public class Permission extends FortEntity implements Serializable
User
, Role
, Permission
, PwPolicy
SDSet
etc...) are used to carry
data between three Fortress layers, starting with the (1) Manager layer down thru middle (2) Process layer and it's
processing rules into (3) DAO layer where persistence with the LDAP server occurs.
AdminMgrImpl
,
AccessMgrImpl
,
ReviewMgrImpl
,...
UserP
,
RoleP
, PermP
,...
UserDAO
,
RoleDAO
, PermDAO
,...
setObjName(java.lang.String)
and setOpName(java.lang.String)
attributes set before passing into
AccessMgrImpl
APIs.
Create methods usually require more attributes (than Read) due to constraints enforced between entities.
setObjName(java.lang.String)
and setOpName(java.lang.String)
attributes set before calling
AccessMgrImpl.checkAccess(Session, Permission)
.
getRoles()
may be set after calling
ReviewMgrImpl.readPermission(Permission)
or
AccessMgrImpl.sessionPermissions(Session)
.
getUsers()
may be set after calling
ReviewMgrImpl.readPermission(Permission)
or
AccessMgrImpl.sessionPermissions(Session)
.
objName
and opName
.PermObj
and operations
Permission
.
PermObj
1<->* Operations Permission
users
.objName
, Operations opName
, Roles roles
, Users users
are not case
sensitive for reads or searches.
The application entity that requires authorization will be mapped to the PermObj
entity and the application's
methods or operation names will be mapped to Permission
entities.
For example, the application entity 'ShoppingCart' has 5 operations - 'create', 'read', 'update', 'delete' and 'checkout'.
The following code will create the permissions and perform the necessary grants.
try { // Instantiate the AdminMgr first AdminMgr adminMgr = AdminMgrFactory.createInstance(); // Now Instantiate the Object PermObj shoppingCart = new PermObj("ShoppingCart", "KillerBikes.com"); // Add it to the directory adminMgr.addPermObj(shoppingCart); // Now create the permission operations and grant to applicable roles: Permission create = new Permission(shoppingCart.getObjName(), "create"); adminMgr.addPermission(create); adminMgr.grantPermission(create, new Role("Customer")); Permission read = new Permission(shoppingCart.getObjName(), "read"); adminMgr.addPermission(read); adminMgr.grantPermission(read, new Role("Customer")); Permission update = new Permission(shoppingCart.getObjName(), "update"); adminMgr.addPermission(update); adminMgr.grantPermission(update, new Role("Admin")); Permission delete = new Permission(shoppingCart.getObjName(), "delete"); adminMgr.addPermission(delete); adminMgr.grantPermission(delete, new Role("Manager")); Permission checkout = new Permission(shoppingCart.getObjName(), "checkout"); adminMgr.addPermission(checkout); adminMgr.grantPermission(delete, new Role("Customer")); } catch (SecurityException ex) { // log or throw }
User
that activate 'Manager' role into their Sessions will be allowed access to 'ShoppingCart.delete'
permission.
User
that activate 'Admin' role may perform 'ShoppingCart.update'.User
with 'Customer' role may perform the 'ShoppingCart.create' 'ShoppingCart.read and
'ShoppingCart.checkout'.
Role
s must exist in ldap before assignment here, see javadoc Role
for details.organizationalRole
with
one extension structural class, ftOperation
, and two auxiliary object classes, ftProperties
, ftMods
.
The following 3 LDAP object classes will be mapped into this entity:
1. ftOperation
STRUCTURAL Object Class is assigned roles and/or users which grants permissions which can be later
checked using either 'checkAccess' or 'sessionPermissions APIs both methods that reside in the 'AccessMgrImpl' class.
------------------------------------------ Fortress Operation Structural Object Class objectclass ( 1.3.6.1.4.1.38088.2.3 NAME 'ftOperation' DESC 'Fortress Permission Operation Structural Object Class' SUP organizationalrole STRUCTURAL MUST ( ftId $ ftPermName $ ftObjNm $ ftOpNm ) MAY ( ftObjId $ ftRoles $ ftUsers $ ftType ) ) ------------------------------------------2.
ftProperties
AUXILIARY Object Class is used to store optional client or otherwise custom name/value pairs on
target entity.# This aux object class can be used to store custom attributes.
# The properties collections consist of name/value pairs and are not constrainted by Fortress.
------------------------------------------ AC2: Fortress Properties Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.2 NAME 'ftProperties' DESC 'Fortress Properties AUX Object Class' AUXILIARY MAY ( ftProps ) ) ------------------------------------------3.
ftMods
AUXILIARY Object Class is used to store Fortress audit variables on target entity.
------------------------------------------ Fortress Audit Modification Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.4 NAME 'ftMods' DESC 'Fortress Modifiers AUX Object Class' AUXILIARY MAY ( ftModifier $ ftModCode $ ftModId ) ) ------------------------------------------
adminSession, contextId, modCode, modId, sequenceId
Constructor and Description |
---|
Permission()
Default constructor is used by internal Fortress classes and not intended for external use.
|
Permission(String objName)
Constructor is used for APIs that do not require opName for example ARBAC canGrant/canRevoke.
|
Permission(String objName,
String opName)
This constructor is commonly used to create Permission that is a target for authorization API.
|
Permission(String objName,
String opName,
boolean admin)
This constructor adds the admin flag which is used to process as Administrative permission.
|
Permission(String objName,
String opName,
String objId)
This constructor adds the objId which is used for creating Permissions that have an identity.
|
Modifier and Type | Method and Description |
---|---|
void |
addProperties(Properties props)
Add new collection of name/value pairs to attributes associated with Permission.
