Class PermObj
- java.lang.Object
-
- org.apache.directory.fortress.core.model.FortEntity
-
- org.apache.directory.fortress.core.model.PermObj
-
- All Implemented Interfaces:
Serializable
public class PermObj extends FortEntity implements Serializable
All entities (User
,Role
,Permission
,PwPolicy
SDSet
etc...) are used to carry data between three Fortress layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into (3) DAO layer where persistence with the LDAP server occurs.Fortress Processing Layers
- Manager layer:
AdminMgrImpl
,AccessMgrImpl
,ReviewMgrImpl
,... - Process layer:
UserP
,RoleP
,PermP
,... - DAO layer:
UserDAO
,RoleDAO
,PermDAO
,...
For example, this entity requiresobjName
andou
attributes set before passing intoAdminMgrImpl
orReviewMgrImpl
APIs. Create methods usually require more attributes (than Read) due to constraints enforced between entities.PermObj entity attribute usages include
setObjName(java.lang.String)
andsetOu(java.lang.String)
attributes set before callingAdminMgrImpl.addPermObj(PermObj)
.addProperty(java.lang.String, java.lang.String)
may be set before callingAdminMgrImpl.addPermObj(PermObj)
.getProperty(java.lang.String)
may be set after callingReviewMgrImpl.findPermObjs(PermObj)
.
More Permission entity notes
- The
PermObj
entity is not used for authorization checks, rather containsPermission
which are themselves authorization targets.
- This entity must be associated with a valid Perm OU
OrgUnit.Type.PERM
that is contained within theou=OS-P,ou=ARBAC,dc=example,dc=com
location in ldap. - The object to operation pairings enable application resources to be mapped to Fortress permissions in a way that is natural for object oriented programming.
- Permissions = Object
PermObj
1<->* OperationsPermission
- The unique key to locate an Fortress PermObj entity is
PermObj#objName
. - For sample code usages check out
Permission
javadoc.
PermObj Schema
The Fortress PermObj Entity Class is a composite of 3 different LDAP Schema object classes:1. ftObject STRUCTURAL Object Class is used to store object name, id and type variables on target entity.
Fortress Permission Structural Object Class objectclass ( 1.3.6.1.4.1.38088.2.2 NAME 'ftObject' DESC 'Fortress Permission Object Class' SUP organizationalunit STRUCTURAL MUST ( ftId $ ftObjNm ) MAY ( ftType ) )
2. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity. This aux object class can be used to store custom attributes
The properties collections consist of name/value pairs and are not constrainted by Fortress.
------------------------------------------ AC2: Fortress Properties Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.2 NAME 'ftProperties' DESC 'Fortress Properties AUX Object Class' AUXILIARY MAY ( ftProps ) ) ------------------------------------------
3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
------------------------------------------ Fortress Audit Modification Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.4 NAME 'ftMods' DESC 'Fortress Modifiers AUX Object Class' AUXILIARY MAY ( ftModifier $ ftModCode $ ftModId ) ) ------------------------------------------
- Author:
- Apache Directory Project
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.directory.fortress.core.model.FortEntity
adminSession, contextId, modCode, modId, sequenceId
-
-
Constructor Summary
Constructors Constructor Description PermObj()
Default Constructor used internal to Fortress.PermObj(String objName)
Construct an Fortress PermObj entity given an object name.PermObj(String objName, String ou)
Construct an Fortress PermObj entity given an object and perm ou name.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addProperties(Properties props)
Add new collection of name/value pairs to attributes associated with PermObj.void
addProperty(String key, String value)
Add name/value pair to list of properties associated with PermObj.boolean
equals(Object thatObj)
Matches the objName from two PermObj entities.String
getDescription()
Returns optional description that is associated with PermObj.String
getDn()
Returns distinguished name associated with PermObj.String
getInternalId()
Return the internal id that is associated with PermObj.String
getObjName()
Get the authorization target's object name.String
getOu()
Return orgUnit name for PermObj.Properties
getProperties()
Return the collection of name/value pairs to attributes associated with PermObj.String
getProperty(String key)
Get a name/value pair attribute from list of properties associated with PermObj.Props
getProps()
Gets the value of the Props property.String
getType()
Get the type attribute of the Perm object.int
hashCode()
boolean
isAdmin()
If set to true, this entity will be loaded into the Admin Permission data set.void
setAdmin(boolean admin)
If set to true, this entity will be loaded into the Admin Permission data set.void
setDescription(String description)
Sets the optional description that is associated with PermObj.void
setDn(String dn)
Set distinguished name associated with PermObj.void
setInternalId()
This attribute is required but is set automatically by Fortress DAO class before object is persisted to ldap.void
setInternalId(String internalId)
Set the internal id that is associated with PermObj.void
setObjName(String objName)
This attribute is required and sets the authorization target object name.void
setOu(String ou)
Set the orgUnit name associated with PermObj.void
setProps(Props value)
Sets the value of the Props property.void
setType(String type)
Sets the type attribute of the Perm object.String
toString()
-
Methods inherited from class org.apache.directory.fortress.core.model.FortEntity
getAdminSession, getContextId, getModCode, getModId, getSequenceId, setAdminSession, setContextId, setModCode, setSequenceId
-
-
-
-
Constructor Detail
-
PermObj
public PermObj()
Default Constructor used internal to Fortress.
