrusted
- if true password is not required.Session.errorId
,
RBAC role activations Session.getRoles()
,
Admin Role activations Session.getAdminRoles()
,
OpenLDAP pw policy codes Session.warnings
,
Session.expirationSeconds
,
Session.graceLogins
and more.SecurityException
- in the event of data validation failure, security policy violation or DAO error.boolean checkAccess(Session session, Permission perm) throws SecurityException
perm
- must contain the object, Permission.objName
, and operation, Permission.opName
, of
permission User is trying to access.session
- This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean)
method before passing
into the method. No variables need to be set by client after returned from createSession.SecurityException
- in the event of data validation failure, security policy violation or DAO error.List<Permission> sessionPermissions(Session session) throws SecurityException
session
- This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean)
method before passing into the method. No variables need to be set by client after returned from createSession.SecurityException
- is thrown if runtime error occurs with system.List<UserRole> sessionRoles(Session session) throws SecurityException
session
- object contains the user's returned RBAC session from the createSession method.SecurityException
- is thrown if session invalid or system. error.Set<String> authorizedRoles(Session session) throws SecurityException
session
- object contains the user's returned RBAC session from the createSession method.SecurityException
- is thrown if session invalid or system. error.void addActiveRole(Session session, UserRole role) throws SecurityException
The function is valid if and only if:
session
- object contains the user's returned RBAC session from the createSession method.role
- object contains the role name, UserRole.name
, to be activated into session.SecurityException
- is thrown if user is not allowed to activate or runtime error occurs with system.void dropActiveRole(Session session, UserRole role) throws SecurityException
session
- object contains the user's returned RBAC session from the createSession method.role
- object contains the role name, UserRole.name
, to be
deactivated.SecurityException
- is thrown if user is not allowed to deactivate or runtime error occurs with system.String getUserId(Session session) throws SecurityException
session
- object contains the user's returned RBAC session from the createSession method.SecurityException
- is thrown if user session not active or runtime error occurs with system.User getUser(Session session) throws SecurityException
session
- object contains the user's returned RBAC session from the createSession method.SecurityException
- is thrown if user session not active or runtime error occurs with system.Copyright © 2003-2016, The Apache Software Foundation. All Rights Reserved. Generated 20160718-1621