Class Role
- java.lang.Object
-
- org.apache.directory.fortress.core.model.FortEntity
-
- org.apache.directory.fortress.core.model.Role
-
- All Implemented Interfaces:
Serializable
,Constraint
,Graphable
- Direct Known Subclasses:
AdminRole
public class Role extends FortEntity implements Constraint, Graphable, Serializable
All entities (User
,Role
,Permission
,PwPolicy
SDSet
etc...) are used to carry data between three Fortress layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into (3) DAO layer where persistence with the LDAP server occurs.Fortress Processing Layers
-
Manager layer:
AdminMgrImpl
,AccessMgrImpl
,ReviewMgrImpl
,... -
Process layer:
UserP
,RoleP
,PermP
,... -
DAO layer:
UserDAO
,RoleDAO
,PermDAO
,...
For example, this entity requiressetName(java.lang.String)
attribute set before passing intoAdminMgrImpl
APIs. Create methods sometimes require more attributes (than Read) due to constraints enforced between entities although onlysetName(java.lang.String)
is required forRole
.Role entity attribute usages include
-
setName(java.lang.String)
attribute must be set before callingAdminMgrImpl.addRole(Role)
,AdminMgrImpl.updateRole(Role)
orAdminMgrImpl.deleteRole(Role)
-
Constraint
may be set before calling methodAdminMgrImpl.addRole(Role)
. -
Constraint
will be returned to caller on methods likeReviewMgrImpl.readRole(Role)
orReviewMgrImpl.findRoles(String)
if persisted to entity prior to call.
This entity is used to store the RBAC Role assignments that comprise the many-to-many relationships between
User
s andPermission
s.
The unique key to locate a Role entity (which is subsequently assigned both to Users and Permissions) is 'Role.name'.
There is a many-to-many relationship between User's, RBAC Roles and Permissions.
User
*<->*Role
*<->*Permission
Example to create new RBAC Role:
try { // Instantiate the AdminMgr first AdminMgr adminMgr = AdminMgrFactory.createInstance(); Role myRole = new Role("MyRoleName"); myRole.setDescription("This is a test role"); adminMgr.addRole(myRole); } catch (SecurityException ex) { // log or throw }
The above code will persist to LDAP a Role object that can be used as a target for User-Role assignments and Role-Permission grants.Role Schema
The Fortress Role entity is a composite of the following other Fortress structural and aux object classes:1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.
------------------------------------------ objectclass ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) ------------------------------------------
2. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes.
------------------------------------------ Fortress Roles Structural Object Class objectclass ( 1.3.6.1.4.1.38088.2.1 NAME 'ftRls' DESC 'Fortress Role Structural Object Class' SUP organizationalrole STRUCTURAL MUST ( ftId $ ftRoleName ) MAY ( description $ ftCstr $ ftParents ) ) ------------------------------------------
3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.
# This aux object class can be used to store custom attributes.
# The properties collections consist of name/value pairs and are not constrainted by Fortress.
------------------------------------------ AC2: Fortress Properties Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.2 NAME 'ftProperties' DESC 'Fortress Properties AUX Object Class' AUXILIARY MAY ( ftProps ) ) ------------------------------------------
4. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
------------------------------------------ Fortress Audit Modification Auxiliary Object Class objectclass ( 1.3.6.1.4.1.38088.3.4 NAME 'ftMods' DESC 'Fortress Modifiers AUX Object Class' AUXILIARY MAY ( ftModifier $ ftModCode $ ftModId ) ) ------------------------------------------
- Author:
- Apache Directory Project
- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class org.apache.directory.fortress.core.model.FortEntity
adminSession, contextId, modCode, modId, sequenceId
-
-
Constructor Summary
Constructors Constructor Description Role()
Default constructor is used by internal Fortress classes.Role(String name)
Construct a Role entity with a given name.Role(Constraint con)
Construct an RBAC Role with a given temporal constraint.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addProperties(Properties props)
Add new collection of name/value pairs to attributes associated with User.void
delParent(String parent)
Set the occupant attribute with the contents of the User dn.boolean
equals(Object thatObj)
Matches the name from two Role entities.String
getBeginDate()
Contains the begin date when Role is allowed to be activated in session.String
getBeginLockDate()
Contains the begin lock date when Role is temporarily not allowed to be activated in session.String
getBeginTime()
