Class Manageable
- java.lang.Object
-
- org.apache.directory.fortress.core.impl.Manageable
-
- All Implemented Interfaces:
Manageable
- Direct Known Subclasses:
AccelMgrImpl
,AccessMgrImpl
,AccessMgrRestImpl
,AdminMgrImpl
,AdminMgrRestImpl
,AuditMgrImpl
,AuditMgrRestImpl
,ConfigMgrImpl
,DelAdminMgrImpl
,DelAdminMgrRestImpl
,DelReviewMgrImpl
,DelReviewMgrRestImpl
,GroupMgrImpl
,GroupMgrRestImpl
,PropertyMgrImpl
,PwPolicyMgrImpl
,PwPolicyMgrRestImpl
,ReviewMgrImpl
,ReviewMgrRestImpl
public abstract class Manageable extends Object implements Manageable
Abstract class allows outside clients to manage security and multi-tenant concerns within the Fortress runtime. ThesetAdmin(org.apache.directory.fortress.core.model.Session)
method allows A/RBAC sessions to be loaded and allows authorization to be performed on behalf of the user who is contained within the Session object itself. The ARBAC permissions will be checked each time outside client makes calls into Fortress API. This allows Fortress clients to operate in a multi-tenant context:setContextId(String)
.Implementers of this abstract class will NOT be thread safe iff the instance variables are set.
- Author:
- Apache Directory Project
-
-
Constructor Summary
Constructors Constructor Description Manageable()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
assertContext(String className, String opName, FortEntity entity, int errorCode)
Method will throw exception if entity reference is null, otherwise will set the contextId of the tenant onto the supplied entity reference.protected void
assertContext(String methodName, FortEntity entity, int errorCode)
Method will throw exception if entity reference is null, otherwise will set the contextId of the tenant onto the supplied entity reference.protected void
checkAccess(String className, String opName)
Every Fortress Manager API (e.g.protected String
getFullMethodName(String className, String opName)
This method is used to generate log statements and returns the concatenation of class name to the operation name.void
setAdmin(Session session)
Use this method to load an administrative user's ARBAC Session object into Manager object will enable authorization to be performed on behalf of admin user.protected void
setAdminData(String className, String opName, FortEntity entity)
Method is called by Manager APIs to load contextual information onFortEntity
.void
setContextId(String contextId)
Use this method to set the tenant id onto function call into Fortress which allows segregation of data by customer.protected void
setEntitySession(String className, String opName, FortEntity entity)
Set A/RBAC session on entity and perform authorization on behalf of the caller if theadminSess
is set.
-
-
-
Method Detail
-
setAdmin
public final void setAdmin(Session session)
Use this method to load an administrative user's ARBAC Session object into Manager object will enable authorization to be performed on behalf of admin user. Setting Session into this object will enforce ARBAC controls and render this class's implementer thread unsafe.- Specified by:
setAdmin
in interfaceManageable
- Parameters:
session
- contains a valid Fortress A/RBAC Session object.
-
setContextId
public final void setContextId(String contextId)
Use this method to set the tenant id onto function call into Fortress which allows segregation of data by customer. The contextId is used for multi-tenancy to isolate data sets within a particular sub-tree within DIT. Setting contextId into this object will render this class' implementer thread unsafe.- Specified by:
setContextId
in interfaceManageable
- Parameters:
contextId
- maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
-
setEntitySession
protected final void setEntitySession(String className, String opName, FortEntity entity) throws SecurityException
Set A/RBAC session on entity and perform authorization on behalf of the caller if theadminSess
is set.- Parameters:
className
- contains the class name.opName
- contains operation name.entity
- containsFortEntity
instance.- Throws:
SecurityException
- in the event of data validation or system error.
-
checkAccess
protected final void checkAccess(String className, String opName) throws SecurityException
Every Fortress Manager API (e.g. addUser, updateUser, addRole, ...) will perform authorization on behalf of the caller IFF theadminSess
has been set before invocation.- Parameters:
className
- contains the class name.opName
- contains operation name.- Throws:
SecurityException
- in the event of data validation or system error.
-
setAdminData
protected final void setAdminData(String className, String opName, FortEntity entity)
Method is called by Manager APIs to load contextual information onFortEntity
.The information is used to
-
Load the administrative User's
Session
object into entity. This is used for checking to ensure administrator has privilege to perform administrative operation. - Load the target operation's permission into the audit context. This is used for Fortress audit log stored in OpenLDAP
- Parameters:
className
- contains the class name.opName
- contains operation name.entity
- used to pass contextual information through Fortress layers for administrative security checks and audit.
-
Load the administrative User's
-
assertContext
protected final void assertContext(String className, String opName, FortEntity entity, int errorCode) throws ValidationException
Method will throw exception if entity reference is null, otherwise will set the contextId of the tenant onto the supplied entity reference.- Parameters:
className
- contains the class name of caller.opName
- contains operation name of caller.entity
- used here to pass the tenant id into the Fortress DAO layer..errorCode
- contains the error id to use if null.- Throws:
ValidationException
- in the event object is null.
-
assertContext
protected final void assertContext(String methodName, FortEntity entity, int errorCode) throws ValidationException
Method will throw exception if entity reference is null, otherwise will set the contextId of the tenant onto the supplied entity reference.- Parameters:
methodName
- contains the full method name of caller.entity
- used here to pass the tenant id into the Fortress DAO layer..errorCode
- contains the error id to use if null.- Throws:
ValidationException
- in the event object is null.
-
getFullMethodName
protected final String getFullMethodName(String className, String opName)
This method is used to generate log statements and returns the concatenation of class name to the operation name.- Parameters:
className
- of the calleropName
- of the caller- Returns:
- className + '.' + opName
-
-