Uses of Class
org.apache.directory.fortress.core.SecurityException
-
Packages that use SecurityException Package Description org.apache.directory.fortress.core This package contains public APIs that are used by Java programs to provide Access Management functionality.org.apache.directory.fortress.core.impl This package contains the fortress implementation classes for data persistence with the LDAP server.org.apache.directory.fortress.core.rest This package uses Commons HTTP to provide HTTP functionality that is reused across several components in this package.org.apache.directory.fortress.core.util This package contains miscellaneous utilities used by internal fortress procedures.org.apache.directory.fortress.core.util.time This package contains utilities used to process fortress temporal constraint checks on entities being activated within the runtime system. -
-
Uses of SecurityException in org.apache.directory.fortress.core
Subclasses of SecurityException in org.apache.directory.fortress.core Modifier and Type Class Description class
AuthorizationException
This exception extendsSecurityException
and is thrown when administrative permission check fails.class
CfgException
This exception extendsSecurityException
and is thrown when Fortress cannot find correct cfg for a particular entity.class
CreateException
This exception extendsSecurityException
and is thrown when DAO cannot create entity.class
FinderException
This exception extendsSecurityException
and is thrown when DAO cannot find entity.class
PasswordException
This exception extendsSecurityException
and is thrown when password check fails.class
RemoveException
This exception extendsSecurityException
and is thrown when DAO cannot delete entity.class
RestException
This exception extendsSecurityException
and is thrown when Fortress cannot call Fortress Rest to perform a particular operation via RESTful interface.class
UpdateException
This exception extendsSecurityException
and is thrown when DAO cannot update entity.class
ValidationException
This exception extendsSecurityException
and is thrown when Fortress cannot validate entity.Methods in org.apache.directory.fortress.core that throw SecurityException Modifier and Type Method Description Configuration
ConfigMgr. add(Configuration cfg)
Create a new cfg node with given name and properties.OrgUnit
DelAdminMgr. add(OrgUnit entity)
Commands adds a new OrgUnit entity to OrgUnit dataset.Group
GroupMgr. add(Group group)
Create a new group node.,Group
GroupMgr. add(Group group, String key, String value)
Add a property to an existing group node.FortEntity
PropertyMgr. add(FortEntity entity, Properties props)
Adds properties (ftProps) to a supplied fortress entity (Group, Role, AdminRole, Permission, PermObj)void
PwPolicyMgr. add(PwPolicy policy)
This method will add a new policy entry to the POLICIES data set.void
AccelMgr. addActiveRole(Session session, UserRole role)
This function adds a role as an active role of a session whose owner is a given user.void
AccessMgr. addActiveRole(Session session, UserRole role)
This function adds a role as an active role of a session whose owner is a given user.void
DelAccessMgr. addActiveRole(Session session, UserAdminRole role)
This function adds an adminRole as an active role of a session whose owner is a given user.void
AdminMgr. addAscendant(Role childRole, Role parentRole)
This command creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of the existing role childRole.void
DelAdminMgr. addAscendant(AdminRole childRole, AdminRole parentRole)
This command creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of the existing role childRole.void
DelAdminMgr. addAscendant(OrgUnit child, OrgUnit parent)
This command creates a new orgunit parent, and inserts it in the orgunit hierarchy as an immediate ascendant of the existing child orgunit.void
AdminMgr. addDescendant(Role parentRole, Role childRole)
This command creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of the existing role parentRole.void
DelAdminMgr. addDescendant(AdminRole parentRole, AdminRole childRole)
This command creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of the existing role parentRole.void
DelAdminMgr. addDescendant(OrgUnit parent, OrgUnit child)
This command creates a new orgunit child, and inserts it in the orgunit hierarchy as an immediate descendant of the existing orgunit parent.SDSet
AdminMgr. addDsdRoleMember(SDSet dsdSet, Role role)
This command adds a role to a named DSD set of roles.void
AdminMgr. addInheritance(Role parentRole, Role childRole)
This command establishes a new immediate inheritance relationship parentRole <<-- childRole between existing roles parentRole, childRole.void
DelAdminMgr. addInheritance(AdminRole parentRole, AdminRole childRole)
This command establishes a new immediate inheritance relationship parentRole <<-- childRole between existing roles parentRole, childRole.void
DelAdminMgr. addInheritance(OrgUnit parent, OrgUnit child)
This command establishes a new immediate inheritance relationship with parent orgunit <<-- child orgunitPermission
AdminMgr. addPermission(Permission perm)
This method will add permission operation to an existing permission object which resides underou=Permissions,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.Permission
DelAdminMgr. addPermission(Permission perm)
This method will add an administrative permission operation to an existing permission object which resides underou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com
container in directory information tree.PermissionAttributeSet
AdminMgr. addPermissionAttributeSet(PermissionAttributeSet permAttributeSet)
This method will create a new permission attribute set object with resides under theou=Constraints,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.PermissionAttribute
AdminMgr. addPermissionAttributeToSet(PermissionAttribute permAttribute, String attributeSetName)
This method adds a permission attribute (ftPA) to a permission attribute set.PermObj
AdminMgr. addPermObj(PermObj pObj)
This method will add permission object to perms container in directory.PermObj
DelAdminMgr. addPermObj(PermObj pObj)
This method will add administrative permission object to admin perms container in directory.Role
AdminMgr. addRole(Role role)
This command creates a new role.AdminRole
DelAdminMgr. addRole(AdminRole role)
This command creates a new admin role.RoleConstraint
AdminMgr. addRoleConstraint(UserRole uRole, RoleConstraint roleConstraint)
This method adds a roleConstraint (ftRC) to the user ldap entry.SDSet
AdminMgr. addSsdRoleMember(SDSet ssdSet, Role role)
This command adds a role to a named SSD set of roles.User
AdminMgr. addUser(User user)
This command creates a new RBAC user.Group
GroupMgr. assign(Group group, String member)
Assign a user to an existing group node.List<UserAdminRole>
DelReviewMgr. assignedRoles(User user)
This function returns the set of admin roles assigned to a given user.List<String>
ReviewMgr. assignedRoles(String userId)
This function returns the set of roles assigned to a given user.List<UserRole>
ReviewMgr. assignedRoles(User user)
This function returns the set of roles assigned to a given user.List<User>
DelReviewMgr. assignedUsers(AdminRole role)
This method returns the data set of all users who are assigned the given admin role.List<User>
ReviewMgr. assignedUsers(Role role)
This method returns the data set of all users who are assigned the given role.List<String>
ReviewMgr. assignedUsers(Role role, int limit)
This function returns the set of users assigned to a given role.List<User>
ReviewMgr. assignedUsers(Role role, RoleConstraint roleConstraint)
This method returns the data set of all users who are assigned the given role.List<UserRole>
ReviewMgr. assignedUsers(Role role, RoleConstraint.RCType rcType, String paSetName)
This method returns the user roles for all users who have the given role, with a specified constraint type and permission attribute set name.void
AdminMgr. assignUser(UserRole uRole)
This command assigns a user to a role.void
DelAdminMgr. assignUser(UserAdminRole uAdminRole)
This command assigns a user to an admin role.Session
AccessMgr. authenticate(String userId, String password)
Perform user authentication only.Set<String>
DelAccessMgr. authorizedAdminRoles(Session session)
This function returns the authorized admin roles associated with a session based on hierarchical relationships.Set<String>
ReviewMgr. authorizedPermissionRoles(Permission perm)
Return all role names that have been authorized for a given permission.Set<String>
ReviewMgr. authorizedPermissionUsers(Permission perm)
Return all userIds that have been authorized for a given permission.Set<String>
AccessMgr. authorizedRoles(Session session)
This function returns the authorized roles associated with a session based on hierarchical relationships.Set<String>
ReviewMgr. authorizedRoles(User user)
This function returns the set of roles authorized for a given user.List<User>
ReviewMgr. authorizedUsers(Role role)
This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that inherits the given role.boolean
DelAccessMgr. canAdd(Session session, User user)
This function will determine if the user contains an AdminRole that is authorized to add a new User.boolean
DelAccessMgr. canAssign(Session session, User user, Role role)
This function will determine if the user contains an AdminRole that is authorized assignment control over User-Role Assignment (URA).boolean
DelAccessMgr. canDeassign(Session session, User user, Role role)
This function will determine if the user contains an AdminRole that is authorized revoke control over User-Role Assignment (URA).boolean
DelAccessMgr. canEdit(Session session, User user)
This function will determine if the user contains an AdminRole that is authorized update/delete control over User.boolean
DelAccessMgr. canGrant(Session session, Role role, Permission perm)
This function will determine if the user contains an AdminRole that is authorized assignment control over Permission-Role Assignment (PRA).boolean
DelAccessMgr. canRevoke(Session session, Role role, Permission perm)
This function will determine if the user contains an AdminRole that is authorized revoke control over Permission-Role Assignment (PRA).void
AdminMgr. changePassword(User user, String newPassword)
Method will change user's password.boolean
AccelMgr. checkAccess(Session session, Permission perm)
Perform user RBAC authorization.boolean
AccessMgr. checkAccess(Session session, Permission perm)
Perform user RBAC authorization.boolean
AccessMgr. checkAccess(User user, Permission perm, boolean isTrusted)
Combine createSession and checkAccess into a single method.boolean
DelAccessMgr. checkAccess(Session session, Permission perm)
This function returns a Boolean value meaning whether the subject of a given session is allowed or not to perform a given operation on a given object.SDSet
AdminMgr. createDsdSet(SDSet dsdSet)
This command creates a named DSD set of roles and sets an associated cardinality n.static AccelMgr
AccelMgrFactory. createInstance()
Create and return a reference toAccelMgr
object using HOME context.static AccelMgr
