Class AdminRole
- java.lang.Object
-
- org.apache.directory.fortress.core.model.FortEntity
-
- org.apache.directory.fortress.core.model.Role
-
- org.apache.directory.fortress.core.model.AdminRole
-
- All Implemented Interfaces:
Serializable
,Administrator
,Constraint
,Graphable
- Direct Known Subclasses:
AdminRoleAnt
public class AdminRole extends Role implements Administrator
All entities (AdminRole
,OrgUnit
,SDSet
etc...) are used to carry data between three Fortress layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into (3) DAO layer where persistence with the LDAP server occurs.Fortress Processing Layers
- Manager layer:
DelAdminMgrImpl
,DelAccessMgrImpl
,DelReviewMgrImpl
,... - Process layer: org.apache.directory.fortress.core.impl.AdminRoleP, org.apache.directory.fortress.core.impl.OrgUnitP,...
- DAO layer: org.apache.directory.fortress.core.impl.AdminRoleDAO, org.apache.directory.fortress.core.impl.OrgUnitDAO,...
For example, this entity requires AdminRole#name set before passing intoDelAdminMgrImpl
orDelReviewMgrImpl
APIs. Create methods usually require more attributes (than Read) due to constraints enforced between entities.This entity extends the
Role
entity and is used to store the ARBAC AdminRole assignments that comprise the many-to-many relationships between Users and Administrative Permissions. In addition it is used to store the ARBACOrgUnit.Type.PERM
andOrgUnit.Type.USER
OU information that adheres to the AdminRole entity in the ARBAC02 model.
The unique key to locate AdminRole entity (which is subsequently assigned both to Users and administrative Permissions) is AdminRole#name.
There is a many-to-many relationship between User's, Administrative Roles and Administrative Permissions.
User
*-*AdminRole
*-*Permission
Example to create new ARBAC AdminRole:AdminRole myRole = new AdminRole("MyRoleName");
myRole.setDescription("This is a test admin role");
DelAdminMgr delAdminMgr = DelAdminMgrFactory.createInstance();
delAdminMgr.addRole(myRole);
This will create a AdminRole name that can be used as a target for User-AdminRole assignments and AdminRole-AdminPermission grants.
Administrative Role Schema
The Fortress AdminRole entity is a composite of the following other Fortress structural and aux object classes:1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.
------------------------------------------ objectclass ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) ------------------------------------------
2. ftRls Structural objectclass is used to store the AdminRole information like name, and temporal constraints.
------------------------------------------ Fortress Roles Structural Object Class objectclass ( 1.3.6.1.4.1.38088.2.1 NAME 'ftRls' DESC 'Fortress Role Structural Object Class' SUP organizationalrole STRUCTURAL MUST ( ftId $ ftRoleName ) MAY ( description $ ftCstr $ ftParents ) ) ------------------------------------------
3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.
# This aux object class can be used to store custom attributes.
# The properties collections consist of name/value pairs and are not constrainted by Fortress.
------------------------------------------ AC2: Fortress Properties Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.2 NAME 'ftProperties' DESC 'Fortress Properties AUX Object Class' AUXILIARY MAY ( ftProps ) ) ------------------------------------------
4. ftPools Auxiliary object class store the ARBAC Perm and User OU assignments on AdminRole entity.