Contains the begin time of day Role is allowed to be activated in session.Set<String>
getChildren()
Return the Set of child role names (direct descendants) of this role.List<RoleConstraint>
getConstraints()
Return a list of role constraints on entity.String
getDayMask()
Get the daymask that indicates what days of week Role is allowed to be activated in session.String
getDescription()
Returns optional description that is associated with Role.String
getDn()
Returns distinguished name associated with Role.String
getEndDate()
Contains the end date when Role is allowed to be activated in session.String
getEndLockDate()
Contains the end lock date when Role is allowed to be activated in session once again.String
getEndTime()
Contains the end time of day Role is allowed to be activated in session.String
getGidNumber()
Get the Group ID number, which is required attribute for RFC2307 posixGroup object class.String
getId()
Return the internal id that is associated with Role.String
getName()
Gets the name required attribute of the Role objectList<String>
getOccupants()
Return list of occupants for a particular Role entity.Set<String>
getParents()
Get the names of roles that are parents (direct ascendants) of this role.Properties
getProperties()
Return the collection of name/value pairs to attributes associated with User.String
getRawData()
Required on DAO classes convert Temporal attributes stored on entity to raw data object format needed for ldap.Integer
getTimeout()
Return the integer timeout that contains total time ((in minutes)) that Role may remain inactive in User's session before it is deactivated.int
hashCode()
boolean
isTemporalSet()
temporal boolean flag is used by internal Fortress components.void
setBeginDate(String beginDate)
Set the beginDate when Role is allowed to be activated in session.void
setBeginLockDate(String beginLockDate)
Set the begin lock date when Role is temporarily not allowed to be activated in session.void
setBeginTime(String beginTime)
Set the begin time of day Role is allowed to be activated in session.void
setChildren(Set<String> children)
Set the Set of child role names (direct descendants) of this rolevoid
setDayMask(String dayMask)
Set the daymask that specifies what days of week Role is allowed to be activated in session.void
setDescription(String description)
Sets the optional description that is associated with Role.void
setDn(String dn)
Set distinguished name associated with Role.void
setEndDate(String endDate)
Set the end date when Role is not allowed to be activated in session.void
setEndLockDate(String endLockDate)
Set the end lock date when Role is allowed to be activated in session once again.void
setEndTime(String endTime)
Set the end time of day Role is allowed to be activated in session.void
setGidNumber(String gidNumber)
Set the Group ID nunmber, which is required attribute for RFC2307 posixGroup object class.void
setId()
Generate an internal Id that is associated with Role.void
setId(String id)
Set the internal Id that is associated with Role.void
setName(String name)
Sets the required name attribute on the Role objectvoid
setOccupant(String occupant)
Set the occupant attribute with the contents of the User dn.void
setOccupants(List<String> occupants)
Set a list of occupants for a particular Role entity.void
setParent(String parent)
Set the occupant attribute with the contents of the User dn.void
setParents(Set<String> parents)
Set the names of roles names that are parents (direct ascendants) of this role.void
setRawData(String rawData)
Required on DAO classes convert Temporal from raw ldap data to entity attributes.void
setTimeout(Integer timeout)
Set the integer timeout that contains max time ((in minutes)) that Role may remain inactive in User's session before it is deactivated.String
toString()
protected String
toString(String tabs)
-
Methods inherited from class org.apache.directory.fortress.core.model.FortEntity
getAdminSession, getContextId, getModCode, getModId, getSequenceId, setAdminSession, setContextId, setModCode, setSequenceId
-
-
-
-
Constructor Detail
-
Role
public Role()
Default constructor is used by internal Fortress classes.
-
Role
public Role(String name)
Construct a Role entity with a given name.- Parameters:
name
- maps to 'cn' attribute on 'organizationalrole' object class.
-
Role
public Role(Constraint con)
Construct an RBAC Role with a given temporal constraint.- Parameters:
con
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
-
Method Detail
-
getRawData
public String getRawData()
Required on DAO classes convert Temporal attributes stored on entity to raw data object format needed for ldap. For internal use only.- Specified by:
getRawData
in interfaceConstraint
- Returns:
- String that maps to 'ftCstr' attribute in 'ftRls' object class.