AccelMgrFactory. createInstance(String contextId)
Create and return a reference toAccelMgr
object.static AccessMgr
AccessMgrFactory. createInstance()
Create and return a reference toAccessMgr
object using HOME context.static AccessMgr
AccessMgrFactory. createInstance(String contextId)
Create and return a reference toAccessMgr
object.static AdminMgr
AdminMgrFactory. createInstance()
Create and return a reference toAdminMgr
object using HOME context.static AdminMgr
AdminMgrFactory. createInstance(String contextId)
Create and return a reference toAdminMgr
object.static AdminMgr
AdminMgrFactory. createInstance(String contextId, Session adminSess)
Create and return a reference toAdminMgr
object.static AdminMgr
AdminMgrFactory. createInstance(Session adminSess)
Create and return a reference toAdminMgr
object using HOME context.static AuditMgr
AuditMgrFactory. createInstance()
Create and return a reference toAuditMgr
object using HOME context.static AuditMgr
AuditMgrFactory. createInstance(String contextId)
Create and return a reference toAuditMgr
object.static AuditMgr
AuditMgrFactory. createInstance(String contextId, Session adminSess)
Create and return a reference toAuditMgr
object.static AuditMgr
AuditMgrFactory. createInstance(Session adminSess)
Create and return a reference toAuditMgr
object using HOME context.static ConfigMgr
ConfigMgrFactory. createInstance()
Create and return a reference toConfigMgr
object.static ConfigMgr
ConfigMgrFactory. createInstance(String configClassName, boolean IS_REST)
static DelAccessMgr
DelAccessMgrFactory. createInstance()
Create and return a reference toDelAccessMgr
object using HOME context.static DelAccessMgr
DelAccessMgrFactory. createInstance(String contextId)
Create and return a reference toDelAccessMgr
object.static DelAccessMgr
DelAccessMgrFactory. createInstance(String contextId, Session adminSess)
Create and return a reference toDelAccessMgr
object.static DelAccessMgr
DelAccessMgrFactory. createInstance(Session adminSess)
Create and return a reference toDelAccessMgr
object using HOME context.static DelAdminMgr
DelAdminMgrFactory. createInstance()
Create and return a reference toDelAdminMgr
object using HOME context.static DelAdminMgr
DelAdminMgrFactory. createInstance(String contextId)
Create and return a reference toDelAdminMgr
object.static DelAdminMgr
DelAdminMgrFactory. createInstance(String contextId, Session adminSess)
Create and return a reference toDelAdminMgr
object.static DelAdminMgr
DelAdminMgrFactory. createInstance(Session adminSess)
Create and return a reference toDelAdminMgr
object using HOME context.static DelReviewMgr
DelReviewMgrFactory. createInstance()
Create and return a reference toDelReviewMgr
object using HOME context.static DelReviewMgr
DelReviewMgrFactory. createInstance(String contextId)
Create and return a reference toDelReviewMgr
object.static DelReviewMgr
DelReviewMgrFactory. createInstance(String contextId, Session adminSess)
Create and return a reference toDelReviewMgr
object.static DelReviewMgr
DelReviewMgrFactory. createInstance(Session adminSess)
Create and return a reference toDelReviewMgr
object using HOME context.static GroupMgr
GroupMgrFactory. createInstance()
Create and return a reference toGroupMgr
object using HOME context.static GroupMgr
GroupMgrFactory. createInstance(String contextId)
Create and return a reference toGroupMgr
object.static GroupMgr
GroupMgrFactory. createInstance(String contextId, Session adminSess)
Create and return a reference toGroupMgr
object.static GroupMgr
GroupMgrFactory. createInstance(Session adminSess)
Create and return a reference toGroupMgr
object using HOME context.static PropertyMgr
PropertyMgrFactory. createInstance()
Create and return a reference toPropertyMgr
object using HOME context.static PropertyMgr
PropertyMgrFactory. createInstance(String contextId)
Create and return a reference toPropertyMgr
object.static PropertyMgr
PropertyMgrFactory. createInstance(String contextId, Session adminSess)
Create and return a reference toPropertyMgr
object.static PropertyMgr
PropertyMgrFactory. createInstance(Session adminSess)
Create and return a reference toPropertyMgr
object using HOME context.static PwPolicyMgr
PwPolicyMgrFactory. createInstance()
Create and return a reference toPwPolicyMgr
object using HOME context.static PwPolicyMgr
PwPolicyMgrFactory. createInstance(String contextId)
Create and return a reference toPwPolicyMgr
object.static PwPolicyMgr
PwPolicyMgrFactory. createInstance(String contextId, Session adminSess)
Create and return a reference toPwPolicyMgr
object.static PwPolicyMgr
PwPolicyMgrFactory. createInstance(Session adminSess)
Create and return a reference toPwPolicyMgr
object using HOME context.static ReviewMgr
ReviewMgrFactory. createInstance()
Create and return a reference toReviewMgr
object using HOME context.static ReviewMgr
ReviewMgrFactory. createInstance(String contextId)
Create and return a reference toReviewMgr
object.static ReviewMgr
ReviewMgrFactory. createInstance(String contextId, Session adminSess)
Create and return a reference toReviewMgr
object.static ReviewMgr
ReviewMgrFactory. createInstance(Session adminSess)
Create and return a reference toReviewMgr
object using HOME context.Session
AccelMgr. createSession(User user, boolean isTrusted)
Perform user authentication User#password and role activations.Session
AccessMgr. createSession(Group group)
Session
AccessMgr. createSession(User user, boolean isTrusted)
Perform user authenticationUser.password
and role activations.
This method must be called once per user prior to calling other methods within this class.Session
AccessMgr. createSession(User user, List<RoleConstraint> constraints, boolean isTrusted)
Same asAccessMgr.createSession( User user, boolean isTrusted )
Plus constraint which places attribute key:value, e.g.SDSet
AdminMgr. createSsdSet(SDSet ssdSet)
This command creates a named SSD set of roles and sets the cardinality n of its subsets that cannot have common users.Group
GroupMgr. deassign(Group group, String member)
Deassign a member from an existing group node.void
AdminMgr. deassignUser(UserRole uRole)
This command deletes the assignment of the User from the Role entities.void
DelAdminMgr. deassignUser(UserAdminRole uAdminRole)
This method removes assigned admin role from user entity.void
ConfigMgr. delete(String name)
Completely removes named cfg node from the directory.void
ConfigMgr. delete(String name, Properties inProps)
Delete properties from existing cfg node.OrgUnit
DelAdminMgr. delete(OrgUnit entity)
Commands deletes existing OrgUnit entity to OrgUnit dataset.Group
GroupMgr. delete(Group group)
Delete existing group node.Group
GroupMgr. delete(Group group, String key, String value)
Delete existing group node.void
PropertyMgr. delete(FortEntity entity, Properties props)
Delete properties (ftProps) from a supplied fortress entity (Group, Role, AdminRole, Permission, PermObj)void
PwPolicyMgr. delete(PwPolicy policy)
This method will delete exiting policy entry from the POLICIES data set.SDSet
AdminMgr. deleteDsdRoleMember(SDSet dsdSet, Role role)
This command removes a role from a named DSD set of roles.SDSet
AdminMgr. deleteDsdSet(SDSet dsdSet)
This command deletes a DSD role set completely.void
AdminMgr. deleteInheritance(Role parentRole, Role childRole)
This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.void
DelAdminMgr. deleteInheritance(AdminRole parentRole, AdminRole childRole)
This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.void
DelAdminMgr. deleteInheritance(OrgUnit parent, OrgUnit child)
This command deletes an existing immediate inheritance relationship parent <<-- child.void
AdminMgr. deletePasswordPolicy(User user)
Method will delete user's password policy designation.void
PwPolicyMgr. deletePasswordPolicy(String userId)
This method will remove the pw policy assignment from a user entity.void
AdminMgr. deletePermission(Permission perm)
This method will remove permission operation entity from permission object.void
DelAdminMgr. deletePermission(Permission perm)
This method will remove administrative permission operation entity from permission object.void
AdminMgr. deletePermissionAttributeSet(PermissionAttributeSet permAttributeSet)
This method will delete a permission attribute set object.void
AdminMgr. deletePermObj(PermObj pObj)
This method will remove permission object to perms container in directory.void
DelAdminMgr. deletePermObj(PermObj pObj)
This method will remove administrative permission object from perms container in directory.void
AdminMgr. deleteRole(Role role)
This command deletes an existing role from the RBAC database.void
DelAdminMgr. deleteRole(AdminRole role)
This command deletes an existing admin role from the ARBAC database.void
AccelMgr. deleteSession(Session session)
This function deletes a fortress session from the RBAC Policy Decision Point inside OpenLDAP RBAC Accelerator.SDSet
AdminMgr. deleteSsdRoleMember(SDSet ssdSet, Role role)
This command removes a role from a named SSD set of roles.SDSet
AdminMgr. deleteSsdSet(SDSet ssdSet)
This command deletes a SSD role set completely.void
AdminMgr. deleteUser(User user)
This command deletes an existing user from the RBAC database.void
AdminMgr. disableRoleConstraint(Role role, RoleConstraint roleConstraint)
This method disables a role to be constrainted by attributes.void
AdminMgr. disableUser(User user)
This command deletes an existing user from the RBAC database.void
AccelMgr. dropActiveRole(Session session, UserRole role)
This function deletes a role from the active role set of a session owned by a given user.void
AccessMgr. dropActiveRole(Session session, UserRole role)
This function deletes a role from the active role set of a session owned by a given user.void
DelAccessMgr. dropActiveRole(Session session, UserAdminRole role)
This function deactivates adminRole from the active adminRole set of a session owned by a given user.SDSet
ReviewMgr. dsdRoleSet(SDSet set)
This function returns the DSD data set that matches a particular set name.int
ReviewMgr. dsdRoleSetCardinality(SDSet dsd)
This function returns the cardinality associated with a DSD role set.Set<String>
ReviewMgr. dsdRoleSetRoles(SDSet dsd)
This function returns the set of roles of a DSD role set.List<SDSet>
ReviewMgr. dsdRoleSets(Role role)
This function returns the list of all dSD role sets that have a particular Role as member or Role's parent as a member.List<SDSet>
ReviewMgr. dsdSets(SDSet dsd)
This function returns the list of DSDs that match a given dsd name value.void
AdminMgr. enableRoleConstraint(Role role, RoleConstraint roleConstraint)
This method enables a role to be constrainted by attributes.List<Group>
GroupMgr. find(Group group)
Search using a full or partial group node.List<Group>
GroupMgr. find(User user)
Search for groups by userId.List<Permission>
ReviewMgr. findAnyPermissions(Permission permission)
Method returns a list of Permissions that match any part of the permission object or operation.List<Permission>
ReviewMgr. findPermissions(Permission permission)
Method returns a list of type Permission that match the perm object search string.List<PermObj>
