Package org.apache.directory.fortress.core.rest

Class DelReviewMgrRestImpl

  • All Implemented Interfaces:
    DelReviewMgr, Manageable
    public class DelReviewMgrRestImpl
extends Manageable
implements DelReviewMgr
    This class implements the ARBAC02 DelReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC entities using HTTP access to Fortress Rest server. These APIs map directly to similar named APIs specified by ARBAC02 functions. The ARBAC Functional specification describes delegated administrative operations for the creation and maintenance of ARBAC element sets and relations. Delegated administrative review functions for performing administrative queries and system functions for creating and managing ARBAC attributes on user sessions and making delegated administrative access control decisions.

    Administrative Role Based Access Control (ARBAC)

    Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration. ARBAC provides large enterprises the capability to delegate administrative authority to users that reside outside of the security admin group. Decentralizing administration helps because it provides security provisioning capability to work groups without sacrificing regulations for accountability or traceability.

    This class is NOT thread safe if "adminSession" instance variable is set

    Author:
    Apache Directory Project

    • Constructor Detail

      • DelReviewMgrRestImpl

        public DelReviewMgrRestImpl()

    • Method Detail

      • readRole

        public AdminRole readRole​(AdminRole role)
                   throws SecurityException
        Method reads Admin Role entity from the admin role container in directory.

        required parameters

        • Role.name - contains the name of the AdminRole being targeted for read
        Specified by:
        readRole in interface DelReviewMgr
        Parameters:
        role - contains role name to be read.
        Returns:
        AdminRole entity that corresponds with role name.
        Throws:
        SecurityException - will be thrown if role not found or system error occurs.

      • findRoles

        public List<AdminRole> findRoles​(String searchVal)
                          throws SecurityException
        Method will return a list of type Admin Role.

        required parameters

        • Role.name - contains all or some chars in the name of AdminRole(s) targeted for search
        Specified by:
        findRoles in interface DelReviewMgr
        Parameters:
        searchVal - contains the all or some of the chars corresponding to admin role entities stored in directory.
        Returns:
        List of type AdminRole containing role entities that match the search criteria.
        Throws:
        SecurityException - in the event of system error.

      • assignedRoles

        public List<UserAdminRole> assignedRoles​(User user)
                                  throws SecurityException
        This function returns the set of admin roles assigned to a given user. The function is valid if and only if the user is a member of the USERS data set.

        required parameters

        • User.userId - contains the userId associated with the User object targeted for search.
        Specified by:
        assignedRoles in interface DelReviewMgr
        Parameters:
        user - contains userId matching user entity stored in the directory.
        Returns:
        List of type UserAdminRole containing the user admin role data.
        Throws:
        SecurityException - If user not found or system error occurs.

      • assignedUsers

        public List<User> assignedUsers​(AdminRole role)
                         throws SecurityException
        This method returns the data set of all users who are assigned the given admin role. This searches the User data set for AdminRole relationship. This method does NOT search for hierarchical Admin Roles relationships.

        required parameters

        • Role.name - contains the name of AdminRole targeted for search
        Specified by:
        assignedUsers in interface DelReviewMgr
        Parameters:
        role - contains the role name used to search the User data set.
        Returns:
        List of type User containing the users assigned data.
        Throws:
        SecurityException - If system error occurs.

      • read

        public OrgUnit read​(OrgUnit entity)
             throws SecurityException
        Commands reads existing OrgUnit entity from OrgUnit dataset. The OrgUnit can be either User or Perm and is set by setting type attribute.

        required parameters

        Specified by:
        read in interface DelReviewMgr
        Parameters:
        entity - contains OrgUnit name and type.
        Returns:
        OrgUnit entity that corresponds with ou name and type.
        Throws:
        SecurityException - in the event of data validation or system error.

      • search

        public List<OrgUnit> search​(OrgUnit.Type type,
                            String searchVal)
                     throws SecurityException
        Commands searches existing OrgUnit entities from OrgUnit dataset. The OrgUnit can be either User or Perm and is set by setting type parameter on API.

        required parameters

        Specified by:
        search in interface DelReviewMgr
        Parameters:
        type - either PERM or USER
        searchVal - contains the leading chars that map to OrgUnit.name on existing OrgUnit(s) targeted for search.
        Returns:
        List of type OrgUnit containing the OrgUnit data.
        Throws:
        SecurityException - in the event of data validation or system error.

      • rolePermissions

        public List<Permission> rolePermissions​(AdminRole role)
                                 throws SecurityException
        Description copied from interface: DelReviewMgr
        This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role. The function is valid if and only if the role is a member of the ROLES data set.

        required parameters

        • Role.name - contains the name to use for the AdminRole targeted for search.
        Specified by:
        rolePermissions in interface DelReviewMgr
        Parameters:
        role - contains role name, Role.name of AdminRole entity Permission is granted to.
        Returns:
        List of type Permission that contains all perms granted to a role.
        Throws:
        SecurityException - In the event system error occurs.

      • rolePermissions

        public List<Permission> rolePermissions​(AdminRole role,
                                        boolean noInheritance)
                                 throws SecurityException
        Description copied from interface: DelReviewMgr
        This function returns the set of all ARBAC permissions (op, obj), granted to or inherited by a given ARBAC role. The function is valid if and only if the role is a member of the ROLES data set.

        required parameters

        • Role.name - contains the name to use for the AdminRole targeted for search.
        Specified by:
        rolePermissions in interface DelReviewMgr
        Parameters:
        role - contains role name, Role.name of AdminRole entity Permission is granted to.
        noInheritance - if true will NOT include inherited roles in the search.
        Returns:
        List of type Permission that contains all perms granted to a role.
        Throws:
        SecurityException - In the event system error occurs.