Class PermObj

  • All Implemented Interfaces:
    Serializable

    public class PermObj
    extends FortEntity
    implements Serializable
    All entities (User, Role, Permission, PwPolicy SDSet etc...) are used to carry data between three Fortress layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into (3) DAO layer where persistence with the LDAP server occurs.

    Fortress Processing Layers

    1. Manager layer: AdminMgrImpl, AccessMgrImpl, ReviewMgrImpl,...
    2. Process layer: UserP, RoleP, PermP,...
    3. DAO layer: UserDAO, RoleDAO, PermDAO,...
    Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs. The caller must provide enough information to uniquely identity the entity target within ldap.
    For example, this entity requires objName and ou attributes set before passing into AdminMgrImpl or ReviewMgrImpl APIs. Create methods usually require more attributes (than Read) due to constraints enforced between entities.

    PermObj entity attribute usages include

    More Permission entity notes

    • The PermObj entity is not used for authorization checks, rather contains Permission which are themselves authorization targets.
    • This entity must be associated with a valid Perm OU OrgUnit.Type.PERM that is contained within the ou=OS-P,ou=ARBAC,dc=example,dc=com location in ldap.
    • The object to operation pairings enable application resources to be mapped to Fortress permissions in a way that is natural for object oriented programming.
    • Permissions = Object PermObj 1<->* Operations Permission

    • The unique key to locate an Fortress PermObj entity is PermObj#objName.
    • For sample code usages check out Permission javadoc.

    PermObj Schema

    The Fortress PermObj Entity Class is a composite of 3 different LDAP Schema object classes:

    1. ftObject STRUCTURAL Object Class is used to store object name, id and type variables on target entity.

     Fortress Permission Structural Object Class
     objectclass    ( 1.3.6.1.4.1.38088.2.2
      NAME 'ftObject'
      DESC 'Fortress Permission Object Class'
      SUP organizationalunit
      STRUCTURAL
      MUST (
          ftId $
          ftObjNm
      )
      MAY (
          ftType
      )
     )
     
    2. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity. This aux object class can be used to store custom attributes
    The properties collections consist of name/value pairs and are not constrainted by Fortress.
     ------------------------------------------
     AC2: Fortress Properties Auxiliary Object Class
     objectclass ( 1.3.6.1.4.1.38088.3.2
      NAME 'ftProperties'
      DESC 'Fortress Properties AUX Object Class'
      AUXILIARY
      MAY (
          ftProps
      )
     )
     ------------------------------------------
     

    3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.

     ------------------------------------------
     Fortress Audit Modification Auxiliary Object Class
     objectclass ( 1.3.6.1.4.1.38088.3.4
      NAME 'ftMods'
      DESC 'Fortress Modifiers AUX Object Class'
      AUXILIARY
      MAY (
          ftModifier $
          ftModCode $
          ftModId
      )
     )
     ------------------------------------------
     
    Author:
    Apache Directory Project
    See Also:
    Serialized Form
    • Constructor Detail

      • PermObj

        public PermObj()
        Default Constructor used internal to Fortress.
      • PermObj

        public PermObj​(String objName)
        Construct an Fortress PermObj entity given an object name.
        Parameters:
        objName - maps to 'ftObjNm' attribute in 'ftObject' object class.
      • PermObj

        public PermObj​(String objName,
                       String ou)
        Construct an Fortress PermObj entity given an object and perm ou name.
        Parameters:
        objName - maps to 'ftObjNm' attribute in 'ftObject' object class.
        ou - maps to 'ou' attribute in 'ftObject' object class.
    • Method Detail

      • getObjName

        public String getObjName()
        Get the authorization target's object name. This is typically mapped to the class name for component that is the target for Fortress authorization check. For example 'PatientRelationshipInquire'.
        Returns:
        the name of the object which maps to 'ftObjNm' attribute in 'ftObject' object class.
      • setObjName

        public void setObjName​(String objName)
        This attribute is required and sets the authorization target object name. This name is typically derived from the class name for component that is the target for Fortress authorization check. For example 'CustomerCheckOutPage'.
      • setInternalId

        public void setInternalId()
        This attribute is required but is set automatically by Fortress DAO class before object is persisted to ldap. This generated internal id is associated with PermObj. This method is used by DAO class and is not available to outside classes. The generated attribute maps to 'ftId' in 'ftObject' object class.
      • setInternalId