-
setRawData
public void setRawData(String rawData)
Required on DAO classes convert Temporal from raw ldap data to entity attributes. For internal use only.- Parameters:
rawData
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
getName
public String getName()
Gets the name required attribute of the Role object- Specified by:
getName
in interfaceConstraint
- Specified by:
getName
in interfaceGraphable
- Returns:
- attribute maps to 'cn' attribute on 'organizationalrole' object class.
-
setName
public void setName(String name)
Sets the required name attribute on the Role object- Specified by:
setName
in interfaceConstraint
- Specified by:
setName
in interfaceGraphable
- Parameters:
name
- contains attribute used internally for constraint checking.
-
setOccupant
public void setOccupant(String occupant)
Set the occupant attribute with the contents of the User dn.- Parameters:
occupant
- maps to 'roleOccupant' attribute on 'organizationalrole' object class.
-
getOccupants
public List<String> getOccupants()
Return list of occupants for a particular Role entity.- Returns:
- List of type String containing User dn that maps to 'roleOccupant' attribute on 'organizationalrole' object class.
-
setOccupants
public void setOccupants(List<String> occupants)
Set a list of occupants for a particular Role entity.- Parameters:
occupants
- contains a List of type String which maps to 'roleOccupant' attribute on 'organizationalrole' object class.
-
getDescription
public String getDescription()
Returns optional description that is associated with Role. This attribute is validated but not constrained by Fortress.- Returns:
- value that is mapped to 'description' in 'organizationalrole' object class.
-
setDescription
public void setDescription(String description)
Sets the optional description that is associated with Role. This attribute is validated but not constrained by Fortress.- Parameters:
description
- that is mapped to same name in 'organizationalrole' object class.
-
getId
public String getId()
Return the internal id that is associated with Role. This attribute is generated automatically by Fortress when new Role is added to directory and is not known or changeable by external client.- Returns:
- attribute maps to 'ftId' in 'ftRls' object class.
-
setId
public void setId()
Generate an internal Id that is associated with Role. This method is used by DAO class and is not available to outside classes. The generated attribute maps to 'ftId' in 'ftRls' object class.
-
setId
public void setId(String id)
Set the internal Id that is associated with Role. This method is used by DAO class and is generated automatically by Fortress. Attribute stored in LDAP cannot be changed by external caller. This method can be used by client for search purposes only.- Parameters:
id
- maps to 'ftId' in 'ftRls' object class.
-
isTemporalSet
public boolean isTemporalSet()
temporal boolean flag is used by internal Fortress components.- Specified by:
isTemporalSet
in interfaceConstraint
- Returns:
- boolean indicating if temporal constraints are placed on Role.
-
getBeginTime
public String getBeginTime()
Contains the begin time of day Role is allowed to be activated in session. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getBeginTime
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftRls' object class.
-
setBeginTime
public void setBeginTime(String beginTime)
Set the begin time of day Role is allowed to be activated in session. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setBeginTime
in interfaceConstraint
- Parameters:
beginTime
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
getEndTime
public String getEndTime()
Contains the end time of day Role is allowed to be activated in session. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getEndTime
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftRls' object class.
-
setEndTime
public void setEndTime(String endTime)
Set the end time of day Role is allowed to be activated in session. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setEndTime
in interfaceConstraint
- Parameters:
endTime
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
getBeginDate
public String getBeginDate()
Contains the begin date when Role is allowed to be activated in session. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getBeginDate
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftRls' object class.
-
setBeginDate
public void setBeginDate(String beginDate)
Set the beginDate when Role is allowed to be activated in session. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setBeginDate
in interfaceConstraint
- Parameters:
beginDate
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
getEndDate
public String getEndDate()
Contains the end date when Role is allowed to be activated in session. The format is - YYYYMMDD, i.e. 20101231 (December 31, 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getEndDate
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftRls' object class.
-
setEndDate
public void setEndDate(String endDate)
Set the end date when Role is not allowed to be activated in session. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setEndDate
in interfaceConstraint
- Parameters:
endDate
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
getBeginLockDate
public String getBeginLockDate()
Contains the begin lock date when Role is temporarily not allowed to be activated in session. The format is - YYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getBeginLockDate
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftRls' object class.
