Class AdminRole

  • All Implemented Interfaces:
    Serializable, Administrator, Constraint, Graphable
    Direct Known Subclasses:
    AdminRoleAnt

    public class AdminRole
    extends Role
    implements Administrator
    All entities (AdminRole, OrgUnit, SDSet etc...) are used to carry data between three Fortress layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into (3) DAO layer where persistence with the LDAP server occurs.

    Fortress Processing Layers

    1. Manager layer: DelAdminMgrImpl, DelAccessMgrImpl, DelReviewMgrImpl,...
    2. Process layer: org.apache.directory.fortress.core.impl.AdminRoleP, org.apache.directory.fortress.core.impl.OrgUnitP,...
    3. DAO layer: org.apache.directory.fortress.core.impl.AdminRoleDAO, org.apache.directory.fortress.core.impl.OrgUnitDAO,...
    Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs. The caller must provide enough information to uniquely identity the entity target within ldap.
    For example, this entity requires AdminRole#name set before passing into DelAdminMgrImpl or DelReviewMgrImpl APIs. Create methods usually require more attributes (than Read) due to constraints enforced between entities.

    This entity extends the Role entity and is used to store the ARBAC AdminRole assignments that comprise the many-to-many relationships between Users and Administrative Permissions. In addition it is used to store the ARBAC OrgUnit.Type.PERM and OrgUnit.Type.USER OU information that adheres to the AdminRole entity in the ARBAC02 model.
    The unique key to locate AdminRole entity (which is subsequently assigned both to Users and administrative Permissions) is AdminRole#name.

    There is a many-to-many relationship between User's, Administrative Roles and Administrative Permissions. User*-*AdminRole*-*Permission Example to create new ARBAC AdminRole:

    AdminRole myRole = new AdminRole("MyRoleName");
    myRole.setDescription("This is a test admin role");
    DelAdminMgr delAdminMgr = DelAdminMgrFactory.createInstance();
    delAdminMgr.addRole(myRole);

    This will create a AdminRole name that can be used as a target for User-AdminRole assignments and AdminRole-AdminPermission grants.

    Administrative Role Schema

    The Fortress AdminRole entity is a composite of the following other Fortress structural and aux object classes:

    1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.

     ------------------------------------------
     objectclass ( 2.5.6.8 NAME 'organizationalRole'
      DESC 'RFC2256: an organizational role'
      SUP top STRUCTURAL
      MUST cn
      MAY (
          x121Address $ registeredAddress $ destinationIndicator $
          preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
          telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
          seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
          postOfficeBox $ postalCode $ postalAddress $
          physicalDeliveryOfficeName $ ou $ st $ l $ description
      )
     )
     ------------------------------------------
     

    2. ftRls Structural objectclass is used to store the AdminRole information like name, and temporal constraints.

     ------------------------------------------
     Fortress Roles Structural Object Class
     objectclass    ( 1.3.6.1.4.1.38088.2.1
      NAME 'ftRls'
      DESC 'Fortress Role Structural Object Class'
      SUP organizationalrole
      STRUCTURAL
      MUST (
          ftId $
          ftRoleName
      )
      MAY (
          description $
          ftCstr $
          ftParents
      )
     )
     ------------------------------------------
     

    3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.
    # This aux object class can be used to store custom attributes.
    # The properties collections consist of name/value pairs and are not constrainted by Fortress.

     ------------------------------------------
     AC2: Fortress Properties Auxiliary Object Class
     objectclass ( 1.3.6.1.4.1.38088.3.2
      NAME 'ftProperties'
      DESC 'Fortress Properties AUX Object Class'
      AUXILIARY
      MAY (
          ftProps
      )
     )
     ------------------------------------------
     

    4. ftPools Auxiliary object class store the ARBAC Perm and User OU assignments on AdminRole entity.

     ------------------------------------------
     Fortress Organizational Pools Auxiliary Object Class
     objectclass ( 1.3.6.1.4.1.38088.3.3
      NAME 'ftPools'
      DESC 'Fortress Pools AUX Object Class'
      AUXILIARY
      MAY (
          ftOSU  $
          ftOSP  $
          ftRange
      )
     )
     ------------------------------------------
     

    5. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.

     ------------------------------------------
     Fortress Audit Modification Auxiliary Object Class
     objectclass ( 1.3.6.1.4.1.38088.3.4
      NAME 'ftMods'
      DESC 'Fortress Modifiers AUX Object Class'
      AUXILIARY
      MAY (
          ftModifier $
          ftModCode $
          ftModId
      )
     )
     ------------------------------------------
     
    Author:
    Apache Directory Project
    See Also:
    Serialized Form
    • Constructor Detail

      • AdminRole

        public AdminRole()
        Default constructor is used by internal Fortress classes.
      • AdminRole

        public AdminRole​(Constraint con)
        Construct an Admin Role with a given temporal constraint.
        Parameters:
        con - maps to 'OamRC' attribute for 'ftTemporal' aux object classes.
      • AdminRole

        public AdminRole​(String name)
        Construct an AdminRole entity with a given name.
    • Method Detail

