Class DSDChecker
- java.lang.Object
-
- org.apache.directory.fortress.core.impl.DSDChecker
-
- All Implemented Interfaces:
Validator
public class DSDChecker extends Object implements Validator
This class performs Dynamic Separation of Duty checking on a collection of roles targeted for activation within a particular user's session. This method is called fromVUtil.validateConstraints(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.VUtil.ConstraintType, boolean)
during createSession sequence for users. If DSD constraint violation is detected for a particular role method will remove the role from collection of activation candidates and log a warning. This proc will also consider hierarchical relations between roles (RBAC spec calls these authorized roles). This validator will ensure the role being targeted for activation does not violate RBAC dynamic separation of duty constraints.Constraint Targets include
User
maps to 'ftCstr' attribute on 'ftUserAttrs' object classUserRole
maps to 'ftRC' attribute on 'ftUserAttrs' object classRole
maps to 'ftCstr' attribute on 'ftRls' object classAdminRole
maps to 'ftCstr' attribute on 'ftRls' object classUserAdminRole
maps to 'ftARC' attribute on 'ftRls' object class
- Author:
- Apache Directory Project
-
-
Constructor Summary
Constructors Constructor Description DSDChecker()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description int
validate(Session session, Constraint constraint, Time time, VUtil.ConstraintType type)
This method is called during entity activation,VUtil.validateConstraints(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.VUtil.ConstraintType, boolean)
and ensures the role does not violate dynamic separation of duty constraints.
-
-
-
Method Detail
-
validate
public int validate(Session session, Constraint constraint, Time time, VUtil.ConstraintType type) throws SecurityException
This method is called during entity activation,VUtil.validateConstraints(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.VUtil.ConstraintType, boolean)
and ensures the role does not violate dynamic separation of duty constraints.- Specified by:
validate
in interfaceValidator
- Parameters:
session
- contains list of RBAC rolesUserRole
targeted for activation.constraint
- required for Validator interface, not used here..time
- required for Validator interface, not used here.type
- required by interface, not used here.- Returns:
- '0' if validation succeeds else
GlobalErrIds.ACTV_FAILED_DSD
if failed. - Throws:
SecurityException
- in the event of validation fails or system exception.
-
-