Package org.apache.directory.fortress.core.model

Interface Constraint

  • All Known Implementing Classes:
    AdminRole, AdminRoleAnt, Role, User, UserAdminRole, UserAnt, UserRole
    public interface Constraint
    The Fortress Constraint interface prescribes attributes that are used to store, process and retrieve temporal validation attributes on User, UserRole, Role, AdminRole, UserAdminRole entities.

    Temporal Constraints on User and Role Assignments

    In addition to the standard RBAC support, Fortress provides coverage for temporal constraints on role and user activation into session. Temporal constraints affect when Users may activate Roles within runtime system at a particular point in time. For example a nurse may be assigned to the "ChargeNurse" role but be limited as to when she is permitted to perform those duties, i.e. weekend graveyard shift. Another example is a bank teller who is assigned to a "Teller" role but may only act within role between the hours of 9:00 to 5:00 on Monday thru Friday during normal business hours. Additionally Fortress temporal constraints are checked during user authentication to control when a user is actually permitted to sign-on to a system. The constraints may also be applied to enforce temporary blackout periods to cover vacations, leave of absences, sabbaticals, etc.

    Constraint Schema

    The entity maps to Fortress LDAP Schema object classes:

    1. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes.

    • ------------------------------------------
    • objectclass ( 1.3.6.1.4.1.38088.2.1
    • NAME 'ftRls'
    • DESC 'Fortress Role Object Class'
    • SUP organizationalrole
    • STRUCTURAL
    • MUST ( ftId $ ftRoleName )
    • MAY ( description $ ftCstr ) )
    • ------------------------------------------

    2. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity.

    • ------------------------------------------
    • objectclass ( 1.3.6.1.4.1.38088.3.1
    • NAME 'ftUserAttrs'
    • DESC 'Fortress User Attribute AUX Object Class'
    • AUXILIARY
    • MUST ( ftId )
    • MAY ( ftRC $ ftRA $ ftARC $ ftARA $ ftCstr
    • ------------------------------------------

    Author:
    Apache Directory Project

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      String getBeginDate()
      Contains the begin date when entity is allowed to be activated in system.
      String getBeginLockDate()
      Contains the begin lock date when entity is temporarily not allowed to activated in system.
      String getBeginTime()
      Contains the begin time of day entity is allowed to be activated in system.
      List<RoleConstraint> getConstraints()
      Return a list of role constraints on entity.
      String getDayMask()
      Get the daymask that indicates what days of week entity is allowed to be activated in system.
      String getEndDate()
      Contains the end date when entity is allowed to be activated in system.
      String getEndLockDate()
      Contains the end lock date when entity is allowed to be activated in system once again.
      String getEndTime()
      Contains the end time of day entity is allowed to be activated in system.
      String getName()
      This is used internally by Fortress for Constraint operations.
      String getRawData()
      Required on DAO classes convert from raw data to object format.
      Integer getTimeout()
      Return the integer timeout that contains total time ((in minutes)) that entity may remain inactive.
      boolean isTemporalSet()
      temporal boolean flag is used by internal Fortress components.
      void setBeginDate​(String beginDate)
      Set the beginDate when entity is allowed to be activated in system.
      void setBeginLockDate​(String beginLockDate)
      Set the begin lock date when entity is temporarily not allowed to be activated in system.
      void setBeginTime​(String beginTime)
      Set the begin time of day entity is allowed to be activated in system.
      void setDayMask​(String dayMask)
      Set the daymask that specifies what days of week entity is allowed to be activated in system.
      void setEndDate​(String endDate)
      Set the end date when entity is not allowed to be activated in system.
      void setEndLockDate​(String endLockDate)
      Set the end lock date when entity is allowed to be activated in system once again.
      void setEndTime​(String endTime)
      Set the end time of day entity is allowed to be activated in system.
      void setName​(String name)
      This is used internally by Fortress for Constraint operations.
      void setTimeout​(Integer timeout)
      Set the integer timeout that contains max time ((in minutes)) that entity may remain inactive.

    • Method Detail

      • isTemporalSet

        boolean isTemporalSet()
        temporal boolean flag is used by internal Fortress components.
        Returns:
        boolean indicating if temporal constraints are placed on user.

      • setTimeout

        void setTimeout​(Integer timeout)
        Set the integer timeout that contains max time ((in minutes)) that entity may remain inactive. This attribute is optional but if set will be validated for reasonableness.
        Parameters:
        timeout - maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • setBeginTime

        void setBeginTime​(String beginTime)
        Set the begin time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.
        Parameters:
        beginTime - maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • setEndTime

        void setEndTime​(String endTime)
        Set the end time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.
        Parameters:
        endTime - maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • setBeginDate

        void setBeginDate​(String beginDate)
        Set the beginDate when entity is allowed to be activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2001). This attribute is optional but if set will be validated for reasonableness.
        Parameters:
        beginDate - maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • setEndDate

        void setEndDate​(String endDate)
        Set the end date when entity is not allowed to be activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.
        Parameters:
        endDate - maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • setDayMask

        void setDayMask​(String dayMask)
        Set the daymask that specifies what days of week entity is allowed to be activated in system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.
        Parameters:
        dayMask - maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • setBeginLockDate

        void setBeginLockDate​(String beginLockDate)
        Set the begin lock date when entity is temporarily not allowed to be activated in system. The format is - YYYYMMDD, 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.
        Parameters:
        beginLockDate - maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • setEndLockDate

        void setEndLockDate​(String endLockDate)
        Set the end lock date when entity is allowed to be activated in system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.
        Parameters:
        endLockDate - maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • setName

        void setName​(String name)
        This is used internally by Fortress for Constraint operations. Values set here by external caller will be ignored.
        Parameters:
        name - contains attribute used internally for constraint checking.

      • getRawData

        String getRawData()
        Required on DAO classes convert from raw data to object format. Not intended for external use.
        Returns:
        String that maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • getTimeout

        Integer getTimeout()
        Return the integer timeout that contains total time ((in minutes)) that entity may remain inactive. This attribute is optional but if set will be validated for reasonableness.
        Returns:
        int that maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • getBeginTime

        String getBeginTime()
        Contains the begin time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.
        Returns:
        String that maps to 'ftCstr', 'ftRC', 'ftARC' attributes in 'ftUserAttrs' object class and 'ftCstr' attribute in 'ftRls' object class.

      • getEndTime

        String getEndTime()
        Contains the end time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.
        Returns:
        String that maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • getBeginDate

        String getBeginDate()
        Contains the begin date when entity is allowed to be activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.
        Returns:
        String that maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • getEndDate

        String getEndDate()
        Contains the end date when entity is allowed to be activated in system. The format is - YYYYMMDD, i.e. 20101231 (December 31, 2011). This attribute is optional but if set will be validated for reasonableness.
        Returns:
        String that maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • getBeginLockDate

        String getBeginLockDate()
        Contains the begin lock date when entity is temporarily not allowed to activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.
        Returns:
        String that maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • getEndLockDate

        String getEndLockDate()
        Contains the end lock date when entity is allowed to be activated in system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.
        Returns:
        String that maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • getDayMask

        String getDayMask()
        Get the daymask that indicates what days of week entity is allowed to be activated in system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.
        Returns:
        String that maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • getName

        String getName()
        This is used internally by Fortress for Constraint operations.
        Returns:
        String that maps to ftCstr, ftRC, ftARC attributes in ftUserAttrs object class and ftCstr attribute in ftRls object class.

      • getConstraints

        List<RoleConstraint> getConstraints()
        Return a list of role constraints on entity.
        Returns: