Interface Constraint
-
- All Known Implementing Classes:
AdminRole
,AdminRoleAnt
,Role
,User
,UserAdminRole
,UserAnt
,UserRole
public interface Constraint
The Fortress Constraint interface prescribes attributes that are used to store, process and retrieve temporal validation attributes onUser
,UserRole
,Role
,AdminRole
,UserAdminRole
entities.Temporal Constraints on User and Role Assignments
In addition to the standard RBAC support, Fortress provides coverage for temporal constraints on role and user activation into session. Temporal constraints affect when Users may activate Roles within runtime system at a particular point in time. For example a nurse may be assigned to the "ChargeNurse" role but be limited as to when she is permitted to perform those duties, i.e. weekend graveyard shift. Another example is a bank teller who is assigned to a "Teller" role but may only act within role between the hours of 9:00 to 5:00 on Monday thru Friday during normal business hours. Additionally Fortress temporal constraints are checked during user authentication to control when a user is actually permitted to sign-on to a system. The constraints may also be applied to enforce temporary blackout periods to cover vacations, leave of absences, sabbaticals, etc.Constraint Schema
The entity maps to Fortress LDAP Schema object classes:1. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes.
- ------------------------------------------
-
objectclass ( 1.3.6.1.4.1.38088.2.1
-
NAME 'ftRls'
-
DESC 'Fortress Role Object Class'
-
SUP organizationalrole
-
STRUCTURAL
-
MUST ( ftId $ ftRoleName )
-
MAY ( description $ ftCstr ) )
- ------------------------------------------
2. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity.
- ------------------------------------------
-
objectclass ( 1.3.6.1.4.1.38088.3.1
-
NAME 'ftUserAttrs'
-
DESC 'Fortress User Attribute AUX Object Class'
-
AUXILIARY
-
MUST ( ftId )
-
MAY ( ftRC $ ftRA $ ftARC $ ftARA $ ftCstr
- ------------------------------------------
- Author:
- Apache Directory Project
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description String
getBeginDate()
Contains the begin date when entity is allowed to be activated in system.String
getBeginLockDate()
Contains the begin lock date when entity is temporarily not allowed to activated in system.String
getBeginTime()
Contains the begin time of day entity is allowed to be activated in system.List<RoleConstraint>
getConstraints()
Return a list of role constraints on entity.String
getDayMask()
Get the daymask that indicates what days of week entity is allowed to be activated in system.String
getEndDate()
Contains the end date when entity is allowed to be activated in system.String
getEndLockDate()
Contains the end lock date when entity is allowed to be activated in system once again.String
getEndTime()
Contains the end time of day entity is allowed to be activated in system.String
getName()
This is used internally by Fortress for Constraint operations.String
getRawData()
Required on DAO classes convert from raw data to object format.Integer
getTimeout()
Return the integer timeout that contains total time ((in minutes)) that entity may remain inactive.boolean
isTemporalSet()
temporal boolean flag is used by internal Fortress components.void
setBeginDate(String beginDate)
Set the beginDate when entity is allowed to be activated in system.void
setBeginLockDate(String beginLockDate)
Set the begin lock date when entity is temporarily not allowed to be activated in system.void
setBeginTime(String beginTime)
Set the begin time of day entity is allowed to be activated in system.void
setDayMask(String dayMask)
Set the daymask that specifies what days of week entity is allowed to be activated in system.void
setEndDate(String endDate)
Set the end date when entity is not allowed to be activated in system.void
setEndLockDate(String endLockDate)
Set the end lock date when entity is allowed to be activated in system once again.void
setEndTime(String endTime)
Set the end time of day entity is allowed to be activated in system.void
setName(String name)
This is used internally by Fortress for Constraint operations.void
setTimeout(Integer timeout)
Set the integer timeout that contains max time ((in minutes)) that entity may remain inactive.
-
-
-
Method Detail
-
isTemporalSet
boolean isTemporalSet()
temporal boolean flag is used by internal Fortress components.- Returns:
- boolean indicating if temporal constraints are placed on user.
-
setTimeout
void setTimeout(Integer timeout)
Set the integer timeout that contains max time ((in minutes)) that entity may remain inactive. This attribute is optional but if set will be validated for reasonableness.- Parameters:
timeout
- maps toftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
setBeginTime
void setBeginTime(String beginTime)
Set the begin time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.- Parameters:
beginTime
- maps toftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
setEndTime
void setEndTime(String endTime)
Set the end time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.- Parameters:
endTime
- maps toftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
setBeginDate
void setBeginDate(String beginDate)
Set the beginDate when entity is allowed to be activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2001). This attribute is optional but if set will be validated for reasonableness.- Parameters:
beginDate
- maps toftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
setEndDate
void setEndDate(String endDate)
Set the end date when entity is not allowed to be activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.- Parameters:
endDate
- maps toftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
setDayMask
void setDayMask(String dayMask)
Set the daymask that specifies what days of week entity is allowed to be activated in system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.- Parameters:
dayMask
- maps toftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
setBeginLockDate
void setBeginLockDate(String beginLockDate)
Set the begin lock date when entity is temporarily not allowed to be activated in system. The format is - YYYYMMDD, 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.- Parameters:
beginLockDate
- maps toftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
setEndLockDate
void setEndLockDate(String endLockDate)
Set the end lock date when entity is allowed to be activated in system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.- Parameters:
endLockDate
- maps toftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
setName
void setName(String name)
This is used internally by Fortress for Constraint operations. Values set here by external caller will be ignored.- Parameters:
name
- contains attribute used internally for constraint checking.
-
getRawData
String getRawData()
Required on DAO classes convert from raw data to object format. Not intended for external use.- Returns:
- String that maps to
ftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
getTimeout
Integer getTimeout()
Return the integer timeout that contains total time ((in minutes)) that entity may remain inactive. This attribute is optional but if set will be validated for reasonableness.- Returns:
- int that maps to
ftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
getBeginTime
String getBeginTime()
Contains the begin time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.- Returns:
- String that maps to 'ftCstr', 'ftRC', 'ftARC' attributes in 'ftUserAttrs' object class and 'ftCstr' attribute in 'ftRls' object class.
-
getEndTime
String getEndTime()
Contains the end time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.- Returns:
- String that maps to
ftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
getBeginDate
String getBeginDate()
Contains the begin date when entity is allowed to be activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.- Returns:
- String that maps to
ftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
getEndDate
String getEndDate()
Contains the end date when entity is allowed to be activated in system. The format is - YYYYMMDD, i.e. 20101231 (December 31, 2011). This attribute is optional but if set will be validated for reasonableness.- Returns:
- String that maps to
ftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
getBeginLockDate
String getBeginLockDate()
Contains the begin lock date when entity is temporarily not allowed to activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.- Returns:
- String that maps to
ftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
getEndLockDate
String getEndLockDate()
Contains the end lock date when entity is allowed to be activated in system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010). This attribute is optional but if set will be validated for reasonableness.- Returns:
- String that maps to
ftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
getDayMask
String getDayMask()
Get the daymask that indicates what days of week entity is allowed to be activated in system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.- Returns:
- String that maps to
ftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
getName
String getName()
This is used internally by Fortress for Constraint operations.- Returns:
- String that maps to
ftCstr
,ftRC
,ftARC
attributes inftUserAttrs
object class andftCstr
attribute inftRls
object class.
-
getConstraints
List<RoleConstraint> getConstraints()
Return a list of role constraints on entity.- Returns:
-
-