ReviewMgr. findPermObjs(OrgUnit ou)
Method returns a list of type Permission that match the perm object search string.List<PermObj>
ReviewMgr. findPermObjs(PermObj permObj)
Method returns a list of type PermObj that match the perm object search string.List<Permission>
ReviewMgr. findPermsByObj(PermObj permObj)
Method returns Permission operations for the provided permission objectList<RoleConstraint>
ReviewMgr. findRoleConstraints(User user, Permission permission, RoleConstraint.RCType rcType)
Find all of the role constraints for the given user and permission attribute set.List<AdminRole>
DelReviewMgr. findRoles(String searchVal)
Method will return a list of type Admin Role.List<Role>
ReviewMgr. findRoles(String searchVal)
Method will return a list of type Role matching all or part of Role name, Role#name}.List<String>
ReviewMgr. findRoles(String searchVal, int limit)
Method returns a list of roles of type String.List<User>
ReviewMgr. findUsers(OrgUnit ou)
Return a list of type User of all users in the people container that match the name field passed in OrgUnit entity.List<User>
ReviewMgr. findUsers(User user)
Return a list of type User of all users in the people container that match all or part of the User#userId field passed in User entity.List<String>
ReviewMgr. findUsers(User user, int limit)
Return a list of type String of all users in the people container that match the userId field passed in User entity.Properties
PropertyMgr. get(FortEntity entity)
Retrieve properties (ftProps) from a supplied fortress entity (Group, Role, AdminRole, Permission, PermObj)Configuration
ConfigMgr. getIds(String name)
Read an existing cfg node with given name and return posixIds to caller.User
AccessMgr. getUser(Session session)
This function returns the user object that is contained within the session object.List<AuthZ>
AuditMgr. getUserAuthZs(UserAudit uAudit)
This method returns a list of authorization events for a particular userUserAudit.userId
and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by settingUserAudit.failedOnly
.String
AccessMgr. getUserId(Session session)
This function returns the userId value that is contained within the session object.void
AdminMgr. grantPermission(Permission perm, Role role)
This command grants a role the permission to perform an operation on an object to a role.void
AdminMgr. grantPermission(Permission perm, User user)
This command grants a user the permission to perform an operation on an object to a role.void
DelAdminMgr. grantPermission(Permission perm, AdminRole role)
This command grants an AdminRole the administrative permission to perform an operation on an object to a role.void
DelAdminMgr. grantPermission(Permission perm, User user)
This command grants a user the administrative permission to perform an operation on an object to a user.List<UserRole>
GroupMgr. groupRoles(Group group)
Read an existing group node's roles.boolean
AccessMgr. isUserInRole(User user, Role role, boolean isTrusted)
Combine createSession and a role check into a single method.void
AdminMgr. lockUserAccount(User user)
Method will lock user's password which will prevent the user from authenticating with directory.List<String>
ReviewMgr. permissionRoles(Permission perm)
Return a list of type String of all roles that have granted a particular permission.List<String>
ReviewMgr. permissionUsers(Permission perm)
Return all userIds that have been granted (directly) a particular permission.Configuration
ConfigMgr. read(String name)
Read an existing cfg node with given name and return to caller.OrgUnit
DelReviewMgr. read(OrgUnit entity)
Commands reads existing OrgUnit entity from OrgUnit dataset.Group
GroupMgr. read(Group group)
Read an existing group node.PwPolicy
PwPolicyMgr. read(String name)
This method will return the password policy entity to the caller.PermissionAttributeSet
ReviewMgr. readPermAttributeSet(PermissionAttributeSet permAttributeSet)
Method read permission attribute set in directoryPermission
ReviewMgr. readPermission(Permission permission)
This method returns a matching permission entity to caller.PermObj
ReviewMgr. readPermObj(PermObj permObj)
Method reads permission object from perm container in directory.AdminRole
DelReviewMgr. readRole(AdminRole role)
Method reads Admin Role entity from the admin role container in directory.Role
ReviewMgr. readRole(Role role)
Method reads Role entity from the role container in directory.User
ReviewMgr. readUser(User user)
Method returns matching User entity that is contained within the people container in the directory.void
AdminMgr. removePermissionAttributeFromSet(PermissionAttribute permAttribute, String attributeSetName)
This method removed a permission attribute (ftPA) from an existing permission attribute set.void
AdminMgr. removeRoleConstraint(UserRole uRole, String roleConstraintId)
Thie method removes a roleConstraint (ftRC) from the user ldap entry.void
AdminMgr. removeRoleConstraint(UserRole uRole, RoleConstraint roleConstraint)
Thie method removes a roleConstraint (ftRC) from the user ldap entry.void
AdminMgr. resetPassword(User user, String newPassword)
Method will reset user's password which will require user to change password before successful authentication with directory.void
AdminMgr. revokePermission(Permission perm, Role role)
This command revokes the permission to perform an operation on an object from the set of permissions assigned to a role.void
AdminMgr. revokePermission(Permission perm, User user)
This command revokes the permission to perform an operation on an object from the set of permissions assigned to a user.void
DelAdminMgr. revokePermission(Permission perm, AdminRole role)
This command revokes the administrative permission to perform an operation on an object from the set of permissions assigned to an AdminRole.void
DelAdminMgr. revokePermission(Permission perm, User user)
This command revokes the administrative permission to perform an operation on an object from the set of permissions assigned to a user.List<Group>
GroupMgr. roleGroups(Role role)
Search for groups by role name.List<PermissionAttributeSet>
ReviewMgr. rolePermissionAttributeSets(Role role, boolean noInheritance)
This function returns all the permission attribute set (which contain 0 to many permission attributes) for a given role.List<Permission>
DelReviewMgr. rolePermissions(AdminRole role)
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role.List<Permission>
DelReviewMgr. rolePermissions(AdminRole role, boolean noInheritance)
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role.List<Permission>
ReviewMgr. rolePermissions(Role role)
This function returns the set of all permissions (op, obj), granted to or inherited by a given role.List<Permission>
ReviewMgr. rolePermissions(Role role, boolean noInheritance)
This function returns the set of all permissions (op, obj), granted to or inherited by a given role.List<OrgUnit>
DelReviewMgr. search(OrgUnit.Type type, String searchVal)
Commands searches existing OrgUnit entities from OrgUnit dataset.List<PwPolicy>
PwPolicyMgr. search(String searchVal)
This method will return a list of all password policy entities that match a particular search string.List<Mod>
AuditMgr. searchAdminMods(UserAudit uAudit)
This method returns a list of admin operations events for a particular entityUserAudit.dn
, objectUserAudit.objName
and timestampUserAudit.beginDate
.List<AuthZ>
AuditMgr. searchAuthZs(UserAudit uAudit)
This method returns a list of authorization events for a particular userUserAudit.userId
, objectUserAudit.objName
, and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by setting flagUserAudit.failedOnly
..List<Bind>
AuditMgr. searchBinds(UserAudit uAudit)
This method returns a list of authentication audit events for a particular userUserAudit.userId
, and given timestamp fieldUserAudit.beginDate
.List<AuthZ>
AuditMgr. searchInvalidUsers(UserAudit uAudit)
This method returns a list of failed authentication attempts on behalf of an invalid identityUserAudit.userId
, and given timestampUserAudit.beginDate
.List<Mod>
AuditMgr. searchUserSessions(UserAudit uAudit)
This method returns a list of sessions created for a given userUserAudit.userId
, and timestampUserAudit.beginDate
.List<UserAdminRole>
DelAccessMgr. sessionAdminRoles(Session session)
This function returns the active admin roles associated with a session.List<Permission>
AccelMgr. sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.List<Permission>
AccessMgr. sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.List<Permission>
DelAccessMgr. sessionPermissions(Session session)
This function returns the ARBAC (administrative) permissions of the session, i.e., the permissions assigned to its authorized admin roles.List<UserRole>
AccelMgr. sessionRoles(Session session)
This function returns the active roles associated with a session.List<UserRole>
AccessMgr. sessionRoles(Session session)
This function returns the active roles associated with a session.SDSet
AdminMgr. setDsdSetCardinality(SDSet dsdSet, int cardinality)
This command sets the cardinality associated with a given DSD role set.SDSet
AdminMgr. setSsdSetCardinality(SDSet ssdSet, int cardinality)
This command sets the cardinality associated with a given SSD role set.SDSet
ReviewMgr. ssdRoleSet(SDSet set)
This function returns the SSD data set that matches a particular set name.int
ReviewMgr. ssdRoleSetCardinality(SDSet ssd)
This function returns the cardinality associated with a SSD role set.Set<String>
ReviewMgr. ssdRoleSetRoles(SDSet ssd)
This function returns the set of roles of a SSD role set.List<SDSet>
ReviewMgr. ssdRoleSets(Role role)
This function returns the list of all SSD role sets that have a particular Role as member or Role's parent as a member.List<SDSet>
ReviewMgr. ssdSets(SDSet ssd)
This function returns the list of SSDs that match a given ssd name value.void
AdminMgr. unlockUserAccount(User user)
Method will unlock user's password which will enable user to authenticate with directory.Configuration
ConfigMgr. update(Configuration cfg)
Update existing cfg node with additional properties, or, replace existing properties.OrgUnit
DelAdminMgr. update(OrgUnit entity)
Commands updates existing OrgUnit entity to OrgUnit dataset.Group
GroupMgr. update(Group group)
Modify existing group node.FortEntity
PropertyMgr. update(FortEntity entity, Properties props)
Update properties (ftProps) to a supplied fortress entity (Group, Role, AdminRole, Permission, PermObj)void
PwPolicyMgr. update(PwPolicy policy)
This method will update an exiting policy entry to the POLICIES data set.SDSet
AdminMgr. updateDsdSet(SDSet dsdSet)
This command updates existing DSD set of roles and sets the cardinality n of its subsets that cannot have common users.Permission
AdminMgr. updatePermission(Permission perm)
This method will update permission operation pre-existing in target directory underou=Permissions,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.Permission
DelAdminMgr. updatePermission(Permission perm)
This method will update administrative permission operation pre-existing in target directory underou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com