-
PermObj
public PermObj(String objName)
Construct an Fortress PermObj entity given an object name.- Parameters:
objName
- maps to 'ftObjNm' attribute in 'ftObject' object class.
-
-
Method Detail
-
getObjName
public String getObjName()
Get the authorization target's object name. This is typically mapped to the class name for component that is the target for Fortress authorization check. For example 'PatientRelationshipInquire'.- Returns:
- the name of the object which maps to 'ftObjNm' attribute in 'ftObject' object class.
-
setObjName
public void setObjName(String objName)
This attribute is required and sets the authorization target object name. This name is typically derived from the class name for component that is the target for Fortress authorization check. For example 'CustomerCheckOutPage'.
-
setInternalId
public void setInternalId()
This attribute is required but is set automatically by Fortress DAO class before object is persisted to ldap. This generated internal id is associated with PermObj. This method is used by DAO class and is not available to outside classes. The generated attribute maps to 'ftId' in 'ftObject' object class.
-
setInternalId
public void setInternalId(String internalId)
Set the internal id that is associated with PermObj. This method is used by DAO class and is generated automatically by Fortress. Attribute stored in LDAP cannot be changed by external caller. This method can be used by client for search purposes only.- Parameters:
internalId
- maps to 'ftId' in 'ftObject' object class.
-
getInternalId
public String getInternalId()
Return the internal id that is associated with PermObj. This attribute is generated automatically by Fortress when new PermObj is added to directory and is not known or changeable by external client.- Returns:
- attribute maps to 'ftId' in 'ftObject' object class.
-
isAdmin
public boolean isAdmin()
If set to true, this entity will be loaded into the Admin Permission data set.- Returns:
- boolean indicating if entity is an RBAC (false) or Admin (true) Permission Object.
-
setAdmin
public void setAdmin(boolean admin)
If set to true, this entity will be loaded into the Admin Permission data set.- Parameters:
admin
- boolean variable indicates if entity is an RBAC or ARBAC Permission Object.
-
setDescription
public void setDescription(String description)
Sets the optional description that is associated with PermObj. This attribute is validated but not constrained by Fortress.- Parameters:
description
- that is mapped to same name in 'organizationalUnit' object class.
-
getDescription
public String getDescription()
Returns optional description that is associated with PermObj. This attribute is validated but not constrained by Fortress.- Returns:
- value that is mapped to 'description' in 'organizationalUnit' object class.
-
getProps
public Props getProps()
Gets the value of the Props property. This method is used by Fortress Core and Rest and should not be called by external programs.- Returns:
- possible object is
Props
-
setProps
public void setProps(Props value)
Sets the value of the Props property. This method is used by Fortress Core and Rest and should not be called by external programs.- Parameters:
value
- allowed object isProps
-
addProperty
public void addProperty(String key, String value)
Add name/value pair to list of properties associated with PermObj. These values are not constrained by Fortress. Properties are optional.- Parameters:
key
- contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.value
-
-
getProperty
public String getProperty(String key)
Get a name/value pair attribute from list of properties associated with PermObj. These values are not constrained by Fortress. Properties are optional.- Parameters:
key
- contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.- Returns:
- value containing name/value pair that maps to 'ftProps' attribute in 'ftProperties' aux object class.
-
addProperties
public void addProperties(Properties props)
Add new collection of name/value pairs to attributes associated with PermObj. These values are not constrained by Fortress. Properties are optional.- Parameters:
props
- contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-
getProperties
public Properties getProperties()
Return the collection of name/value pairs to attributes associated with PermObj. These values are not constrained by Fortress. Properties are optional.- Returns:
- Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-
setOu
public void setOu(String ou)
Set the orgUnit name associated with PermObj. This attribute is validated and constrained by Fortress and must contain name of existing Perm OU. This attribute is required on add but not on read.- Parameters:
ou
- mapped to same name in 'ftObject' object class.
-
getOu
public String getOu()
Return orgUnit name for PermObj. This attribute is validated and constrained by Fortress and must contain name of existing Perm OU. This attribute is required on add but not on read.- Returns:
- value that is mapped to 'ou' in 'ftObject' object class.
-
setType
public void setType(String type)
Sets the type attribute of the Perm object. Currently the type is not constrained to any preexisting Fortress data set meaning the type is user defined and can be used for grouping like permissions.- Parameters:
type
- maps to attribute name 'ftType' in 'ftObject' object class.
-
getType
public String getType()
Get the type attribute of the Perm object. Currently the type is not constrained to any preexisting Fortress data set meaning the type is user defined and can be used for grouping like permissions.- Returns:
- maps to attribute name 'ftType' in 'ftObject' object class.
-
setDn
public void setDn(String dn)
Set distinguished name associated with PermObj. This attribute is used by DAO and is not allowed for outside classes. This attribute should not be set by external callers.- Parameters:
dn
- that is mapped to same name in 'organizationalUnit' object class.
-
getDn
public String getDn()
Returns distinguished name associated with PermObj. This attribute is generated by DAO and is not allowed for outside classes to modify. This attribute is for internal user only and need not be processed by external clients.- Returns:
- value that is mapped to 'dn' in 'organizationalUnit' object class.
-
equals
public boolean equals(Object thatObj)
Matches the objName from two PermObj entities.
-
-