public class AccelMgrImpl extends Manageable implements AccelMgr, Serializable
This class is NOT thread safe if parent instance variables (Manageable.contextId
or Manageable.adminSess
) are set.
adminSess, contextId
Constructor and Description |
---|
AccelMgrImpl()
package private constructor ensures outside classes must use factory:
AccelMgrFactory |
Modifier and Type | Method and Description |
---|---|
void |
addActiveRole(Session session,
UserRole role)
This function adds a role as an active role of a session whose owner is a given user.
|
boolean |
checkAccess(Session session,
Permission perm)
Perform user RBAC authorization.
|
Session |
createSession(User user,
boolean isTrusted)
Perform user authentication
User.password and role activations. |
void |
deleteSession(Session session)
This function deletes a fortress session from the RBAC Policy Decision Point inside OpenLDAP RBAC Accelerator.
|
void |
dropActiveRole(Session session,
UserRole role)
This function deletes a role from the active role set of a session owned by a given user.
|
List<Permission> |
sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned
to its authorized roles.
|
List<UserRole> |
sessionRoles(Session session)
This function returns the active roles associated with a session.
|
assertContext, assertContext, checkAccess, getFullMethodName, setAdmin, setAdminData, setContextId, setEntitySession
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
setAdmin, setContextId
public AccelMgrImpl()
AccelMgrFactory
public Session createSession(User user, boolean isTrusted) throws SecurityException
User.password
and role activations.
Session
that contains target user's RBAC
User.roles
and
Admin role User.adminRoles
.
User.pwPolicy
.
FortEntity
.
User.isLocked()
, regardless of trusted flag being set as parm
on API.
Constraint
(s) on User
, UserRole
and UserAdminRole
entities.
User.roles
.DSDChecker.validate(
org.apache.directory.fortress.core.model.Session,
org.apache.directory.fortress.core.model.Constraint,
org.apache.directory.fortress.core.util.time.Time,
org.apache.directory.fortress.core.util.VUtil.ConstraintType)
on User.roles
.
User.adminRoles
.Session
containing
Session.getUser()
,
Session.getRoles()
and (if admin user)
Session.getAdminRoles()
if everything checks out good.
SecurityException
or its derivation.SecurityException
for system failures.PasswordException
for authentication and password policy violations.ValidationException
for data validation errors.FinderException
if User id not found.User.userId
- requiredUser.password
User.roles
contains a list of RBAC role names authorized
for user and targeted for activation within this session. Default is all authorized RBAC roles will be
activated into this Session.
User.adminRoles
contains a list of Admin role names authorized
for user and targeted for activation. Default is all authorized ARBAC roles will be activated into this Session.
User.props
collection of name value pairs collected on behalf of User during signon. For example
hostname:myservername or ip:192.168.1.99
User#setRole(String)
.
createSession
in interface AccelMgr
user
- Contains User.userId
, User.password
(optional if isTrusted
is 'true'), optional User.roles
, optional
User.adminRoles
isTrusted
- if true password is not required.Session.errorId
,
RBAC role activations Session.getRoles()
,
Admin Role activations Session.getAdminRoles()
,
OpenLDAP pw policy codes Session.warnings
,
Session.expirationSeconds
,
Session.graceLogins
and more.SecurityException
- in the event of data validation failure, security policy violation or DAO error.public void deleteSession(Session session) throws SecurityException
deleteSession
in interface AccelMgr
session
- object contains the user's returned RBAC session from the createSession method.SecurityException
- is thrown if session invalid or system. error.public List<UserRole> sessionRoles(Session session) throws SecurityException
sessionRoles
in interface AccelMgr
session
- object contains the user's returned RBAC session from the createSession method.SecurityException
- is thrown if session invalid or system. error.public boolean checkAccess(Session session, Permission perm) throws SecurityException
checkAccess
in interface AccelMgr
session
- This object must be instantiated by calling AccessMgr.createSession(org.apache.directory.fortress.core.model.User, boolean)
method before passing
into the method. No variables need to be set by client after returned from createSession.perm
- must contain the object, Permission.objName
, and operation, Permission.opName
, of
permission User is trying to access.SecurityException
- in the event of data validation failure, security policy violation or DAO error.public List<Permission> sessionPermissions(Session session) throws SecurityException
sessionPermissions
in interface AccelMgr
session
- This object must be instantiated by calling AccessMgr.createSession(org.apache.directory.fortress.core.model.User, boolean)
method before passing
into the method. No variables need to be set by client after returned from createSession.SecurityException
- is thrown if runtime error occurs with system.public void addActiveRole(Session session, UserRole role) throws SecurityException
The function is valid if and only if:
addActiveRole
in interface AccelMgr
session
- object contains the user's returned RBAC session from the createSession method.role
- object contains the role name, UserRole.name
, to be activated into session.SecurityException
- is thrown if user is not allowed to activate or runtime error occurs with system.public void dropActiveRole(Session session, UserRole role) throws SecurityException
dropActiveRole
in interface AccelMgr
session
- object contains the user's returned RBAC session from the createSession method.role
- object contains the role name, UserRole.name
,
to be deactivated.SecurityException
- is thrown if user is not allowed to deactivate or runtime error occurs with system.Copyright © 2003-2016, The Apache Software Foundation. All Rights Reserved. Generated 20160718-1621