container in directory information tree.void
AdminMgr. updatePermissionAttributeInSet(PermissionAttribute permAttribute, String attributeSetName, boolean replaceValidValues)
This method updates a permission attribute (ftPA) on a permission attribute set.PermObj
AdminMgr. updatePermObj(PermObj pObj)
This method will update permission object in perms container in directory.PermObj
DelAdminMgr. updatePermObj(PermObj pObj)
This method will update administrative permission object in perms container in directory.void
ConfigMgr. updateProperty(String name, String key, String value, String newValue)
This method will update a single property with a new value..Role
AdminMgr. updateRole(Role role)
Method will update a Role entity in the directory.AdminRole
DelAdminMgr. updateRole(AdminRole role)
Method will update an AdminRole entity in the directory.SDSet
AdminMgr. updateSsdSet(SDSet ssdSet)
This command updates existing SSD set of roles and sets the cardinality n of its subsets that cannot have common users.User
AdminMgr. updateUser(User user)
This method performs an update on User entity in directory.void
PwPolicyMgr. updateUserPolicy(String userId, String policyName)
This method will associate a user entity with a password policy entity.List<Permission>
ReviewMgr. userPermissions(User user)
This function returns the set of permissions a given user gets through his/her authorized roles. -
Uses of SecurityException in org.apache.directory.fortress.core.impl
Methods in org.apache.directory.fortress.core.impl that throw SecurityException Modifier and Type Method Description Configuration
ConfigMgrImpl. add(Configuration cfg)
Create a new cfg node with given name and properties.OrgUnit
DelAdminMgrImpl. add(OrgUnit entity)
Commands adds a new OrgUnit entity to OrgUnit dataset.Group
GroupMgrImpl. add(Group group)
Create a new group node.,Group
GroupMgrImpl. add(Group group, String key, String value)
Add a property to an existing group node.void
OrganizationalUnitP. add(OrganizationalUnit orgUnit)
Add a new container to the Directory Information Tree (DIT).FortEntity
PropertyMgrImpl. add(FortEntity entity, Properties props)
Adds properties (ftProps) to a supplied fortress entity (Group, Role, AdminRole, Permission, PermObj)void
PwPolicyMgrImpl. add(PwPolicy policy)
This method will add a new policy entry to the POLICIES data set.void
SuffixP. add(Suffix suffix)
Add a new suffix to the Directory Information Tree (DIT).void
AccelMgrImpl. addActiveRole(Session session, UserRole role)
This function adds a role as an active role of a session whose owner is a given user.void
AccessMgrImpl. addActiveRole(Session session, UserRole role)
This function adds a role as an active role of a session whose owner is a given user.void
DelAccessMgrImpl. addActiveRole(Session session, UserAdminRole role)
This function adds an adminRole as an active role of a session whose owner is a given user.void
AdminMgrImpl. addAscendant(Role childRole, Role parentRole)
This command creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of the existing role childRole.void
DelAdminMgrImpl. addAscendant(AdminRole childRole, AdminRole parentRole)
This command creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of the existing role childRole.void
DelAdminMgrImpl. addAscendant(OrgUnit child, OrgUnit parent)
This command creates a new orgunit parent, and inserts it in the orgunit hierarchy as an immediate ascendant of the existing child orgunit.void
AdminMgrImpl. addDescendant(Role parentRole, Role childRole)
This command creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of the existing role parentRole.void
DelAdminMgrImpl. addDescendant(AdminRole parentRole, AdminRole childRole)
This command creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of the existing role parentRole.void
DelAdminMgrImpl. addDescendant(OrgUnit parent, OrgUnit child)
This command creates a new orgunit child, and inserts it in the orgunit hierarchy as an immediate descendant of the existing orgunit parent.SDSet
AdminMgrImpl. addDsdRoleMember(SDSet dsdSet, Role role)
This command adds a role to a named DSD set of roles.void
AdminMgrImpl. addInheritance(Role parentRole, Role childRole)
This command establishes a new immediate inheritance relationship parentRole <<-- childRole between existing roles parentRole, childRole.void
DelAdminMgrImpl. addInheritance(AdminRole parentRole, AdminRole childRole)
This command establishes a new immediate inheritance relationship parentRole <<-- childRole between existing roles parentRole, childRole.void
DelAdminMgrImpl. addInheritance(OrgUnit parent, OrgUnit child)
This command establishes a new immediate inheritance relationship with parent orgunit <<-- child orgunitPermission
AdminMgrImpl. addPermission(Permission perm)
This method will add permission operation to an existing permission object which resides underou=Permissions,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.Permission
DelAdminMgrImpl. addPermission(Permission perm)
This method will add an administrative permission operation to an existing permission object which resides underou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com
container in directory information tree.PermissionAttributeSet
AdminMgrImpl. addPermissionAttributeSet(PermissionAttributeSet permAttributeSet)
This method will create a new permission attribute set object with resides under theou=Constraints,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.PermissionAttribute
AdminMgrImpl. addPermissionAttributeToSet(PermissionAttribute permAttribute, String attributeSetName)
This method adds a permission attribute (ftPA) to a permission attribute set.PermObj
AdminMgrImpl. addPermObj(PermObj pObj)
This method will add permission object to perms container in directory.PermObj
DelAdminMgrImpl. addPermObj(PermObj pObj)
This method will add administrative permission object to admin perms container in directory.Role
AdminMgrImpl. addRole(Role role)
This command creates a new role.AdminRole
DelAdminMgrImpl. addRole(AdminRole role)
This command creates a new admin role.RoleConstraint
AdminMgrImpl. addRoleConstraint(UserRole uRole, RoleConstraint roleConstraint)
This method adds a roleConstraint (ftRC) to the user ldap entry.SDSet
AdminMgrImpl. addSsdRoleMember(SDSet ssdSet, Role role)
This command adds a role to a named SSD set of roles.User
AdminMgrImpl. addUser(User user)
This command creates a new RBAC user.Group
GroupMgrImpl. assign(Group group, String member)
Assign a user to an existing group node.List<UserAdminRole>
DelReviewMgrImpl. assignedRoles(User user)
This function returns the set of admin roles assigned to a given user.List<String>
ReviewMgrImpl. assignedRoles(String userId)
This function returns the set of roles assigned to a given user.List<UserRole>
ReviewMgrImpl. assignedRoles(User user)
This function returns the set of roles assigned to a given user.List<User>
DelReviewMgrImpl. assignedUsers(AdminRole role)
This method returns the data set of all users who are assigned the given admin role.List<User>
ReviewMgrImpl. assignedUsers(Role role)
This method returns the data set of all users who are assigned the given role.List<String>
ReviewMgrImpl. assignedUsers(Role role, int limit)
This function returns the set of users assigned to a given role.List<User>
ReviewMgrImpl. assignedUsers(Role role, RoleConstraint roleConstraint)
This method returns the data set of all users who are assigned the given role.List<UserRole>
ReviewMgrImpl. assignedUsers(Role role, RoleConstraint.RCType rcType, String keyName)
This method returns the user roles for all users who have the given role, with a specified constraint type and permission attribute set name.void
AdminMgrImpl. assignUser(UserRole uRole)
This command assigns a user to a role.void
DelAdminMgrImpl. assignUser(UserAdminRole uAdminRole)
This command assigns a user to an admin role.Session
AccessMgrImpl. authenticate(String userId, String password)
Perform user authentication only.Set<String>
DelAccessMgrImpl. authorizedAdminRoles(Session session)
This function returns the authorized admin roles associated with a session based on hierarchical relationships.Set<String>
ReviewMgrImpl. authorizedPermissionRoles(Permission perm)
Return all role names that have been authorized for a given permission.Set<String>
ReviewMgrImpl. authorizedPermissionUsers(Permission perm)
Return all userIds that have been authorized for a given permission.Set<String>
AccessMgrImpl. authorizedRoles(Session session)
This function returns the authorized roles associated with a session based on hierarchical relationships.Set<String>
ReviewMgrImpl. authorizedRoles(User user)
This function returns the set of roles authorized for a given user.List<User>
ReviewMgrImpl. authorizedUsers(Role role)
This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that inherits the given role.boolean
DelAccessMgrImpl. canAdd(Session session, User user)
This function will determine if the user contains an AdminRole that is authorized to add a new User.boolean
DelAccessMgrImpl. canAssign(Session session, User user, Role role)
This function will determine if the user contains an AdminRole that is authorized assignment control over User-Role Assignment (URA).boolean
DelAccessMgrImpl. canDeassign(Session session, User user, Role role)
This function will determine if the user contains an AdminRole that is authorized revoke control over User-Role Assignment (URA).boolean
DelAccessMgrImpl. canEdit(Session session, User user)
This function will determine if the user contains an AdminRole that is authorized update/delete control over User.boolean
DelAccessMgrImpl. canGrant(Session session, Role role, Permission perm)
This function will determine if the user contains an AdminRole that is authorized assignment control over Permission-Role Assignment (PRA).boolean
DelAccessMgrImpl. canRevoke(Session session, Role role, Permission perm)
This function will determine if the user contains an AdminRole that is authorized revoke control over Permission-Role Assignment (PRA).void
AdminMgrImpl. changePassword(User user, String newPassword)
Method will change user's password.boolean
AccelMgrImpl. checkAccess(Session session, Permission perm)
Perform user RBAC authorization.boolean
AccessMgrImpl. checkAccess(Session session, Permission perm)
Perform user RBAC authorization.boolean
AccessMgrImpl. checkAccess(User user, Permission perm, boolean isTrusted)
Combine createSession and checkAccess into a single method.boolean
DelAccessMgrImpl. checkAccess(Session session, Permission perm)
Perform user RBAC authorization.protected void
Manageable. checkAccess(String className, String opName)
Every Fortress Manager API (e.g.SDSet
AdminMgrImpl. createDsdSet(SDSet dsdSet)
This command creates a named DSD set of roles and sets an associated cardinality n.Session
AccelMgrImpl. createSession(User user, boolean isTrusted)
Perform user authentication User#password and role activations.Session
AccessMgrImpl. createSession(Group group)
Session
AccessMgrImpl. createSession(User user, boolean isTrusted)
Perform user authenticationUser.password
and role activations.
