Class Role

  • All Implemented Interfaces:
    Serializable, Constraint, Graphable
    Direct Known Subclasses:
    AdminRole

    public class Role
    extends FortEntity
    implements Constraint, Graphable, Serializable
    All entities (User, Role, Permission, PwPolicy SDSet etc...) are used to carry data between three Fortress layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into (3) DAO layer where persistence with the LDAP server occurs.

    Fortress Processing Layers

    1. Manager layer: AdminMgrImpl, AccessMgrImpl, ReviewMgrImpl,...
    2. Process layer: UserP, RoleP, PermP,...
    3. DAO layer: UserDAO, RoleDAO, PermDAO,...
    Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs. The caller must provide enough information to uniquely identity the entity target within ldap.
    For example, this entity requires setName(java.lang.String) attribute set before passing into AdminMgrImpl APIs. Create methods sometimes require more attributes (than Read) due to constraints enforced between entities although only setName(java.lang.String) is required for Role.

    Role entity attribute usages include

    This entity is used to store the RBAC Role assignments that comprise the many-to-many relationships between Users and Permissions.
    The unique key to locate a Role entity (which is subsequently assigned both to Users and Permissions) is 'Role.name'.

    There is a many-to-many relationship between User's, RBAC Roles and Permissions.

    User*<->*Role*<->*Permission

    Example to create new RBAC Role:

     try
     {
       // Instantiate the AdminMgr first
       AdminMgr adminMgr = AdminMgrFactory.createInstance();
    
       Role myRole = new Role("MyRoleName");
       myRole.setDescription("This is a test role");
       adminMgr.addRole(myRole);
     }
     catch (SecurityException ex)
     {
       // log or throw
     }
     
    The above code will persist to LDAP a Role object that can be used as a target for User-Role assignments and Role-Permission grants.

    Role Schema

    The Fortress Role entity is a composite of the following other Fortress structural and aux object classes:

    1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.

     ------------------------------------------
     objectclass ( 2.5.6.8 NAME 'organizationalRole'
      DESC 'RFC2256: an organizational role'
      SUP top STRUCTURAL
      MUST cn
      MAY (
          x121Address $ registeredAddress $ destinationIndicator $
          preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
          telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
          seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
          postOfficeBox $ postalCode $ postalAddress $
          physicalDeliveryOfficeName $ ou $ st $ l $ description
      )
     )
     ------------------------------------------
     

    2. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes.

     ------------------------------------------
     Fortress Roles Structural Object Class
     objectclass    ( 1.3.6.1.4.1.38088.2.1
      NAME 'ftRls'
      DESC 'Fortress Role Structural Object Class'
      SUP organizationalrole
      STRUCTURAL
      MUST (
          ftId $
          ftRoleName
      )
      MAY (
          description $
          ftCstr $
          ftParents
      )
     )
     ------------------------------------------
     

    3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.
    # This aux object class can be used to store custom attributes.
    # The properties collections consist of name/value pairs and are not constrainted by Fortress.

     ------------------------------------------
     AC2: Fortress Properties Auxiliary Object Class
     objectclass ( 1.3.6.1.4.1.38088.3.2
      NAME 'ftProperties'
      DESC 'Fortress Properties AUX Object Class'
      AUXILIARY
      MAY (
          ftProps
      )
     )
     ------------------------------------------
     

    4. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.

     ------------------------------------------
     Fortress Audit Modification Auxiliary Object Class
     objectclass ( 1.3.6.1.4.1.38088.3.4
      NAME 'ftMods'
      DESC 'Fortress Modifiers AUX Object Class'
      AUXILIARY
      MAY (
          ftModifier $
          ftModCode $
          ftModId
      )
     )
     ------------------------------------------
     

    Author:
    Apache Directory Project
    See Also:
    Serialized Form
    • Constructor Detail

      • Role

        public Role()
        Default constructor is used by internal Fortress classes.
      • Role

        public Role​(String name)
        Construct a Role entity with a given name.
        Parameters:
        name - maps to 'cn' attribute on 'organizationalrole' object class.
      • Role

        public Role​(Constraint con)
        Construct an RBAC Role with a given temporal constraint.
        Parameters:
        con - maps to 'ftCstr' attribute in 'ftRls' object class.
    • Method Detail

      • getRawData

        public String getRawData()
        Required on DAO classes convert Temporal attributes stored on entity to raw data object format needed for ldap. For internal use only.
        Specified by:
        getRawData in interface Constraint
        Returns:
        String that maps to 'ftCstr' attribute in 'ftRls' object class.
      • setRawData

        public void setRawData​(String rawData)
        Required on DAO classes convert Temporal from raw ldap data to entity attributes. For internal use only.
        Parameters:
        rawData - maps to 'ftCstr' attribute in 'ftRls' object class.
      • getName

        public String getName()
        Gets the name required attribute of the Role object
        Specified by:
        getName in interface Constraint
        Specified by:
        getName in interface Graphable
        Returns:
        attribute maps to 'cn' attribute on 'organizationalrole' object class.
      • setName

        public void setName​(String name)
        Sets the required name attribute on the Role object
        Specified by:
        setName in interface Constraint
        Specified by:
        setName in interface Graphable
        Parameters:
        name - contains attribute used internally for constraint checking.
      • setOccupant

        public void setOccupant​(String occupant)
        Set the occupant attribute with the contents of the User dn.
        Parameters:
        occupant - maps to 'roleOccupant' attribute on 'organizationalrole' object class.
      • getOccupants

        public List<String> getOccupants()
        Return list of occupants for a particular Role entity.
        Returns:
        List of type String containing User dn that maps to 'roleOccupant' attribute on 'organizationalrole' object class.
      • setOccupants

        public void setOccupants​(List<String> occupants)
        Set a list of occupants for a particular Role entity.
        Parameters:
        occupants - contains a List of type String which maps to 'roleOccupant' attribute on 'organizationalrole' object class.
      • getDescription

        public String getDescription()
        Returns optional description that is associated with Role. This attribute is validated but not constrained by Fortress.
        Returns:
        value that is mapped to 'description' in 'organizationalrole' object class.
      • setDescription

        public void setDescription​(String description)
        Sets the optional description that is associated with Role. This attribute is validated but not constrained by Fortress.
        Parameters:
        description - that is mapped to same name in 'organizationalrole' object class.
      • getId

        public String getId()
        Return the internal id that is associated with Role. This attribute is generated automatically by Fortress when new Role is added to directory and is not known or changeable by external client.
        Returns:
        attribute maps to 'ftId' in 'ftRls' object class.
      • setId

        public void setId()
        Generate an internal Id that is associated with Role. This method is used by DAO class and is not available to outside classes. The generated attribute maps to 'ftId' in 'ftRls' object class.
      • setId

        public void setId​(String id)
        Set the internal Id that is associated with Role. This method is used by DAO class and is generated automatically by Fortress. Attribute stored in LDAP cannot be changed by external caller. This method can be used by client for search purposes only.
        Parameters:
        id - maps to 'ftId' in 'ftRls' object class.
      • isTemporalSet

        public boolean isTemporalSet()
        temporal boolean flag is used by internal Fortress components.
        Specified by:
        isTemporalSet in interface Constraint
        Returns:
        boolean indicating if temporal constraints are placed on Role.
      • getBeginTime

        public String getBeginTime()
        Contains the begin time of day Role is allowed to be activated in session. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        getBeginTime in interface Constraint
        Returns:
        attribute maps to 'ftCstr' attribute in 'ftRls' object class.
      • setBeginTime

        public void setBeginTime​(String beginTime)
        Set the begin time of day Role is allowed to be activated in session. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        setBeginTime in interface Constraint
        Parameters:
        beginTime - maps to 'ftCstr' attribute in 'ftRls' object class.
      • getEndTime

        public String getEndTime()
        Contains the end time of day Role is allowed to be activated in session. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        getEndTime in interface Constraint
        Returns:
        attribute maps to 'ftCstr' attribute in 'ftRls' object class.
      • setEndTime

        public void setEndTime​(String endTime)
        Set the end time of day Role is allowed to be activated in session. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        setEndTime in interface Constraint
        Parameters:
        endTime - maps to 'ftCstr' attribute in 'ftRls' object class.
      • getBeginDate

        public String getBeginDate()
        Contains the begin date when Role is allowed to be activated in session. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        getBeginDate in interface Constraint
        Returns:
        attribute maps to 'ftCstr' attribute in 'ftRls' object class.
      • setBeginDate

        public void setBeginDate​(String beginDate)
        Set the beginDate when Role is allowed to be activated in session. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        setBeginDate in interface Constraint
        Parameters:
        beginDate - maps to 'ftCstr' attribute in 'ftRls' object class.
      • getEndDate

        public String getEndDate()
        Contains the end date when Role is allowed to be activated in session. The format is - YYYYMMDD, i.e. 20101231 (December 31, 2010). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        getEndDate in interface Constraint
        Returns:
        attribute maps to 'ftCstr' attribute in 'ftRls' object class.
      • setEndDate

        public void setEndDate​(String endDate)
        Set the end date when Role is not allowed to be activated in session. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        setEndDate in interface Constraint
        Parameters:
        endDate - maps to 'ftCstr' attribute in 'ftRls' object class.
      • getBeginLockDate

        public String getBeginLockDate()
        Contains the begin lock date when Role is temporarily not allowed to be activated in session. The format is - YYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        getBeginLockDate in interface Constraint
        Returns:
        attribute maps to 'ftCstr' attribute in 'ftRls' object class.
      • setBeginLockDate