|
void |
addProperty(String key,
String value)
Add name/value pair to list of properties associated with Permission.
|
void |
delRole(String role)
Delete a Role name from list of Roles that are valid for this Permission.
|
boolean |
equals(Object o)
Matches the objName, opName and objId from two Permission entities.
|
String |
getAbstractName()
Return the Permission's abstract name which is the value of objName concatenated with OpName, i.e.
|
String |
getDescription()
Return the description field on this entity.
|
String |
getDn() |
String |
getInternalId()
Return the internal id that is associated with Permission.
|
String |
getObjId()
Get optional objId attribute which can be used to tag a Permission object with an identity, i.e.
|
String |
getObjName()
Get the authorization target's object name.
|
String |
getOpName()
Get the Permission operation name.
|
Properties |
getProperties()
Return the collection of name/value pairs to attributes associated with Permission.
|
String |
getProperty(String key)
Get a name/value pair attribute from list of properties associated with Permission.
|
Props |
getProps()
Gets the value of the Props property.
|
Set<String> |
getRoles()
Return the collection of optional Roles that have been loaded into this entity.
|
String |
getType()
Get the optional type name which is an unconstrained attribute on Permission entity.
|
Set<String> |
getUsers()
Return the collection of optional Users that have been loaded into this entity.
|
int |
hashCode() |
boolean |
isAdmin()
Determine if this Permission is for RBAC or ARBAC processing.
|
void |
setAbstractName(String abstractName)
Set the Permission's abstract name which is the value of objName concatenated with OpName, i.e.
|
void |
setAdmin(boolean admin)
Set will determine if this Permission is for RBAC or ARBAC processing.
|
void |
setDescription(String description)
Set the optional description field on this entity.
|
void |
setDn(String dn) |
void |
setInternalId()
This attribute is required but is set automatically by Fortress DAO class before object is persisted to ldap.
|
void |
setInternalId(String internalId)
Set the internal id that is associated with Permission.
|
void |
setObjId(String objId)
Set optional objId which can be used to tag a Permission object with an identity, i.e.
|
void |
setObjName(String objName)
This attribute is required and sets the authorization target object name.
|
void |
setOpName(String opName)
Set the Permission operation name.
|
void |
setProps(Props value)
Sets the value of the Props property.
|
void |
setRole(String role)
Add a Role name to list of Roles that are valid for this Permission.
|
void |
setRoles(Set<String> roles)
Set the collection of optional Roles that have been loaded into this entity.
|
void |
setType(String type)
Set the optional type name which is an unconstrained attribute on Permission entity.
|
void |
setUser(String user)
Add a UserId to list of Users that are valid for this Permission.
|
void |
setUsers(Set<String> users)
Set the collection of optional Users that have been loaded into this entity.
|
String |
toString() |
getAdminSession, getContextId, getModCode, getModId, getSequenceId, setAdminSession, setContextId, setModCode, setSequenceId
public Permission(String objName, String opName)
objName
- maps to 'ftObjNm' attribute in 'ftOperation' object class.opName
- maps to 'ftOpNm' attribute in 'ftOperation' object class.public Permission()
public Permission(String objName)
objName
- maps to 'ftObjNm' attribute in 'ftOperation' object class.public Permission(String objName, String opName, String objId)
objName
- maps to 'ftObjNm' attribute in 'ftOperation' object class.opName
- maps to 'ftOpNm' attribute in 'ftOperation' object class.objId
- maps to 'ftObjId' attribute in 'ftOperation' object class.public Permission(String objName, String opName, boolean admin)
objName
- maps to 'ftObjNm' attribute in 'ftOperation' object class.opName
- maps to 'ftOpNm' attribute in 'ftOperation' object class.admin
- attribute is used to specify the Permission is to be stored and processed in the Administrative RBAC data sets.public boolean isAdmin()
public void setAdmin(boolean admin)
admin
- contains is 'true' if ARBAC permission..public void setInternalId()
public void setInternalId(String internalId)
internalId
- maps to 'ftId' in 'ftObject' object class.public String getInternalId()
public String getOpName()
public void setOpName(String opName)
opName
- maps to 'ftOpNm' attribute in 'ftOperation' object class.public String getObjName()
public void setObjName(String objName)
objName
- The target object namepublic String getAbstractName()
public void setAbstractName(String abstractName)
abstractName
- maps to 'ftPermName' attribute in 'ftOperation' object class.public String getType()
public void setType(String type)
type
- maps to 'ftType' attribute in 'ftOperation' object class.public String getObjId()
public void setObjId(String objId)
objId
- maps to 'ftObjectId' attribute in 'ftOperation' object class.public void setRole(String role)
role
- maps to 'ftRoles' attribute in 'ftOperation' object class.public void delRole(String role)
role
- maps to 'ftRoles' attribute in 'ftOperation' object class.public Set<String> getRoles()
public void setRoles(Set<String> roles)
roles
- maps to 'ftRoles' attribute in 'ftOperation' object class.public void setUser(String user)
user
- maps to 'ftUsers' attribute in 'ftOperation' object class.public Set<String> getUsers()
public void setUsers(Set<String> users)
users
- maps to 'ftUsers' attribute in 'ftOperation' object class.public String getDn()
public void setDn(String dn)
public String getDescription()
public void setDescription(String description)
description
- String contains the description.public Props getProps()
Props
public void setProps(Props value)
value
- allowed object is
Props
public void addProperty(String key, String value)
key
- contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.value
- The property valuepublic String getProperty(String key)
key
- contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.public void addProperties(Properties props)
props
- contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.public Properties getProperties()
public boolean equals(Object o)
Copyright © 2003-2016, The Apache Software Foundation. All Rights Reserved. Generated 20160718-1621