This method must be called once per user prior to calling other methods within this class.Session
AccessMgrImpl. createSession(User user, List<RoleConstraint> constraints, boolean isTrusted)
Same asAccessMgr.createSession( User user, boolean isTrusted )
Plus constraint which places attribute key:value, e.g.SDSet
AdminMgrImpl. createSsdSet(SDSet ssdSet)
This command creates a named SSD set of roles and sets the cardinality n of its subsets that cannot have common users.Group
GroupMgrImpl. deassign(Group group, String member)
Deassign a member from an existing group node.void
AdminMgrImpl. deassignUser(UserRole uRole)
This command deletes the assignment of the User from the Role entities.void
DelAdminMgrImpl. deassignUser(UserAdminRole uAdminRole)
This method removes assigned admin role from user entity.void
ConfigMgrImpl. delete(String name)
Completely removes named cfg node from the directory.void
ConfigMgrImpl. delete(String name, Properties inProps)
Delete properties from existing cfg node.OrgUnit
DelAdminMgrImpl. delete(OrgUnit entity)
Commands deletes existing OrgUnit entity to OrgUnit dataset.Group
GroupMgrImpl. delete(Group group)
Delete existing group node.Group
GroupMgrImpl. delete(Group group, String key, String value)
Delete existing group node.void
OrganizationalUnitP. delete(OrganizationalUnit orgUnit)
Remove a container from the Directory Information Tree (DIT).void
PropertyMgrImpl. delete(FortEntity entity, Properties props)
Delete properties (ftProps) from a supplied fortress entity (Group, Role, AdminRole, Permission, PermObj)void
PwPolicyMgrImpl. delete(PwPolicy policy)
This method will delete exiting policy entry from the POLICIES data set.void
SuffixP. delete(Suffix suffix)
Remove the suffix along with descendant nodes.SDSet
AdminMgrImpl. deleteDsdRoleMember(SDSet dsdSet, Role role)
This command removes a role from a named DSD set of roles.SDSet
AdminMgrImpl. deleteDsdSet(SDSet dsdSet)
This command deletes a DSD role set completely.void
AdminMgrImpl. deleteInheritance(Role parentRole, Role childRole)
This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.void
DelAdminMgrImpl. deleteInheritance(AdminRole parentRole, AdminRole childRole)
This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.void
DelAdminMgrImpl. deleteInheritance(OrgUnit parent, OrgUnit child)
This command deletes an existing immediate inheritance relationship parent <<-- child.void
AdminMgrImpl. deletePasswordPolicy(User user)
Method will delete user's password policy designation.void
PwPolicyMgrImpl. deletePasswordPolicy(String userId)
This method will remove the pw policy assignment from a user entity.void
AdminMgrImpl. deletePermission(Permission perm)
This method will remove permission operation entity from permission object.void
DelAdminMgrImpl. deletePermission(Permission perm)
This method will remove administrative permission operation entity from permission object.void
AdminMgrImpl. deletePermissionAttributeSet(PermissionAttributeSet permAttributeSet)
This method will delete a permission attribute set object.void
AdminMgrImpl. deletePermObj(PermObj pObj)
This method will remove permission object to perms container in directory.void
DelAdminMgrImpl. deletePermObj(PermObj pObj)
This method will remove administrative permission object from perms container in directory.void
AdminMgrImpl. deleteRole(Role role)
This command deletes an existing role from the RBAC database.void
DelAdminMgrImpl. deleteRole(AdminRole role)
This command deletes an existing admin role from the ARBAC database.void
AccelMgrImpl. deleteSession(Session session)
This function deletes a fortress session from the RBAC Policy Decision Point inside OpenLDAP RBAC Accelerator.SDSet
AdminMgrImpl. deleteSsdRoleMember(SDSet ssdSet, Role role)
This command removes a role from a named SSD set of roles.SDSet
AdminMgrImpl. deleteSsdSet(SDSet ssdSet)
This command deletes a SSD role set completely.void
AdminMgrImpl. deleteUser(User user)
This command deletes an existing user from the RBAC database.void
AdminMgrImpl. disableRoleConstraint(Role role, RoleConstraint roleConstraint)
This method disables a role to be constrainted by attributes.void
AdminMgrImpl. disableUser(User user)
This command deletes an existing user from the RBAC database.void
AccelMgrImpl. dropActiveRole(Session session, UserRole role)
This function deletes a role from the active role set of a session owned by a given user.void
AccessMgrImpl. dropActiveRole(Session session, UserRole role)
This function deletes a role from the active role set of a session owned by a given user.void
DelAccessMgrImpl. dropActiveRole(Session session, UserAdminRole role)
This function deactivates adminRole from the active adminRole set of a session owned by a given user.SDSet
ReviewMgrImpl. dsdRoleSet(SDSet set)
This function returns the DSD data set that matches a particular set name.int
ReviewMgrImpl. dsdRoleSetCardinality(SDSet dsd)
This function returns the cardinality associated with a DSD role set.Set<String>
ReviewMgrImpl. dsdRoleSetRoles(SDSet dsd)
This function returns the set of roles of a DSD role set.List<SDSet>
ReviewMgrImpl. dsdRoleSets(Role role)
This function returns the list of all dSD role sets that have a particular Role as member or Role's parent as a member.List<SDSet>
ReviewMgrImpl. dsdSets(SDSet ssd)
This function returns the list of DSDs that match a given dsd name value.void
AdminMgrImpl. enableRoleConstraint(Role role, RoleConstraint roleConstraint)
This method enables a role to be constrainted by attributes.List<Group>
GroupMgrImpl. find(Group group)
Search using a full or partial group node.List<Group>
GroupMgrImpl. find(User user)
Search for groups by userId.List<Permission>
ReviewMgrImpl. findAnyPermissions(Permission permission)
Method returns a list of Permissions that match any part of the permission object or operation.List<Permission>
ReviewMgrImpl. findPermissions(Permission permission)
Method returns a list of type Permission that match the perm object search string.List<PermObj>
ReviewMgrImpl. findPermObjs(OrgUnit ou)
Method returns a list of type Permission that match the perm object search string.List<PermObj>
ReviewMgrImpl. findPermObjs(PermObj permObj)
Method returns a list of type PermObj that match the perm object search string.List<Permission>
ReviewMgrImpl. findPermsByObj(PermObj permObj)
Method returns Permission operations for the provided permission objectList<RoleConstraint>
ReviewMgrImpl. findRoleConstraints(User user, Permission permission, RoleConstraint.RCType rcType)
Find all of the role constraints for the given user and permission attribute set.List<AdminRole>
DelReviewMgrImpl. findRoles(String searchVal)
Method will return a list of type Admin Role.List<Role>
ReviewMgrImpl. findRoles(String searchVal)
Method will return a list of type Role matching all or part of Role name, Role#name}.List<String>
ReviewMgrImpl. findRoles(String searchVal, int limit)
Method returns a list of roles of type String.List<User>
ReviewMgrImpl. findUsers(OrgUnit ou)
Return a list of type User of all users in the people container that match the name field passed in OrgUnit entity.List<User>
ReviewMgrImpl. findUsers(User user)
Return a list of type User of all users in the people container that match all or part of the User#userId field passed in User entity.List<String>
ReviewMgrImpl. findUsers(User user, int limit)
Return a list of type String of all users in the people container that match the userId field passed in User entity.Properties
PropertyMgrImpl. get(FortEntity entity)
Retrieve properties (ftProps) from a supplied fortress entity (Group, Role, AdminRole, Permission, PermObj)Configuration
ConfigMgrImpl. getIds(String name)
Read an existing cfg node with given name and return posixIds to caller.User
AccessMgrImpl. getUser(Session session)
This function returns the user object that is contained within the session object.List<AuthZ>
AuditMgrImpl. getUserAuthZs(UserAudit uAudit)
This method returns a list of authorization events for a particular userUserAudit.userId
and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by settingUserAudit.failedOnly
.String
AccessMgrImpl. getUserId(Session session)
This function returns the userId value that is contained within the session object.void
AdminMgrImpl. grantPermission(Permission perm, Role role)
This command grants a role the permission to perform an operation on an object to a role.void
AdminMgrImpl. grantPermission(Permission perm, User user)
This command grants a user the permission to perform an operation on an object to a role.void
DelAdminMgrImpl. grantPermission(Permission perm, AdminRole role)
This command grants an AdminRole the administrative permission to perform an operation on an object to a role.void
DelAdminMgrImpl. grantPermission(Permission perm, User user)
This command grants a user the administrative permission to perform an operation on an object to a user.List<UserRole>
GroupMgrImpl. groupRoles(Group group)
Read an existing group node's roles.boolean
AccessMgrImpl. isUserInRole(User user, Role role, boolean isTrusted)
Combine createSession and a role check into a single method.void
AdminMgrImpl. lockUserAccount(User user)
Method will lock user's password which will prevent the user from authenticating with directory.List<String>
ReviewMgrImpl. permissionRoles(Permission perm)
Return a list of type String of all roles that have granted a particular permission.List<String>
ReviewMgrImpl. permissionUsers(Permission perm)
Return all userIds that have been granted (directly) a particular permission.Configuration
ConfigMgrImpl. read(String name)
Read an existing cfg node with given name and return to caller.OrgUnit
DelReviewMgrImpl. read(OrgUnit entity)
Commands reads existing OrgUnit entity from OrgUnit dataset.Group
GroupMgrImpl. read(Group group)
Read an existing group node.PwPolicy
PwPolicyMgrImpl. read(String name)
This method will return the password policy entity to the caller.PermissionAttributeSet
ReviewMgrImpl. readPermAttributeSet(PermissionAttributeSet permAttributeSet)
Method read permission attribute set in directoryPermission
ReviewMgrImpl. readPermission(Permission permission)
This method returns a matching permission entity to caller.PermObj
ReviewMgrImpl. readPermObj(PermObj permObj)
Method reads permission object from perm container in directory.AdminRole
DelReviewMgrImpl. readRole(AdminRole role)
Method reads Admin Role entity from the admin role container in directory.Role
ReviewMgrImpl. readRole(Role role)
Method reads Role entity from the role container in directory.User
ReviewMgrImpl. readUser(User user)
Method returns matching User entity that is contained within the people container in the directory.void
AdminMgrImpl. removePermissionAttributeFromSet(PermissionAttribute permAttribute, String attributeSetName)
This method removed a permission attribute (ftPA) from an existing permission attribute set.void
AdminMgrImpl. removeRoleConstraint(UserRole uRole, String roleConstraintId)
Thie method removes a roleConstraint (ftRC) from the user ldap entry.void
AdminMgrImpl. removeRoleConstraint(UserRole uRole, RoleConstraint roleConstraint)
Thie method removes a roleConstraint (ftRC) from the user ldap entry.void
AdminMgrImpl. resetPassword(User user, String newPassword)
Method will reset user's password which will require user to change password before successful authentication with directory.void
AdminMgrImpl. revokePermission(Permission perm, Role role)
This command revokes the permission to perform an operation on an object from the set of permissions assigned to a role.void
AdminMgrImpl. revokePermission(Permission perm, User user)
This command revokes the permission to perform an operation on an object from the set of permissions assigned to a user.void
DelAdminMgrImpl. revokePermission(Permission perm, AdminRole role)
This command revokes the administrative permission to perform an operation on an object from the set of permissions assigned to an AdminRole.void
DelAdminMgrImpl. revokePermission(Permission perm, User user)
This command revokes the administrative permission to perform an operation on an object from the set of permissions assigned to a user.List<Group>
GroupMgrImpl. roleGroups(Role role)
Search for groups by role name.List<PermissionAttributeSet>
ReviewMgrImpl. rolePermissionAttributeSets(Role role, boolean noInhertiance)
This function returns all the permission attribute set (which contain 0 to many permission attributes) for a given role.List<Permission>
DelReviewMgrImpl. rolePermissions(AdminRole role)
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role.List<Permission>
DelReviewMgrImpl. rolePermissions(AdminRole role, boolean noInheritance)
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role.List<Permission>
ReviewMgrImpl. rolePermissions(Role role)
This function returns the set of all permissions (op, obj), granted to or inherited by a given role.List<Permission>
ReviewMgrImpl. rolePermissions(Role role, boolean noInheritance)
This function returns the set of all permissions (op, obj), granted to or inherited by a given role.List<OrgUnit>
DelReviewMgrImpl. search(OrgUnit.Type type, String searchVal)
Commands searches existing OrgUnit entities from OrgUnit dataset.List<PwPolicy>
PwPolicyMgrImpl. search(String searchVal)
This method will return a list of all password policy entities that match a particular search string.List<Mod>
AuditMgrImpl. searchAdminMods(UserAudit uAudit)
This method returns a list of admin operations events for a particular entityUserAudit.dn
, objectUserAudit.objName
and timestampUserAudit.beginDate
.List<AuthZ>
AuditMgrImpl. searchAuthZs(UserAudit uAudit)
This method returns a list of authorization events for a particular userUserAudit.userId
, objectUserAudit.objName
, and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by setting flagUserAudit.failedOnly
..List<Bind>
AuditMgrImpl. searchBinds(UserAudit uAudit)
This method returns a list of authentication audit events for a particular userUserAudit.userId
, and given timestamp fieldUserAudit.beginDate
.List<AuthZ>
AuditMgrImpl. searchInvalidUsers(UserAudit uAudit)
This method returns a list of failed authentication attempts on behalf of an invalid identityUserAudit.userId
