Package org.apache.directory.fortress.core.model

Class UserAdminRole

  • All Implemented Interfaces:
    Serializable, Administrator, Constraint
    public class UserAdminRole
extends UserRole
implements Administrator
    The UserAdminRole entity extends the UserRole and is used to store ARBAC User to AdminRole assignment along with temporal and ARBAC contraint values. The contents of the UserAdminRole entity will be stored on the User entity in the 'ftARA' (AdminRole name) and 'ftARC' (Temporal and ARBAC Constraints) attributes on the 'ftUserAttrs' object class. The UserAdminRole entity carries elements of Constraint. Any attributes of Constraint not set within this entity will use same attribute from the AdminRole entity. Thus the UserAdminRole can override Constraint attributes from it's corresponding AdminRole if required by caller.

    UserAdminRole Schema

    ftUserAttrs is used to store RBAC and ARBAC Role role assignments and other security attributes on User entity. 
     ------------------------------------------
 Fortress User Attributes Auxiliary Object Class
 objectclass ( 1.3.6.1.4.1.38088.3.1
  NAME 'ftUserAttrs'
  DESC 'Fortress User Attribute AUX Object Class'
  AUXILIARY
  MUST (
      ftId
  )
  MAY (
      ftRC $
      ftRA $
      ftARC $
      ftARA $
      ftCstr $
      ftSystem
  )
 )
 ------------------------------------------
    Author:
    Apache Directory Project
    See Also:
    Serialized Form

    • Constructor Detail

      • UserAdminRole

        public UserAdminRole()
        Default constructor is used by internal Fortress classes.

      • UserAdminRole

        public UserAdminRole​(String userId,
                     String name)
        Construct a UserRole entity given the required attributes 'userId' and 'role' name.
        Parameters:
        userId - maps to the 'uid' attribute on the 'inetOrgPerson' object class.
        name - maps to the 'ftARA' attribute on the 'ftUserAttrs' object class.

      • UserAdminRole

        public UserAdminRole​(String userId,
                     Constraint con)
        Construct an ARBAC Role with required attribute 'userId' and optional temporal constraint.
        Parameters:
        userId - maps to the 'uid' attribute on the 'inetOrgPerson' object class.
        con - maps to 'ftARC' attribute in 'ftUserAttrs' object class.

    • Method Detail

      • load

        public void load​(String szRawData,
                 String contextId,
                 ParentUtil parentUtil)
        This method loads UserAdminRole entity temporal and ARBAC constraint instance variables with data that was retrieved from the 'ftARC' attribute on the 'ftUserAttrs' object class. This is the raw format that Fortress uses to condense the temporal and ARBAC data into a compact String for efficient storage and retrieval and is not intended to be called by external programs.
        Overrides:
        load in class UserRole
        Parameters:
        szRawData - contains a raw formatted String that maps to 'ftARC' attribute on 'ftUserAttrs' object class
        contextId - contains the tenant id.
        parentUtil - provides method to getParents.

      • getRawData

        public String getRawData()
        This method creates raw data format that represents UserAdminRole temporal and ARBAC constraints using instance variables inside entity. The raw data is eventually stored in the 'ftARC' attribute on the 'ftUserAttrs' object class. This is the raw format that Fortress uses to condense the temporal and ARBAC data into a compact String for efficient storage and retrieval and is not intended to be called by external programs.
        Specified by:
        getRawData in interface Constraint
        Overrides:
        getRawData in class UserRole
        Returns:
        String contains a raw formatted String that maps to 'ftARC' attribute on 'ftUserAttrs' object class

      • setRoleRangeRaw

        public void setRoleRangeRaw​(String szRaw)
        This method loads UserAdminRole entity Role range ARBAC constraint instance variables with data that was retrieved from the 'ftARC' attribute on the 'ftUserAttrs' object class. This is the raw format that Fortress uses to condense the ARBAC data into a compact String for efficient storage and retrieval and is not intended to be called by external programs.
        Specified by:
        setRoleRangeRaw in interface Administrator
        Parameters:
        szRaw - contains a raw formatted String that maps to 'ftARC' attribute on 'ftUserAttrs' object class

