4.35 - Add Role Constraint

RoleConstraint addRoleConstraint( UserRole uRole, RoleConstraint roleConstraint ) throws SecurityException;

This method adds a role constraint to the user.

The function is valid if and only if:

  • The user is a member of the USERS data set.
  • The role is a member of the ROLES data set.
  • The user is assigned to that role.

Required Parameters:

  • UserRole#userId - the userId for an existing User.
  • UserRole#name - contains the name of a Role assigned to the User.
  • RoleConstraint#type - type of role constraint: [USER, FILTER, OTHER].
  • RoleConstraint#key - the name of an attribute set targeted for the User-Role.
  • RoleConstraint#value - contains the value of the role constraint.


  • SecurityException - is thrown if user is not allowed to activate or runtime error occurs with system.


import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.UserRole;
import org.apache.directory.fortress.core.model.RoleConstraint;

public static void testAddRoleConstraint( User user, Role role, String key, String value )
    String szLocation = ".testAddRoleConstraint";
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        UserRole userRole = new UserRole( user.getUserId(), role.getName() );
        RoleConstraint constraint = new RoleConstraint();
        constraint.setKey( key );
        constraint.setValue( value );
        RoleConstraint out = adminMgr.addRoleConstraint( userRole, constraint );
    catch ( SecurityException ex )
        LOG.error( szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex );
        fail( ex.getMessage() );