Class Manageable

    • Field Detail

      • adminSess

        protected Session adminSess
      • contextId

        protected String contextId
    • Constructor Detail

      • Manageable

        public Manageable()
    • Method Detail

      • setAdmin

        public final void setAdmin​(Session session)
        Use this method to load an administrative user's ARBAC Session object into Manager object will enable authorization to be performed on behalf of admin user. Setting Session into this object will enforce ARBAC controls and render this class's implementer thread unsafe.
        Specified by:
        setAdmin in interface Manageable
        Parameters:
        session - contains a valid Fortress A/RBAC Session object.
      • setContextId

        public final void setContextId​(String contextId)
        Use this method to set the tenant id onto function call into Fortress which allows segregation of data by customer. The contextId is used for multi-tenancy to isolate data sets within a particular sub-tree within DIT. Setting contextId into this object will render this class' implementer thread unsafe.
        Specified by:
        setContextId in interface Manageable
        Parameters:
        contextId - maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
      • setEntitySession

        protected final void setEntitySession​(String className,
                                              String opName,
                                              FortEntity entity)
                                       throws SecurityException
        Set A/RBAC session on entity and perform authorization on behalf of the caller if the adminSess is set.
        Parameters:
        className - contains the class name.
        opName - contains operation name.
        entity - contains FortEntity instance.
        Throws:
        SecurityException - in the event of data validation or system error.
      • checkAccess

        protected final void checkAccess​(String className,
                                         String opName)
                                  throws SecurityException
        Every Fortress Manager API (e.g. addUser, updateUser, addRole, ...) will perform authorization on behalf of the caller IFF the adminSess has been set before invocation.
        Parameters:
        className - contains the class name.
        opName - contains operation name.
        Throws:
        SecurityException - in the event of data validation or system error.
      • setAdminData

        protected final void setAdminData​(String className,
                                          String opName,
                                          FortEntity entity)
        Method is called by Manager APIs to load contextual information on FortEntity.

        The information is used to

        1. Load the administrative User's Session object into entity. This is used for checking to ensure administrator has privilege to perform administrative operation.
        2. Load the target operation's permission into the audit context. This is used for Fortress audit log stored in OpenLDAP
        Parameters:
        className - contains the class name.
        opName - contains operation name.
        entity - used to pass contextual information through Fortress layers for administrative security checks and audit.
      • assertContext

        protected final void assertContext​(String className,
                                           String opName,
                                           FortEntity entity,
                                           int errorCode)
                                    throws ValidationException
        Method will throw exception if entity reference is null, otherwise will set the contextId of the tenant onto the supplied entity reference.
        Parameters:
        className - contains the class name of caller.
        opName - contains operation name of caller.
        entity - used here to pass the tenant id into the Fortress DAO layer..
        errorCode - contains the error id to use if null.
        Throws:
        ValidationException - in the event object is null.
      • assertContext

        protected final void assertContext​(String methodName,
                                           FortEntity entity,
                                           int errorCode)
                                    throws ValidationException
        Method will throw exception if entity reference is null, otherwise will set the contextId of the tenant onto the supplied entity reference.
        Parameters:
        methodName - contains the full method name of caller.
        entity - used here to pass the tenant id into the Fortress DAO layer..
        errorCode - contains the error id to use if null.
        Throws:
        ValidationException - in the event object is null.
      • getFullMethodName

        protected final String getFullMethodName​(String className,
                                                 String opName)
        This method is used to generate log statements and returns the concatenation of class name to the operation name.
        Parameters:
        className - of the caller
        opName - of the caller
        Returns:
        className + '.' + opName