      • getRoleRangeRaw

        public String getRoleRangeRaw()
        This method retrieves UserAdminRole instance variables and formats into raw data for ARBAC constraint storage for the 'ftARC' attribute on the 'ftUserAttrs' object class. This is the raw format that Fortress uses to condense the ARBAC data into a compact String for efficient storage and retrieval and is not intended to be called by external programs.
        Specified by:
        getRoleRangeRaw in interface Administrator
        Returns:
        String contains a raw formatted String that maps to 'ftARC' attribute on 'ftUserAttrs' object class

      • getOsPSet

        public Set<String> getOsPSet()
        Get a collection of optional Perm OU attributes that were stored on the AdminRole entity.
        Specified by:
        getOsPSet in interface Administrator
        Returns:
        List of type String containing Perm OU. This maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • setOsPSet

        public void setOsPSet​(Set<String> osPs)
        Set a collection of optional Perm OU attributes to be stored on the AdminRole entity.
        Specified by:
        setOsPSet in interface Administrator
        Parameters:
        osPs - is a List of type String containing Perm OU. This maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • setOsP

        public void setOsP​(String osP)
        Set a Perm OU attribute to be stored on the AdminRole entity.
        Specified by:
        setOsP in interface Administrator
        Parameters:
        osP - is a Perm OU that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • getOsUSet

        public Set<String> getOsUSet()
        Get a collection of optional User OU attributes that were stored on the AdminRole entity.
        Specified by:
        getOsUSet in interface Administrator
        Returns:
        List of type String containing User OU. This maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • setOsUSet

        public void setOsUSet​(Set<String> osUs)
        Set a collection of optional User OU attributes to be stored on the AdminRole entity.
        Specified by:
        setOsUSet in interface Administrator
        Parameters:
        osUs - is a List of type String containing User OU. This maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • setOsU

        public void setOsU​(String osU)
        Set a User OU attribute to be stored on the AdminRole entity.
        Specified by:
        setOsU in interface Administrator
        Parameters:
        osU - is a User OU that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • getBeginRange

        public String getBeginRange()
        Return the begin Role range attribute for AdminRole entity.
        Specified by:
        getBeginRange in interface Administrator
        Returns:
        String that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • setBeginRange

        public void setBeginRange​(String beginRange)
        Set the begin Role range attribute for AdminRole entity.
        Specified by:
        setBeginRange in interface Administrator
        Parameters:
        beginRange - maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • getEndRange

        public String getEndRange()
        Return the end Role range attribute for AdminRole entity.
        Specified by:
        getEndRange in interface Administrator
        Returns:
        String that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • setEndRange

        public void setEndRange​(String endRange)
        Set the end Role range attribute for AdminRole entity.
        Specified by:
        setEndRange in interface Administrator
        Parameters:
        endRange - maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • isBeginInclusive

        public boolean isBeginInclusive()
        Set the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.
        Specified by:
        isBeginInclusive in interface Administrator
        Returns:
        String that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • setBeginInclusive

        public void setBeginInclusive​(boolean beginInclusive)
        Get the begin inclusive which specifies if role range includes or excludes the 'beginRange' attribute.
        Specified by:
        setBeginInclusive in interface Administrator
        Parameters:
        beginInclusive - maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • isEndInclusive

        public boolean isEndInclusive()
        Set the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.
        Specified by:
        isEndInclusive in interface Administrator
        Returns:
        String that maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • setEndInclusive

        public void setEndInclusive​(boolean endInclusive)
        Get the end inclusive which specifies if role range includes or excludes the 'endRange' attribute.
        Specified by:
        setEndInclusive in interface Administrator
        Parameters:
        endInclusive - maps to 'ftARC' attribute on 'ftUserAttrs' aux object class.

      • getParents

        public Set<String> getParents()
        Get the names of admin roles that are parents (direct ascendants) of this admin role.
        Overrides:
        getParents in class UserRole
        Returns:
        Set of parent admin role names assigned to this admin role.

      • setParents

        public void setParents​(Set<String> parents)
        Set the names of parent admin roles.
        Overrides:
        setParents in class UserRole
        Parameters:
        parents - Set of admin role names.

      • equals

        public boolean equals​(Object thatObj)
        Matches the userId and admin role name from two UserAdminRole entities.
        Overrides:
        equals in class UserRole
        Parameters:
        thatObj - contains a UserAdminRole entity.
        Returns:
        boolean indicating both objects contain matching userId and Admin Role names.