      • setRoleRangeRaw

        public void setRoleRangeRaw​(String szRaw)
        Load the role range attributes given a raw format. This method is used internal to Fortress and is not intended to be used by external callers.
        Specified by:
        setRoleRangeRaw in interface Administrator
        Parameters:
        szRaw - maps to 'ftRange' attribute on 'ftPools' aux object class.
      • getRoleRangeRaw

        public String getRoleRangeRaw()
        Get the raw format for role range using current AdminRole entity attributes. This method is used internal to Fortress and is not intended to be used by external callers.
        Specified by:
        getRoleRangeRaw in interface Administrator
        Returns:
        String maps to 'ftRange' attribute on 'ftPools' aux object class.
      • getOsPSet

        public Set<String> getOsPSet()
        Get a collection of optional Perm OU attributes that were stored on the AdminRole entity.
        Specified by:
        getOsPSet in interface Administrator
        Returns:
        List of type String containing Perm OU. This maps to 'ftOSP' attribute on 'ftPools' aux object class.
      • setOsPSet

        public void setOsPSet​(Set<String> osPs)
        Set a collection of optional Perm OU attributes to be stored on the AdminRole entity.
        Specified by:
        setOsPSet in interface Administrator
        Parameters:
        osPs - is a List of type String containing Perm OU. This maps to 'ftOSP' attribute on 'ftPools' aux object class.
      • setOsP

        public void setOsP​(String osP)
        Set a Perm OU attribute to be stored on the AdminRole entity.
        Specified by:
        setOsP in interface Administrator
        Parameters:
        osP - is a Perm OU that maps to 'ftOSP' attribute on 'ftPools' aux object class.
      • getOsUSet

        public Set<String> getOsUSet()
        Get a collection of optional User OU attributes that were stored on the AdminRole entity.
        Specified by:
        getOsUSet in interface Administrator
        Returns:
        List of type String containing User OU. This maps to 'ftOSU' attribute on 'ftPools' aux object class.
      • setOsUSet

        public void setOsUSet​(Set<String> osUs)
        Set a collection of optional User OU attributes to be stored on the AdminRole entity.
        Specified by:
        setOsUSet in interface Administrator
        Parameters:
        osUs - is a List of type String containing User OU. This maps to 'ftOSU' attribute on 'ftPools' aux object class.
      • setOsU

        public void setOsU​(String osU)
        Set a User OU attribute to be stored on the AdminRole entity.
        Specified by:
        setOsU in interface Administrator
        Parameters:
        osU - is a User OU that maps to 'ftOSU' attribute on 'ftPools' aux object class.
      • getBeginRange

        public String getBeginRange()
        Return the begin Role range attribute for AdminRole entity which corresponds to lowest descendant.
        Specified by:
        getBeginRange in interface Administrator
        Returns:
        String that maps to 'ftRange' attribute on 'ftPools' aux object class.
      • setBeginRange

        public void setBeginRange​(String beginRange)
        Set the begin Role range attribute for AdminRole entity which corresponds to lowest descendant.
        Specified by:
        setBeginRange in interface Administrator
        Parameters:
        beginRange - maps to 'ftRange' attribute on 'ftPools' aux object class.
      • getEndRange

        public String getEndRange()
        Return the end Role range attribute for AdminRole entity which corresponds to highest ascendant.
        Specified by:
        getEndRange in interface Administrator
        Returns:
        String that maps to 'ftRange' attribute on 'ftPools' aux object class.
      • setEndRange

        public void setEndRange​(String endRange)
        Set the end Role range attribute for AdminRole entity which corresponds to highest ascendant.
        Specified by:
        setEndRange in interface Administrator
        Parameters:
        endRange - maps to 'ftRange' attribute on 'ftPools' aux object class.
      • isBeginInclusive

        public boolean isBeginInclusive()
        Get the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.
        Specified by:
        isBeginInclusive in interface Administrator
        Returns:
        String that maps to 'ftRange' attribute on 'ftPools' aux object class.
      • setBeginInclusive

        public void setBeginInclusive​(boolean beginInclusive)
        Set the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.
        Specified by:
        setBeginInclusive in interface Administrator
        Parameters:
        beginInclusive - maps to 'ftRange' attribute on 'ftPools' aux object class.
      • isEndInclusive

        public boolean isEndInclusive()
        Get the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.
        Specified by:
        isEndInclusive in interface Administrator
        Returns:
        String that maps to 'ftRange' attribute on 'ftPools' aux object class.
      • setEndInclusive

        public void setEndInclusive​(boolean endInclusive)
        Set the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.
        Specified by:
        setEndInclusive in interface Administrator
        Parameters:
        endInclusive - maps to 'ftRange' attribute on 'ftPools' aux object class.
      • equals

        public boolean equals​(Object thatObj)
        Matches the name from two AdminRole entities.
        Overrides:
        equals in class Role
        Parameters:
        thatObj - contains an AdminRole entity.
        Returns:
        boolean indicating both objects contain matching AdminRole names.
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Role