        public void setInternalId​(String internalId)
        Set the internal id that is associated with PermObj. This method is used by DAO class and is generated automatically by Fortress. Attribute stored in LDAP cannot be changed by external caller. This method can be used by client for search purposes only.
        Parameters:
        internalId - maps to 'ftId' in 'ftObject' object class.
      • getInternalId

        public String getInternalId()
        Return the internal id that is associated with PermObj. This attribute is generated automatically by Fortress when new PermObj is added to directory and is not known or changeable by external client.
        Returns:
        attribute maps to 'ftId' in 'ftObject' object class.
      • isAdmin

        public boolean isAdmin()
        If set to true, this entity will be loaded into the Admin Permission data set.
        Returns:
        boolean indicating if entity is an RBAC (false) or Admin (true) Permission Object.
      • setAdmin

        public void setAdmin​(boolean admin)
        If set to true, this entity will be loaded into the Admin Permission data set.
        Parameters:
        admin - boolean variable indicates if entity is an RBAC or ARBAC Permission Object.
      • setDescription

        public void setDescription​(String description)
        Sets the optional description that is associated with PermObj. This attribute is validated but not constrained by Fortress.
        Parameters:
        description - that is mapped to same name in 'organizationalUnit' object class.
      • getDescription

        public String getDescription()
        Returns optional description that is associated with PermObj. This attribute is validated but not constrained by Fortress.
        Returns:
        value that is mapped to 'description' in 'organizationalUnit' object class.
      • getProps

        public Props getProps()
        Gets the value of the Props property. This method is used by Fortress Core and Rest and should not be called by external programs.
        Returns:
        possible object is Props
      • setProps

        public void setProps​(Props value)
        Sets the value of the Props property. This method is used by Fortress Core and Rest and should not be called by external programs.
        Parameters:
        value - allowed object is Props
      • addProperty

        public void addProperty​(String key,
                                String value)
        Add name/value pair to list of properties associated with PermObj. These values are not constrained by Fortress. Properties are optional.
        Parameters:
        key - contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
        value -
      • getProperty

        public String getProperty​(String key)
        Get a name/value pair attribute from list of properties associated with PermObj. These values are not constrained by Fortress. Properties are optional.
        Parameters:
        key - contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
        Returns:
        value containing name/value pair that maps to 'ftProps' attribute in 'ftProperties' aux object class.
      • addProperties

        public void addProperties​(Properties props)
        Add new collection of name/value pairs to attributes associated with PermObj. These values are not constrained by Fortress. Properties are optional.
        Parameters:
        props - contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
      • getProperties

        public Properties getProperties()
        Return the collection of name/value pairs to attributes associated with PermObj. These values are not constrained by Fortress. Properties are optional.
        Returns:
        Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
      • setOu

        public void setOu​(String ou)
        Set the orgUnit name associated with PermObj. This attribute is validated and constrained by Fortress and must contain name of existing Perm OU. This attribute is required on add but not on read.
        Parameters:
        ou - mapped to same name in 'ftObject' object class.
      • getOu

        public String getOu()
        Return orgUnit name for PermObj. This attribute is validated and constrained by Fortress and must contain name of existing Perm OU. This attribute is required on add but not on read.
        Returns:
        value that is mapped to 'ou' in 'ftObject' object class.
      • setType

        public void setType​(String type)
        Sets the type attribute of the Perm object. Currently the type is not constrained to any preexisting Fortress data set meaning the type is user defined and can be used for grouping like permissions.
        Parameters:
        type - maps to attribute name 'ftType' in 'ftObject' object class.
      • getType

        public String getType()
        Get the type attribute of the Perm object. Currently the type is not constrained to any preexisting Fortress data set meaning the type is user defined and can be used for grouping like permissions.
        Returns:
        maps to attribute name 'ftType' in 'ftObject' object class.
      • setDn

        public void setDn​(String dn)
        Set distinguished name associated with PermObj. This attribute is used by DAO and is not allowed for outside classes. This attribute should not be set by external callers.
        Parameters:
        dn - that is mapped to same name in 'organizationalUnit' object class.
      • getDn

        public String getDn()
        Returns distinguished name associated with PermObj. This attribute is generated by DAO and is not allowed for outside classes to modify. This attribute is for internal user only and need not be processed by external clients.
        Returns:
        value that is mapped to 'dn' in 'organizationalUnit' object class.
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object
      • equals

        public boolean equals​(Object thatObj)
        Matches the objName from two PermObj entities.
        Overrides:
        equals in class Object
        Parameters:
        thatObj - contains a PermObj entity.
        Returns:
        boolean indicating both objects contain matching objNames.