public class DSDChecker extends Object implements Validator
VUtil.validateConstraints(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.VUtil.ConstraintType, boolean)
during createSession sequence for users. If
DSD constraint violation is detected for a particular role method will remove the role from collection of activation
candidates and log a warning. This proc will also consider hierarchical relations between roles (RBAC spec calls these
authorized roles).
This validator will ensure the role being targeted for activation does not violate RBAC dynamic separation of duty
constraints.
User
maps to 'ftCstr' attribute on 'ftUserAttrs' object classUserRole
maps to 'ftRC' attribute on 'ftUserAttrs' object classRole
maps to 'ftCstr' attribute on 'ftRls' object classAdminRole
maps to 'ftCstr' attribute on 'ftRls' object classUserAdminRole
maps to 'ftARC' attribute on 'ftRls' object classConstructor and Description |
---|
DSDChecker() |
Modifier and Type | Method and Description |
---|---|
int |
validate(Session session,
Constraint constraint,
Time time,
VUtil.ConstraintType type)
This method is called during entity activation,
VUtil.validateConstraints(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.VUtil.ConstraintType, boolean) and ensures the role does not violate dynamic separation of duty constraints. |
public int validate(Session session, Constraint constraint, Time time, VUtil.ConstraintType type) throws SecurityException
VUtil.validateConstraints(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.VUtil.ConstraintType, boolean)
and ensures the role does not violate dynamic separation of duty constraints.validate
in interface Validator
session
- contains list of RBAC roles UserRole
targeted for activation.constraint
- required for Validator interface, not used here..time
- required for Validator interface, not used here.type
- required by interface, not used here.GlobalErrIds.ACTV_FAILED_DSD
if failed.SecurityException
- in the event of validation fails or system exception.Copyright © 2003-2016, The Apache Software Foundation. All Rights Reserved. Generated 20160718-1621