, and given timestampUserAudit.beginDate
.List<Mod>
AuditMgrImpl. searchUserSessions(UserAudit uAudit)
This method returns a list of sessions created for a given userUserAudit.userId
, and timestampUserAudit.beginDate
.List<UserAdminRole>
DelAccessMgrImpl. sessionAdminRoles(Session session)
This function returns the active admin roles associated with a session.List<Permission>
AccelMgrImpl. sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.List<Permission>
AccessMgrImpl. sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.List<Permission>
DelAccessMgrImpl. sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.List<UserRole>
AccelMgrImpl. sessionRoles(Session session)
This function returns the active roles associated with a session.List<UserRole>
AccessMgrImpl. sessionRoles(Session session)
This function returns the active roles associated with a session.SDSet
AdminMgrImpl. setDsdSetCardinality(SDSet dsdSet, int cardinality)
This command sets the cardinality associated with a given DSD role set.protected void
Manageable. setEntitySession(String className, String opName, FortEntity entity)
Set A/RBAC session on entity and perform authorization on behalf of the caller if theManageable.adminSess
is set.SDSet
AdminMgrImpl. setSsdSetCardinality(SDSet ssdSet, int cardinality)
This command sets the cardinality associated with a given SSD role set.SDSet
ReviewMgrImpl. ssdRoleSet(SDSet set)
This function returns the SSD data set that matches a particular set name.int
ReviewMgrImpl. ssdRoleSetCardinality(SDSet ssd)
This function returns the cardinality associated with a SSD role set.Set<String>
ReviewMgrImpl. ssdRoleSetRoles(SDSet ssd)
This function returns the set of roles of a SSD role set.List<SDSet>
ReviewMgrImpl. ssdRoleSets(Role role)
This function returns the list of all SSD role sets that have a particular Role as member or Role's parent as a member.List<SDSet>
ReviewMgrImpl. ssdSets(SDSet ssd)
This function returns the list of SSDs that match a given ssd name value.void
AdminMgrImpl. unlockUserAccount(User user)
Method will unlock user's password which will enable user to authenticate with directory.Configuration
ConfigMgrImpl. update(Configuration cfg)
Update existing cfg node with additional properties, or, replace existing properties.OrgUnit
DelAdminMgrImpl. update(OrgUnit entity)
Commands updates existing OrgUnit entity to OrgUnit dataset.Group
GroupMgrImpl. update(Group group)
Modify existing group node.FortEntity
PropertyMgrImpl. update(FortEntity entity, Properties props)
Update properties (ftProps) to a supplied fortress entity (Group, Role, AdminRole, Permission, PermObj)void
PwPolicyMgrImpl. update(PwPolicy policy)
This method will update an exiting policy entry to the POLICIES data set.SDSet
AdminMgrImpl. updateDsdSet(SDSet dsdSet)
This command updates existing DSD set of roles and sets the cardinality n of its subsets that cannot have common users.Permission
AdminMgrImpl. updatePermission(Permission perm)
This method will update permission operation pre-existing in target directory underou=Permissions,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.Permission
DelAdminMgrImpl. updatePermission(Permission perm)
This method will update administrative permission operation pre-existing in target directory underou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com
container in directory information tree.void
AdminMgrImpl. updatePermissionAttributeInSet(PermissionAttribute permAttribute, String attributeSetName, boolean replaceValidValues)
This method updates a permission attribute (ftPA) on a permission attribute set.PermObj
AdminMgrImpl. updatePermObj(PermObj pObj)
This method will update permission object in perms container in directory.PermObj
DelAdminMgrImpl. updatePermObj(PermObj pObj)
This method will update administrative permission object in perms container in directory.void
ConfigMgrImpl. updateProperty(String name, String key, String value, String newValue)
This method will update a single property with a new value..Role
AdminMgrImpl. updateRole(Role role)
Method will update a Role entity in the directory.AdminRole
DelAdminMgrImpl. updateRole(AdminRole role)
Method will update an AdminRole entity in the directory.SDSet
AdminMgrImpl. updateSsdSet(SDSet ssdSet)
This command updates existing SSD set of roles and sets the cardinality n of its subsets that cannot have common users.User
AdminMgrImpl. updateUser(User user)
This method performs an update on User entity in directory.void
PwPolicyMgrImpl. updateUserPolicy(String userId, String policyName)
This method will associate a user entity with a password policy entity.List<Permission>
ReviewMgrImpl. userPermissions(User user)
This function returns the set of permissions a given user gets through his/her authorized roles.int
DSDChecker. validate(Session session, Constraint constraint, Time time, VUtil.ConstraintType type)
This method is called during entity activation,VUtil.validateConstraints(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.VUtil.ConstraintType, boolean)
and ensures the role does not violate dynamic separation of duty constraints. -
Uses of SecurityException in org.apache.directory.fortress.core.rest
Methods in org.apache.directory.fortress.core.rest that throw SecurityException Modifier and Type Method Description Configuration
ConfigMgrRestImpl. add(Configuration cfg)
Create a new cfg node with given name and properties.OrgUnit
DelAdminMgrRestImpl. add(OrgUnit entity)
Commands adds a new OrgUnit entity to OrgUnit dataset.Group
GroupMgrRestImpl. add(Group group)
Create a new group node.,Group
GroupMgrRestImpl. add(Group group, String key, String value)
Add a property to an existing group node.FortEntity
PropertyMgrRestImpl. add(FortEntity entity, Properties props)
void
PwPolicyMgrRestImpl. add(PwPolicy policy)
This method will add a new policy entry to the POLICIES data set.void
AccessMgrRestImpl. addActiveRole(Session session, UserRole role)
This function adds a role as an active role of a session whose owner is a given user.void
DelAccessMgrRestImpl. addActiveRole(Session session, UserAdminRole role)
This function adds an adminRole as an active role of a session whose owner is a given user.void
AdminMgrRestImpl. addAscendant(Role childRole, Role parentRole)
This command creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of the existing role childRole.void
DelAdminMgrRestImpl. addAscendant(AdminRole childRole, AdminRole parentRole)
This command creates a new role parentRole, and inserts it in the role hierarchy as an immediate ascendant of the existing role childRole.void
DelAdminMgrRestImpl. addAscendant(OrgUnit child, OrgUnit parent)
This command creates a new orgunit parent, and inserts it in the orgunit hierarchy as an immediate ascendant of the existing child orgunit.void
AdminMgrRestImpl. addDescendant(Role parentRole, Role childRole)
This command creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of the existing role parentRole.void
DelAdminMgrRestImpl. addDescendant(AdminRole parentRole, AdminRole childRole)
This command creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of the existing role parentRole.void
DelAdminMgrRestImpl. addDescendant(OrgUnit parent, OrgUnit child)
This command creates a new orgunit child, and inserts it in the orgunit hierarchy as an immediate descendant of the existing orgunit parent.SDSet
AdminMgrRestImpl. addDsdRoleMember(SDSet dsdSet, Role role)
This command adds a role to a named DSD set of roles.void
AdminMgrRestImpl. addInheritance(Role parentRole, Role childRole)
This command establishes a new immediate inheritance relationship parentRole <<-- childRole between existing roles parentRole, childRole.void
DelAdminMgrRestImpl. addInheritance(AdminRole parentRole, AdminRole childRole)
This command establishes a new immediate inheritance relationship parentRole <<-- childRole between existing roles parentRole, childRole.void
DelAdminMgrRestImpl. addInheritance(OrgUnit parent, OrgUnit child)
This command establishes a new immediate inheritance relationship with parent orgunit <<-- child orgunitPermission
AdminMgrRestImpl. addPermission(Permission perm)
This method will add permission operation to an existing permission object which resides underou=Permissions,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.Permission
DelAdminMgrRestImpl. addPermission(Permission perm)
This method will add an administrative permission operation to an existing permission object which resides underou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com
container in directory information tree.PermissionAttributeSet
AdminMgrRestImpl. addPermissionAttributeSet(PermissionAttributeSet permAttributeSet)
This method will create a new permission attribute set object with resides under theou=Constraints,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.PermissionAttribute
AdminMgrRestImpl. addPermissionAttributeToSet(PermissionAttribute permAttribute, String attributeSetName)
This method adds a permission attribute (ftPA) to a permission attribute set.PermObj
AdminMgrRestImpl. addPermObj(PermObj pObj)
This method will add permission object to perms container in directory.PermObj
DelAdminMgrRestImpl. addPermObj(PermObj pObj)
This method will add administrative permission object to admin perms container in directory.Role
AdminMgrRestImpl. addRole(Role role)
This command creates a new role.AdminRole
DelAdminMgrRestImpl. addRole(AdminRole role)
This command creates a new admin role.RoleConstraint
AdminMgrRestImpl. addRoleConstraint(UserRole uRole, RoleConstraint roleConstraint)
This method adds a roleConstraint (ftRC) to the user ldap entry.SDSet
AdminMgrRestImpl. addSsdRoleMember(SDSet ssdSet, Role role)
This command adds a role to a named SSD set of roles.User
AdminMgrRestImpl. addUser(User user)
This command creates a new RBAC user.Group
GroupMgrRestImpl. assign(Group group, String member)
Assign a user to an existing group node.List<UserAdminRole>
DelReviewMgrRestImpl. assignedRoles(User user)
This function returns the set of admin roles assigned to a given user.List<String>
ReviewMgrRestImpl. assignedRoles(String userId)
This function returns the set of roles assigned to a given user.List<UserRole>
ReviewMgrRestImpl. assignedRoles(User user)
This function returns the set of roles assigned to a given user.List<User>
DelReviewMgrRestImpl. assignedUsers(AdminRole role)
This method returns the data set of all users who are assigned the given admin role.List<User>
ReviewMgrRestImpl. assignedUsers(Role role)
This method returns the data set of all users who are assigned the given role.List<String>
ReviewMgrRestImpl. assignedUsers(Role role, int limit)
This function returns the set of users assigned to a given role.List<User>
ReviewMgrRestImpl. assignedUsers(Role role, RoleConstraint roleConstraint)
List<UserRole>
ReviewMgrRestImpl. assignedUsers(Role role, RoleConstraint.RCType rcType, String key)
void
AdminMgrRestImpl. assignUser(UserRole uRole)
This command assigns a user to a role.void
DelAdminMgrRestImpl. assignUser(UserAdminRole uAdminRole)
This command assigns a user to an admin role.Session
AccessMgrRestImpl. authenticate(String userId, String password)
Perform user authentication only.Set<String>
DelAccessMgrRestImpl. authorizedAdminRoles(Session session)
This function returns the authorized admin roles associated with a session based on hierarchical relationships.Set<String>
ReviewMgrRestImpl. authorizedPermissionRoles(Permission perm)
Return all role names that have been authorized for a given permission.Set<String>
ReviewMgrRestImpl. authorizedPermissionUsers(Permission perm)
Return all userIds that have been authorized for a given permission.Set<String>
AccessMgrRestImpl. authorizedRoles(Session session)
This function returns the authorized roles associated with a session based on hierarchical relationships.Set<String>
ReviewMgrRestImpl. authorizedRoles(User user)
This function returns the set of roles authorized for a given user.List<User>
ReviewMgrRestImpl. authorizedUsers(Role role)
This function returns the set of users authorized to a given role, i.e., the users that are assigned to a role that inherits the given role.boolean
DelAccessMgrRestImpl. canAdd(Session session, User user)
This function will determine if the user contains an AdminRole that is authorized to add a new User.boolean
DelAccessMgrRestImpl. canAssign(Session session, User user, Role role)
This function will determine if the user contains an AdminRole that is authorized assignment control over User-Role Assignment (URA).boolean
DelAccessMgrRestImpl. canDeassign(Session session, User user, Role role)
This function will determine if the user contains an AdminRole that is authorized revoke control over User-Role Assignment (URA).boolean
DelAccessMgrRestImpl. canEdit(Session session, User user)
This function will determine if the user contains an AdminRole that is authorized update/delete control over User.boolean
DelAccessMgrRestImpl. canGrant(Session session, Role role, Permission perm)
This function will determine if the user contains an AdminRole that is authorized assignment control over Permission-Role Assignment (PRA).boolean
DelAccessMgrRestImpl. canRevoke(Session session, Role role, Permission perm)
This function will determine if the user contains an AdminRole that is authorized revoke control over Permission-Role Assignment (PRA).void
AdminMgrRestImpl. changePassword(User user, String newPassword)
Method will change user's password.boolean
AccessMgrRestImpl. checkAccess(Session session, Permission perm)
Perform user RBAC authorization.boolean
AccessMgrRestImpl. checkAccess(User user, Permission perm, boolean isTrusted)
Combine createSession and checkAccess into a single method.boolean
DelAccessMgrRestImpl. checkAccess(Session session, Permission perm)
Perform user RBAC authorization.SDSet
AdminMgrRestImpl. createDsdSet(SDSet dsdSet)
This command creates a named DSD set of roles and sets an associated cardinality n.Session
AccessMgrRestImpl. createSession(Group group)
Session
AccessMgrRestImpl. createSession(User user, boolean isTrusted)
Perform user authenticationUser.password
and role activations.