        public void setBeginLockDate​(String beginLockDate)
        Set the begin lock date when Role is temporarily not allowed to be activated in session. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        setBeginLockDate in interface Constraint
        Parameters:
        beginLockDate - maps to 'ftCstr' attribute in 'ftRls' object class.
      • getEndLockDate

        public String getEndLockDate()
        Contains the end lock date when Role is allowed to be activated in session once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        getEndLockDate in interface Constraint
        Returns:
        attribute maps to 'ftCstr' attribute in 'ftRls' object class.
      • setEndLockDate

        public void setEndLockDate​(String endLockDate)
        Set the end lock date when Role is allowed to be activated in session once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        setEndLockDate in interface Constraint
        Parameters:
        endLockDate - maps to 'ftCstr' attribute in 'ftRls' object class.
      • getDayMask

        public String getDayMask()
        Get the daymask that indicates what days of week Role is allowed to be activated in session. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        getDayMask in interface Constraint
        Returns:
        attribute maps to 'ftCstr' attribute in 'ftRls' object class.
      • setDayMask

        public void setDayMask​(String dayMask)
        Set the daymask that specifies what days of week Role is allowed to be activated in session. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        setDayMask in interface Constraint
        Parameters:
        dayMask - maps to 'ftCstr' attribute in 'ftRls' object class.
      • getTimeout

        public Integer getTimeout()
        Return the integer timeout that contains total time ((in minutes)) that Role may remain inactive in User's session before it is deactivated. This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        getTimeout in interface Constraint
        Returns:
        int maps to 'ftCstr' attribute in 'ftRls' object class.
      • setTimeout

        public void setTimeout​(Integer timeout)
        Set the integer timeout that contains max time ((in minutes)) that Role may remain inactive in User's session before it is deactivated. This attribute is optional but if set will be validated for reasonableness.
        Specified by:
        setTimeout in interface Constraint
        Parameters:
        timeout - maps to 'ftCstr' attribute in 'ftRls' object class.
      • getParents

        public Set<String> getParents()
        Get the names of roles that are parents (direct ascendants) of this role.
        Specified by:
        getParents in interface Graphable
        Returns:
        Set of parent role names assigned to this role.
      • setParents

        public void setParents​(Set<String> parents)
        Set the names of roles names that are parents (direct ascendants) of this role.
        Specified by:
        setParents in interface Graphable
        Parameters:
        parents - contains the Set of parent role names assigned to this role.
      • setParent

        public void setParent​(String parent)
        Set the occupant attribute with the contents of the User dn.
        Specified by:
        setParent in interface Graphable
        Parameters:
        parent - maps to 'ftParents' attribute on 'ftRls' object class.
      • delParent

        public void delParent​(String parent)
        Set the occupant attribute with the contents of the User dn.
        Specified by:
        delParent in interface Graphable
        Parameters:
        parent - maps to 'ftParents' attribute on 'ftRls' object class.
      • getChildren

        public Set<String> getChildren()
        Return the Set of child role names (direct descendants) of this role.
        Returns:
        Set of child role names assigned to this role.
      • setChildren

        public void setChildren​(Set<String> children)
        Set the Set of child role names (direct descendants) of this role
        Parameters:
        children - contains the Set of child role names assigned to this role.
      • getDn

        public String getDn()
        Returns distinguished name associated with Role. This attribute is generated by DAO and is not allowed for outside classes to modify. This attribute is for internal use only and need not be processed by external clients.
        Returns:
        value that is mapped to the dn of the entry in DIT.
      • setDn

        public void setDn​(String dn)
        Set distinguished name associated with Role. This attribute is used by DAO and is not allowed for outside classes. This attribute cannot be set by external callers.
      • getGidNumber

        public String getGidNumber()
        Get the Group ID number, which is required attribute for RFC2307 posixGroup object class.
        Returns:
      • setGidNumber

        public void setGidNumber​(String gidNumber)
        Set the Group ID nunmber, which is required attribute for RFC2307 posixGroup object class.
        Parameters:
        gidNumber -
      • equals

        public boolean equals​(Object thatObj)
        Matches the name from two Role entities.
        Overrides:
        equals in class Object
        Parameters:
        thatObj - contains a Role entity.
        Returns:
        boolean indicating both objects contain matching Role names.
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object
      • toString

        protected String toString​(String tabs)
        Parameters:
        tabs - the spaces to put at the beginning of each line for a correct indentation
        Returns:
        The representation of a Role as a String
        See Also:
        Object.toString()
      • addProperties

        public void addProperties​(Properties props)
        Add new collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress. Properties are optional.
        Parameters:
        props - contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
      • getProperties

        public Properties getProperties()
        Return the collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress. Properties are optional.
        Returns:
        Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.