------------------------------------------ Fortress Organizational Pools Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.3 NAME 'ftPools' DESC 'Fortress Pools AUX Object Class' AUXILIARY MAY ( ftOSU $ ftOSP $ ftRange ) ) ------------------------------------------
5. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
------------------------------------------ Fortress Audit Modification Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.4 NAME 'ftMods' DESC 'Fortress Modifiers AUX Object Class' AUXILIARY MAY ( ftModifier $ ftModCode $ ftModId ) ) ------------------------------------------
- Author:
- Apache Directory Project
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.directory.fortress.core.model.FortEntity
adminSession, contextId, modCode, modId, sequenceId
-
-
Constructor Summary
Constructors Constructor Description AdminRole()
Default constructor is used by internal Fortress classes.AdminRole(String name)
Construct an AdminRole entity with a given name.AdminRole(Constraint con)
Construct an Admin Role with a given temporal constraint.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
equals(Object thatObj)
Matches the name from two AdminRole entities.String
getBeginRange()
Return the begin Role range attribute for AdminRole entity which corresponds to lowest descendant.String
getEndRange()
Return the end Role range attribute for AdminRole entity which corresponds to highest ascendant.Set<String>
getOsPSet()
Get a collection of optional Perm OU attributes that were stored on the AdminRole entity.Set<String>
getOsUSet()
Get a collection of optional User OU attributes that were stored on the AdminRole entity.String
getRoleRangeRaw()
Get the raw format for role range using current AdminRole entity attributes.int
hashCode()
boolean
isBeginInclusive()
Get the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.boolean
isEndInclusive()
Get the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.void
setBeginInclusive(boolean beginInclusive)
Set the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.void
setBeginRange(String beginRange)
Set the begin Role range attribute for AdminRole entity which corresponds to lowest descendant.void
setEndInclusive(boolean endInclusive)
Set the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.void
setEndRange(String endRange)
Set the end Role range attribute for AdminRole entity which corresponds to highest ascendant.void
setOsP(String osP)
Set a Perm OU attribute to be stored on the AdminRole entity.void
setOsPSet(Set<String> osPs)
Set a collection of optional Perm OU attributes to be stored on the AdminRole entity.void
setOsU(String osU)
Set a User OU attribute to be stored on the AdminRole entity.void
setOsUSet(Set<String> osUs)
Set a collection of optional User OU attributes to be stored on the AdminRole entity.void
setRoleRangeRaw(String szRaw)
Load the role range attributes given a raw format.String
toString()
-
Methods inherited from class org.apache.directory.fortress.core.model.Role
addProperties, delParent, getBeginDate, getBeginLockDate, getBeginTime, getChildren, getConstraints, getDayMask, getDescription, getDn, getEndDate, getEndLockDate, getEndTime, getGidNumber, getId, getName, getOccupants, getParents, getProperties, getRawData, getTimeout, isTemporalSet, setBeginDate, setBeginLockDate, setBeginTime, setChildren, setDayMask, setDescription, setDn, setEndDate, setEndLockDate, setEndTime, setGidNumber, setId, setId, setName, setOccupant, setOccupants, setParent, setParents, setRawData, setTimeout, toString
-
Methods inherited from class org.apache.directory.fortress.core.model.FortEntity
getAdminSession, getContextId, getModCode, getModId, getSequenceId, setAdminSession, setContextId, setModCode, setSequenceId
-
-
-
-
Constructor Detail
-
AdminRole
public AdminRole()
Default constructor is used by internal Fortress classes.
-
AdminRole
public AdminRole(Constraint con)
Construct an Admin Role with a given temporal constraint.- Parameters:
con
- maps to 'OamRC' attribute for 'ftTemporal' aux object classes.
-
AdminRole
public AdminRole(String name)
Construct an AdminRole entity with a given name.
-
-
Method Detail
-
setRoleRangeRaw
public void setRoleRangeRaw(String szRaw)
Load the role range attributes given a raw format. This method is used internal to Fortress and is not intended to be used by external callers.- Specified by:
setRoleRangeRaw
in interfaceAdministrator
- Parameters:
szRaw
- maps to 'ftRange' attribute on 'ftPools' aux object class.
-
getRoleRangeRaw
public String getRoleRangeRaw()
Get the raw format for role range using current AdminRole entity attributes. This method is used internal to Fortress and is not intended to be used by external callers.- Specified by:
getRoleRangeRaw
in interfaceAdministrator
- Returns:
- String maps to 'ftRange' attribute on 'ftPools' aux object class.
-
getOsPSet
public Set<String> getOsPSet()
Get a collection of optional Perm OU attributes that were stored on the AdminRole entity.- Specified by:
getOsPSet
in interfaceAdministrator
- Returns:
- List of type String containing Perm OU. This maps to 'ftOSP' attribute on 'ftPools' aux object class.