This method must be called once per user prior to calling other methods within this class.Session
AccessMgrRestImpl. createSession(User user, List<RoleConstraint> constraints, boolean isTrusted)
Same asAccessMgr.createSession( User user, boolean isTrusted )
Plus constraint which places attribute key:value, e.g.SDSet
AdminMgrRestImpl. createSsdSet(SDSet ssdSet)
This command creates a named SSD set of roles and sets the cardinality n of its subsets that cannot have common users.Group
GroupMgrRestImpl. deassign(Group group, String member)
Deassign a member from an existing group node.void
AdminMgrRestImpl. deassignUser(UserRole uRole)
This command deletes the assignment of the User from the Role entities.void
DelAdminMgrRestImpl. deassignUser(UserAdminRole uAdminRole)
This method removes assigned admin role from user entity.void
ConfigMgrRestImpl. delete(String name)
Completely removes named cfg node from the directory.void
ConfigMgrRestImpl. delete(String name, Properties inProperties)
Delete properties from existing cfg node.OrgUnit
DelAdminMgrRestImpl. delete(OrgUnit entity)
Commands deletes existing OrgUnit entity to OrgUnit dataset.Group
GroupMgrRestImpl. delete(Group group)
Delete existing group node.Group
GroupMgrRestImpl. delete(Group group, String key, String value)
Delete existing group node.void
PropertyMgrRestImpl. delete(FortEntity entity, Properties props)
void
PwPolicyMgrRestImpl. delete(PwPolicy policy)
This method will delete exiting policy entry from the POLICIES data set.SDSet
AdminMgrRestImpl. deleteDsdRoleMember(SDSet dsdSet, Role role)
This command removes a role from a named DSD set of roles.SDSet
AdminMgrRestImpl. deleteDsdSet(SDSet dsdSet)
This command deletes a DSD role set completely.void
AdminMgrRestImpl. deleteInheritance(Role parentRole, Role childRole)
This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.void
DelAdminMgrRestImpl. deleteInheritance(AdminRole parentRole, AdminRole childRole)
This command deletes an existing immediate inheritance relationship parentRole <<-- childRole.void
DelAdminMgrRestImpl. deleteInheritance(OrgUnit parent, OrgUnit child)
This command deletes an existing immediate inheritance relationship parent <<-- child.void
AdminMgrRestImpl. deletePasswordPolicy(User user)
Method will delete user's password policy designation.void
PwPolicyMgrRestImpl. deletePasswordPolicy(String userId)
This method will remove the pw policy assignment from a user entity.void
AdminMgrRestImpl. deletePermission(Permission perm)
This method will remove permission operation entity from permission object.void
DelAdminMgrRestImpl. deletePermission(Permission perm)
This method will remove administrative permission operation entity from permission object.void
AdminMgrRestImpl. deletePermissionAttributeSet(PermissionAttributeSet permAttributeSet)
This method will delete a permission attribute set object.void
AdminMgrRestImpl. deletePermObj(PermObj pObj)
This method will remove permission object to perms container in directory.void
DelAdminMgrRestImpl. deletePermObj(PermObj pObj)
This method will remove administrative permission object from perms container in directory.void
AdminMgrRestImpl. deleteRole(Role role)
This command deletes an existing role from the RBAC database.void
DelAdminMgrRestImpl. deleteRole(AdminRole role)
This command deletes an existing admin role from the ARBAC database.SDSet
AdminMgrRestImpl. deleteSsdRoleMember(SDSet ssdSet, Role role)
This command removes a role from a named SSD set of roles.SDSet
AdminMgrRestImpl. deleteSsdSet(SDSet ssdSet)
This command deletes a SSD role set completely.void
AdminMgrRestImpl. deleteUser(User user)
This command deletes an existing user from the RBAC database.void
AdminMgrRestImpl. disableRoleConstraint(Role role, RoleConstraint roleConstraint)
This method disables a role to be constrainted by attributes.void
AdminMgrRestImpl. disableUser(User user)
This command deletes an existing user from the RBAC database.void
AccessMgrRestImpl. dropActiveRole(Session session, UserRole role)
This function deletes a role from the active role set of a session owned by a given user.void
DelAccessMgrRestImpl. dropActiveRole(Session session, UserAdminRole role)
This function deactivates adminRole from the active adminRole set of a session owned by a given user.SDSet
ReviewMgrRestImpl. dsdRoleSet(SDSet set)
This function returns the DSD data set that matches a particular set name.int
ReviewMgrRestImpl. dsdRoleSetCardinality(SDSet dsd)
This function returns the cardinality associated with a DSD role set.Set<String>
ReviewMgrRestImpl. dsdRoleSetRoles(SDSet dsd)
This function returns the set of roles of a DSD role set.List<SDSet>
ReviewMgrRestImpl. dsdRoleSets(Role role)
This function returns the list of all dSD role sets that have a particular Role as member or Role's parent as a member.List<SDSet>
ReviewMgrRestImpl. dsdSets(SDSet dsd)
This function returns the list of DSDs that match a given dsd name value.void
AdminMgrRestImpl. enableRoleConstraint(Role role, RoleConstraint roleConstraint)
This method enables a role to be constrainted by attributes.List<Group>
GroupMgrRestImpl. find(Group group)
Search using a full or partial group node.List<Group>
GroupMgrRestImpl. find(User user)
Search for groups by userId.List<Permission>
ReviewMgrRestImpl. findAnyPermissions(Permission permission)
Method returns a list of Permissions that match any part of the permission object or operation.List<Permission>
ReviewMgrRestImpl. findPermissions(Permission permission)
Method returns a list of type Permission that match the perm object search string.List<PermObj>
ReviewMgrRestImpl. findPermObjs(OrgUnit ou)
Method returns a list of type Permission that match the perm object search string.List<PermObj>
ReviewMgrRestImpl. findPermObjs(PermObj permObj)
Method returns a list of type PermObj that match the perm object search string.List<Permission>
ReviewMgrRestImpl. findPermsByObj(PermObj permObj)
Method returns Permission operations for the provided permission objectList<RoleConstraint>
ReviewMgrRestImpl. findRoleConstraints(User user, Permission permission, RoleConstraint.RCType rcType)
Find all of the role constraints for the given user and permission attribute set.List<AdminRole>
DelReviewMgrRestImpl. findRoles(String searchVal)
Method will return a list of type Admin Role.List<Role>
ReviewMgrRestImpl. findRoles(String searchVal)
Method will return a list of type Role matching all or part of Role name, Role#name}.List<String>
ReviewMgrRestImpl. findRoles(String searchVal, int limit)
Method returns a list of roles of type String.List<User>
ReviewMgrRestImpl. findUsers(OrgUnit ou)
Return a list of type User of all users in the people container that match the name field passed in OrgUnit entity.List<User>
ReviewMgrRestImpl. findUsers(User user)
Return a list of type User of all users in the people container that match all or part of the User#userId field passed in User entity.List<String>
ReviewMgrRestImpl. findUsers(User user, int limit)
Return a list of type String of all users in the people container that match the userId field passed in User entity.Properties
PropertyMgrRestImpl. get(FortEntity entity)
Configuration
ConfigMgrRestImpl. getIds(String name)
Read an existing cfg node with given name and return posixIds to caller.User
AccessMgrRestImpl. getUser(Session session)
This function returns the user object that is contained within the session object.List<AuthZ>
AuditMgrRestImpl. getUserAuthZs(UserAudit uAudit)
This method returns a list of authorization events for a particular userUserAudit.userId
and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by settingUserAudit.failedOnly
.String
AccessMgrRestImpl. getUserId(Session session)
This function returns the userId value that is contained within the session object.void
AdminMgrRestImpl. grantPermission(Permission perm, Role role)
This command grants a role the permission to perform an operation on an object to a role.void
AdminMgrRestImpl. grantPermission(Permission perm, User user)
This command grants a user the permission to perform an operation on an object to a role.void
DelAdminMgrRestImpl. grantPermission(Permission perm, AdminRole role)
This command grants an AdminRole the administrative permission to perform an operation on an object to a role.void
DelAdminMgrRestImpl. grantPermission(Permission perm, User user)
This command grants a user the administrative permission to perform an operation on an object to a user.List<UserRole>
GroupMgrRestImpl. groupRoles(Group group)
Read an existing group node's roles.boolean
AccessMgrRestImpl. isUserInRole(User user, Role role, boolean isTrusted)
Combine createSession and a role check into a single method.void
AdminMgrRestImpl. lockUserAccount(User user)
Method will lock user's password which will prevent the user from authenticating with directory.List<String>
ReviewMgrRestImpl. permissionRoles(Permission perm)
Return a list of type String of all roles that have granted a particular permission.List<String>
ReviewMgrRestImpl. permissionUsers(Permission perm)
Return all userIds that have been granted (directly) a particular permission.Configuration
ConfigMgrRestImpl. read(String name)
Read an existing cfg node with given name and return to caller.OrgUnit
DelReviewMgrRestImpl. read(OrgUnit entity)
Commands reads existing OrgUnit entity from OrgUnit dataset.Group
GroupMgrRestImpl. read(Group group)
Read an existing group node.PwPolicy
PwPolicyMgrRestImpl. read(String name)
This method will return the password policy entity to the caller.PermissionAttributeSet