-
setBeginLockDate
public void setBeginLockDate(String beginLockDate)
Set the begin lock date when Role is temporarily not allowed to be activated in session. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setBeginLockDate
in interfaceConstraint
- Parameters:
beginLockDate
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
getEndLockDate
public String getEndLockDate()
Contains the end lock date when Role is allowed to be activated in session once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getEndLockDate
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftRls' object class.
-
setEndLockDate
public void setEndLockDate(String endLockDate)
Set the end lock date when Role is allowed to be activated in session once again. The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setEndLockDate
in interfaceConstraint
- Parameters:
endLockDate
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
getDayMask
public String getDayMask()
Get the daymask that indicates what days of week Role is allowed to be activated in session. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.- Specified by:
getDayMask
in interfaceConstraint
- Returns:
- attribute maps to 'ftCstr' attribute in 'ftRls' object class.
-
setDayMask
public void setDayMask(String dayMask)
Set the daymask that specifies what days of week Role is allowed to be activated in session. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday). This attribute is optional but if set will be validated for reasonableness.- Specified by:
setDayMask
in interfaceConstraint
- Parameters:
dayMask
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
getTimeout
public Integer getTimeout()
Return the integer timeout that contains total time ((in minutes)) that Role may remain inactive in User's session before it is deactivated. This attribute is optional but if set will be validated for reasonableness.- Specified by:
getTimeout
in interfaceConstraint
- Returns:
- int maps to 'ftCstr' attribute in 'ftRls' object class.
-
setTimeout
public void setTimeout(Integer timeout)
Set the integer timeout that contains max time ((in minutes)) that Role may remain inactive in User's session before it is deactivated. This attribute is optional but if set will be validated for reasonableness.- Specified by:
setTimeout
in interfaceConstraint
- Parameters:
timeout
- maps to 'ftCstr' attribute in 'ftRls' object class.
-
getConstraints
public List<RoleConstraint> getConstraints()
Description copied from interface:Constraint
Return a list of role constraints on entity.- Specified by:
getConstraints
in interfaceConstraint
- Returns:
-
getParents
public Set<String> getParents()
Get the names of roles that are parents (direct ascendants) of this role.- Specified by:
getParents
in interfaceGraphable
- Returns:
- Set of parent role names assigned to this role.
-
setParents
public void setParents(Set<String> parents)
Set the names of roles names that are parents (direct ascendants) of this role.- Specified by:
setParents
in interfaceGraphable
- Parameters:
parents
- contains the Set of parent role names assigned to this role.
-
setParent
public void setParent(String parent)
Set the occupant attribute with the contents of the User dn.
-
delParent
public void delParent(String parent)
Set the occupant attribute with the contents of the User dn.
-
getChildren
public Set<String> getChildren()
Return the Set of child role names (direct descendants) of this role.- Returns:
- Set of child role names assigned to this role.
-
setChildren
public void setChildren(Set<String> children)
Set the Set of child role names (direct descendants) of this role- Parameters:
children
- contains the Set of child role names assigned to this role.
-
getDn
public String getDn()
Returns distinguished name associated with Role. This attribute is generated by DAO and is not allowed for outside classes to modify. This attribute is for internal use only and need not be processed by external clients.- Returns:
- value that is mapped to the dn of the entry in DIT.
-
setDn
public void setDn(String dn)
Set distinguished name associated with Role. This attribute is used by DAO and is not allowed for outside classes. This attribute cannot be set by external callers.
-
getGidNumber
public String getGidNumber()
Get the Group ID number, which is required attribute for RFC2307 posixGroup object class.- Returns:
-
setGidNumber
public void setGidNumber(String gidNumber)
Set the Group ID nunmber, which is required attribute for RFC2307 posixGroup object class.- Parameters:
gidNumber
-
-
equals
public boolean equals(Object thatObj)
Matches the name from two Role entities.
-
toString
protected String toString(String tabs)
- Parameters:
tabs
- the spaces to put at the beginning of each line for a correct indentation- Returns:
- The representation of a Role as a String
- See Also:
Object.toString()
-
toString
public String toString()
- Overrides:
toString
in classObject
- See Also:
Object.toString()
-
addProperties
public void addProperties(Properties props)
Add new collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress. Properties are optional.- Parameters:
props
- contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-
getProperties
public Properties getProperties()
Return the collection of name/value pairs to attributes associated with User. These values are not constrained by Fortress. Properties are optional.- Returns:
- Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-
-