Class DelReviewMgrImpl
- java.lang.Object
-
- org.apache.directory.fortress.core.impl.Manageable
-
- org.apache.directory.fortress.core.impl.DelReviewMgrImpl
-
- All Implemented Interfaces:
Serializable
,DelReviewMgr
,Manageable
public class DelReviewMgrImpl extends Manageable implements DelReviewMgr, Serializable
This class implements the ARBAC02 DelReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC entities that reside in LDAP directory. These APIs map directly to similar named APIs specified by ARBAC02 functions. The ARBAC Functional specification describes delegated administrative operations for the creation and maintenance of ARBAC element sets and relations. Delegated administrative review functions for performing administrative queries and system functions for creating and managing ARBAC attributes on user sessions and making delegated administrative access control decisions.Administrative Role Based Access Control (ARBAC)
Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration. ARBAC provides large enterprises the capability to delegate administrative authority to users that reside outside of the security admin group. Decentralizing administration helps because it provides security provisioning capability to work groups without sacrificing regulations for accountability or traceability.
This class is NOT thread safe if parent instance variables (
Manageable.contextId
orManageable.adminSess
) are set.- Author:
- Apache Directory Project
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.directory.fortress.core.impl.Manageable
adminSess, contextId
-
-
Constructor Summary
Constructors Constructor Description DelReviewMgrImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<UserAdminRole>
assignedRoles(User user)
This function returns the set of admin roles assigned to a given user.List<User>
assignedUsers(AdminRole role)
This method returns the data set of all users who are assigned the given admin role.List<AdminRole>
findRoles(String searchVal)
Method will return a list of type Admin Role.OrgUnit
read(OrgUnit entity)
Commands reads existing OrgUnit entity from OrgUnit dataset.AdminRole
readRole(AdminRole role)
Method reads Admin Role entity from the admin role container in directory.List<Permission>
rolePermissions(AdminRole role)
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role.List<Permission>
rolePermissions(AdminRole role, boolean noInheritance)
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role.List<OrgUnit>
search(OrgUnit.Type type, String searchVal)
Commands searches existing OrgUnit entities from OrgUnit dataset.-
Methods inherited from class org.apache.directory.fortress.core.impl.Manageable
assertContext, assertContext, checkAccess, getFullMethodName, setAdmin, setAdminData, setContextId, setEntitySession
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.directory.fortress.core.Manageable
setAdmin, setContextId
-
-
-
-
Method Detail
-
readRole
public AdminRole readRole(AdminRole role) throws SecurityException
Method reads Admin Role entity from the admin role container in directory.required parameters
Role.name
- contains the name of the AdminRole being targeted for read
- Specified by:
readRole
in interfaceDelReviewMgr
- Parameters:
role
- contains role name to be read.- Returns:
- AdminRole entity that corresponds with role name.
- Throws:
SecurityException
- will be thrown if role not found or system error occurs.
-
findRoles
public List<AdminRole> findRoles(String searchVal) throws SecurityException
Method will return a list of type Admin Role.required parameters
Role.name
- contains all or some chars in the name of AdminRole(s) targeted for search
- Specified by:
findRoles
in interfaceDelReviewMgr
- Parameters:
searchVal
- contains the all or some of the chars corresponding to admin role entities stored in directory.- Returns:
- List of type AdminRole containing role entities that match the search criteria.
- Throws:
SecurityException
- in the event of system error.
-
assignedRoles
public List<UserAdminRole> assignedRoles(User user) throws SecurityException
This function returns the set of admin roles assigned to a given user. The function is valid if and only if the user is a member of the USERS data set.required parameters
User.userId
- contains the userId associated with the User object targeted for search.
- Specified by:
assignedRoles
in interfaceDelReviewMgr
- Parameters:
user
- contains userId matching user entity stored in the directory.- Returns:
- List of type UserAdminRole containing the user admin role data.
- Throws:
SecurityException
- If user not found or system error occurs.
-
assignedUsers
public List<User> assignedUsers(AdminRole role) throws SecurityException
This method returns the data set of all users who are assigned the given admin role. This searches the User data set for AdminRole relationship. This method does NOT search for hierarchical Admin Roles relationships.required parameters
Role.name
- contains the name of AdminRole targeted for search
- Specified by:
assignedUsers
in interfaceDelReviewMgr
- Parameters:
role
- contains the role name used to search the User data set.- Returns:
- List of type User containing the users assigned data.
- Throws:
SecurityException
- If system error occurs.
-
read
public OrgUnit read(OrgUnit entity) throws SecurityException
Commands reads existing OrgUnit entity from OrgUnit dataset. The OrgUnit can be either User or Perm and is set by setting type attribute.required parameters
-
OrgUnit.name
- contains the name associated with the OrgUnit object targeted for search. -
OrgUnit.type
- contains the type of OU:OrgUnit.Type.USER
orOrgUnit.Type.PERM
- Specified by:
read
in interfaceDelReviewMgr
- Parameters:
entity
- contains OrgUnit name and type.- Returns:
- OrgUnit entity that corresponds with ou name and type.
- Throws:
SecurityException
- in the event of data validation or system error.
-
-
search
public List<OrgUnit> search(OrgUnit.Type type, String searchVal) throws SecurityException
Commands searches existing OrgUnit entities from OrgUnit dataset. The OrgUnit can be either User or Perm and is set by setting type parameter on API.required parameters
-
OrgUnit.type
- contains the type of OU:OrgUnit.Type.USER
orOrgUnit.Type.PERM
- searchVal - contains some or all of the chars associated with the OrgUnit objects targeted for search.
- Specified by:
search
in interfaceDelReviewMgr
- Parameters:
type
- either PERM or USERsearchVal
- contains the leading chars that map toOrgUnit.name
on existing OrgUnit(s) targeted for search.- Returns:
- List of type OrgUnit containing the OrgUnit data.
- Throws:
SecurityException
- in the event of data validation or system error.
-
-
rolePermissions
public List<Permission> rolePermissions(AdminRole role) throws SecurityException
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role. The function is valid if and only if the role is a member of the ROLES data set.required parameters
Role.name
- contains the name to use for the AdminRole targeted for search.
- Specified by:
rolePermissions
in interfaceDelReviewMgr
- Parameters:
role
- contains role name,Role.name
of AdminRole entity Permission is granted to.- Returns:
- List of type Permission that contains all perms granted to a role.
- Throws:
SecurityException
- In the event system error occurs.
-
rolePermissions
public List<Permission> rolePermissions(AdminRole role, boolean noInheritance) throws SecurityException
This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role. The function is valid if and only if the role is a member of the ROLES data set.required parameters
Role.name
- contains the name to use for the AdminRole targeted for search.
- Specified by:
rolePermissions
in interfaceDelReviewMgr
- Parameters:
role
- contains role name,Role.name
of AdminRole entity Permission is granted to.noInheritance
- if true will NOT include inherited roles in the search.- Returns:
- List of type Permission that contains all perms granted to a role.
- Throws:
SecurityException
- In the event system error occurs.
-
-