ReviewMgrRestImpl. readPermAttributeSet(PermissionAttributeSet permAttributeSet)
Method read permission attribute set in directoryPermission
ReviewMgrRestImpl. readPermission(Permission permission)
This method returns a matching permission entity to caller.PermObj
ReviewMgrRestImpl. readPermObj(PermObj permObj)
Method reads permission object from perm container in directory.AdminRole
DelReviewMgrRestImpl. readRole(AdminRole role)
Method reads Admin Role entity from the admin role container in directory.Role
ReviewMgrRestImpl. readRole(Role role)
Method reads Role entity from the role container in directory.User
ReviewMgrRestImpl. readUser(User user)
Method returns matching User entity that is contained within the people container in the directory.void
AdminMgrRestImpl. removePermissionAttributeFromSet(PermissionAttribute permAttribute, String attributeSetName)
This method removed a permission attribute (ftPA) from an existing permission attribute set.void
AdminMgrRestImpl. removeRoleConstraint(UserRole uRole, String roleConstraintId)
Thie method removes a roleConstraint (ftRC) from the user ldap entry.void
AdminMgrRestImpl. removeRoleConstraint(UserRole uRole, RoleConstraint roleConstraint)
Thie method removes a roleConstraint (ftRC) from the user ldap entry.void
AdminMgrRestImpl. resetPassword(User user, String newPassword)
Method will reset user's password which will require user to change password before successful authentication with directory.void
AdminMgrRestImpl. revokePermission(Permission perm, Role role)
This command revokes the permission to perform an operation on an object from the set of permissions assigned to a role.void
AdminMgrRestImpl. revokePermission(Permission perm, User user)
This command revokes the permission to perform an operation on an object from the set of permissions assigned to a user.void
DelAdminMgrRestImpl. revokePermission(Permission perm, AdminRole role)
This command revokes the administrative permission to perform an operation on an object from the set of permissions assigned to an AdminRole.void
DelAdminMgrRestImpl. revokePermission(Permission perm, User user)
This command revokes the administrative permission to perform an operation on an object from the set of permissions assigned to a user.List<Group>
GroupMgrRestImpl. roleGroups(Role role)
Search for groups by role name.List<PermissionAttributeSet>
ReviewMgrRestImpl. rolePermissionAttributeSets(Role role, boolean noInhertiance)
This function returns all the permission attribute set (which contain 0 to many permission attributes) for a given role.List<Permission>
DelReviewMgrRestImpl. rolePermissions(AdminRole role)
List<Permission>
DelReviewMgrRestImpl. rolePermissions(AdminRole role, boolean noInheritance)
List<Permission>
ReviewMgrRestImpl. rolePermissions(Role role)
This function returns the set of all permissions (op, obj), granted to or inherited by a given role.List<Permission>
ReviewMgrRestImpl. rolePermissions(Role role, boolean noInheritance)
This function returns the set of all permissions (op, obj), granted to or inherited by a given role.List<OrgUnit>
DelReviewMgrRestImpl. search(OrgUnit.Type type, String searchVal)
Commands searches existing OrgUnit entities from OrgUnit dataset.List<PwPolicy>
PwPolicyMgrRestImpl. search(String searchVal)
This method will return a list of all password policy entities that match a particular search string.List<Mod>
AuditMgrRestImpl. searchAdminMods(UserAudit uAudit)
This method returns a list of admin operations events for a particular entityUserAudit.dn
, objectUserAudit.objName
and timestampUserAudit.beginDate
.List<AuthZ>
AuditMgrRestImpl. searchAuthZs(UserAudit uAudit)
This method returns a list of authorization events for a particular userUserAudit.userId
, objectUserAudit.objName
, and given timestamp fieldUserAudit.beginDate
.
Method also can discriminate between all events or failed only by setting flagUserAudit.failedOnly
..List<Bind>
AuditMgrRestImpl. searchBinds(UserAudit uAudit)
This method returns a list of authentication audit events for a particular userUserAudit.userId
, and given timestamp fieldUserAudit.beginDate
.List<AuthZ>
AuditMgrRestImpl. searchInvalidUsers(UserAudit uAudit)
This method returns a list of failed authentication attempts on behalf of an invalid identityUserAudit.userId
, and given timestampUserAudit.beginDate
.List<Mod>
AuditMgrRestImpl. searchUserSessions(UserAudit uAudit)
This method returns a list of sessions created for a given userUserAudit.userId
, and timestampUserAudit.beginDate
.List<UserAdminRole>
DelAccessMgrRestImpl. sessionAdminRoles(Session session)
This function returns the active admin roles associated with a session.List<Permission>
AccessMgrRestImpl. sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.List<Permission>
DelAccessMgrRestImpl. sessionPermissions(Session session)
This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.List<UserRole>
AccessMgrRestImpl. sessionRoles(Session session)
This function returns the active roles associated with a session.SDSet
AdminMgrRestImpl. setDsdSetCardinality(SDSet dsdSet, int cardinality)
This command sets the cardinality associated with a given DSD role set.SDSet
AdminMgrRestImpl. setSsdSetCardinality(SDSet ssdSet, int cardinality)
This command sets the cardinality associated with a given SSD role set.SDSet
ReviewMgrRestImpl. ssdRoleSet(SDSet set)
This function returns the SSD data set that matches a particular set name.int
ReviewMgrRestImpl. ssdRoleSetCardinality(SDSet ssd)
This function returns the cardinality associated with a SSD role set.Set<String>
ReviewMgrRestImpl. ssdRoleSetRoles(SDSet ssd)
This function returns the set of roles of a SSD role set.List<SDSet>
ReviewMgrRestImpl. ssdRoleSets(Role role)
This function returns the list of all SSD role sets that have a particular Role as member or Role's parent as a member.List<SDSet>
ReviewMgrRestImpl. ssdSets(SDSet ssd)
This function returns the list of SSDs that match a given ssd name value.void
AdminMgrRestImpl. unlockUserAccount(User user)
Method will unlock user's password which will enable user to authenticate with directory.Configuration
ConfigMgrRestImpl. update(Configuration cfg)
Update existing cfg node with additional properties, or, replace existing properties.OrgUnit
DelAdminMgrRestImpl. update(OrgUnit entity)
Commands updates existing OrgUnit entity to OrgUnit dataset.Group
GroupMgrRestImpl. update(Group group)
Modify existing group node.FortEntity
PropertyMgrRestImpl. update(FortEntity entity, Properties props)
void
PwPolicyMgrRestImpl. update(PwPolicy policy)
This method will update an exiting policy entry to the POLICIES data set.SDSet
AdminMgrRestImpl. updateDsdSet(SDSet dsdSet)
This command updates existing DSD set of roles and sets the cardinality n of its subsets that cannot have common users.Permission
AdminMgrRestImpl. updatePermission(Permission perm)
This method will update permission operation pre-existing in target directory underou=Permissions,ou=RBAC,dc=yourHostName,dc=com
container in directory information tree.Permission
DelAdminMgrRestImpl. updatePermission(Permission perm)
This method will update administrative permission operation pre-existing in target directory underou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com
container in directory information tree.void
AdminMgrRestImpl. updatePermissionAttributeInSet(PermissionAttribute permAttribute, String attributeSetName, boolean replaceValidValues)
This method updates a permission attribute (ftPA) on a permission attribute set.PermObj
AdminMgrRestImpl. updatePermObj(PermObj pObj)
This method will update permission object in perms container in directory.PermObj
DelAdminMgrRestImpl. updatePermObj(PermObj pObj)
This method will update administrative permission object in perms container in directory.void
ConfigMgrRestImpl. updateProperty(String name, String key, String value, String newValue)
This method will update a single property with a new value..Role
AdminMgrRestImpl. updateRole(Role role)
Method will update a Role entity in the directory.AdminRole
DelAdminMgrRestImpl. updateRole(AdminRole role)
Method will update an AdminRole entity in the directory.SDSet
AdminMgrRestImpl. updateSsdSet(SDSet ssdSet)
This command updates existing SSD set of roles and sets the cardinality n of its subsets that cannot have common users.User
AdminMgrRestImpl. updateUser(User user)
This method performs an update on User entity in directory.void
PwPolicyMgrRestImpl. updateUserPolicy(String userId, String name)
This method will associate a user entity with a password policy entity.List<Permission>
ReviewMgrRestImpl. userPermissions(User user)
This function returns the set of permissions a given user gets through his/her authorized roles. -
Uses of SecurityException in org.apache.directory.fortress.core.util
Methods in org.apache.directory.fortress.core.util that throw SecurityException Modifier and Type Method Description void
VUtil. validateConstraints(Session session, VUtil.ConstraintType type, boolean checkDsd)
This utility iterates over all of the Validators initialized for runtime and calls them passing theConstraint
contained within the targeted entity. -
Uses of SecurityException in org.apache.directory.fortress.core.util.time
Methods in org.apache.directory.fortress.core.util.time that throw SecurityException Modifier and Type Method Description int
Validator. validate(Session session, Constraint constraint, Time time, VUtil.ConstraintType type)
This method is called during activation ofUserRole
andUserAdminRole
-