-
setOsPSet
public void setOsPSet(Set<String> osPs)
Set a collection of optional Perm OU attributes to be stored on the AdminRole entity.- Specified by:
setOsPSet
in interfaceAdministrator
- Parameters:
osPs
- is a List of type String containing Perm OU. This maps to 'ftOSP' attribute on 'ftPools' aux object class.
-
setOsP
public void setOsP(String osP)
Set a Perm OU attribute to be stored on the AdminRole entity.- Specified by:
setOsP
in interfaceAdministrator
- Parameters:
osP
- is a Perm OU that maps to 'ftOSP' attribute on 'ftPools' aux object class.
-
getOsUSet
public Set<String> getOsUSet()
Get a collection of optional User OU attributes that were stored on the AdminRole entity.- Specified by:
getOsUSet
in interfaceAdministrator
- Returns:
- List of type String containing User OU. This maps to 'ftOSU' attribute on 'ftPools' aux object class.
-
setOsUSet
public void setOsUSet(Set<String> osUs)
Set a collection of optional User OU attributes to be stored on the AdminRole entity.- Specified by:
setOsUSet
in interfaceAdministrator
- Parameters:
osUs
- is a List of type String containing User OU. This maps to 'ftOSU' attribute on 'ftPools' aux object class.
-
setOsU
public void setOsU(String osU)
Set a User OU attribute to be stored on the AdminRole entity.- Specified by:
setOsU
in interfaceAdministrator
- Parameters:
osU
- is a User OU that maps to 'ftOSU' attribute on 'ftPools' aux object class.
-
getBeginRange
public String getBeginRange()
Return the begin Role range attribute for AdminRole entity which corresponds to lowest descendant.- Specified by:
getBeginRange
in interfaceAdministrator
- Returns:
- String that maps to 'ftRange' attribute on 'ftPools' aux object class.
-
setBeginRange
public void setBeginRange(String beginRange)
Set the begin Role range attribute for AdminRole entity which corresponds to lowest descendant.- Specified by:
setBeginRange
in interfaceAdministrator
- Parameters:
beginRange
- maps to 'ftRange' attribute on 'ftPools' aux object class.
-
getEndRange
public String getEndRange()
Return the end Role range attribute for AdminRole entity which corresponds to highest ascendant.- Specified by:
getEndRange
in interfaceAdministrator
- Returns:
- String that maps to 'ftRange' attribute on 'ftPools' aux object class.
-
setEndRange
public void setEndRange(String endRange)
Set the end Role range attribute for AdminRole entity which corresponds to highest ascendant.- Specified by:
setEndRange
in interfaceAdministrator
- Parameters:
endRange
- maps to 'ftRange' attribute on 'ftPools' aux object class.
-
isBeginInclusive
public boolean isBeginInclusive()
Get the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.- Specified by:
isBeginInclusive
in interfaceAdministrator
- Returns:
- String that maps to 'ftRange' attribute on 'ftPools' aux object class.
-
setBeginInclusive
public void setBeginInclusive(boolean beginInclusive)
Set the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.- Specified by:
setBeginInclusive
in interfaceAdministrator
- Parameters:
beginInclusive
- maps to 'ftRange' attribute on 'ftPools' aux object class.
-
isEndInclusive
public boolean isEndInclusive()
Get the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.- Specified by:
isEndInclusive
in interfaceAdministrator
- Returns:
- String that maps to 'ftRange' attribute on 'ftPools' aux object class.
-
setEndInclusive
public void setEndInclusive(boolean endInclusive)
Set the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.- Specified by:
setEndInclusive
in interfaceAdministrator
- Parameters:
endInclusive
- maps to 'ftRange' attribute on 'ftPools' aux object class.
-
equals
public boolean equals(Object thatObj)
Matches the name from two AdminRole entities.
-
toString
public String toString()
- Overrides:
toString
in classRole
- See Also:
Object.toString()
-
-