Package   Class  Tree  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.bea.ales.controls
Interface ALESControl

public interface ALESControl

ALESControl is a public control interface, encapsulates ALES SSM runtime APIs, and provides access to ALES SSM runtime security service in a consistent, straightforward manner. A developer can drag and drop methods from the ALEScontrol onto a WLP page flow or a WLI process in Workshop and use the data returned by a selected method (access decision, roles, etc.) to drive a downstream node in the page flow or process.

Author:
Copyright (c) 2004-2008, Oracle and/or its affiliates. All rights reserved.

Field Summary
static java.lang.String FLUSH_OPT_ATTRCACHE
          Options value which indicates that the attribute cache should be flushed.
static java.lang.String FLUSH_OPT_ATZCACHE
          Options value which indicates that the authorization cache should be flushed.
 
Method Summary
 void flushCache(java.lang.String[] options)
          Removes all entries from the OOTB attributes cache and flushes its statistics.
 void flushCacheByUser(java.lang.String[] options, java.lang.String userID)
          Removes entries for the user, identified by the userID parameter.
 java.util.Collection getRoles(java.lang.String resource, java.lang.String action, java.util.Map appContext)
          Gets all roles for current login user in reference to a resource, action, and application context.
 boolean hasRole(java.lang.String resource, java.lang.String action, java.util.Map appContext, java.lang.String role)
          Determines if current login user has a specific role in reference to a resource, action, and application context.
 boolean isAccessAllowed(java.lang.String resource, java.lang.String action, java.util.Map appContext)
          Determines if current login user is permitted to access a specific resource with a specific action.
 boolean isAccessAllowedWithGrantedresources(java.lang.String resource, java.lang.String action, java.util.Map appContext, java.util.Collection grantedresources)
          Determines if current login user is permitted to access a specific resource with a specific action and gets all permitted to access resources from this resource.
 boolean isAccessAllowedWithResponseAttribues(java.lang.String resource, java.lang.String action, java.util.Map appContext, java.util.Map responseAttr)
          Determines if current login user is permitted to access a specific resource with a specific action and gets response attributes returned by the authorization system.
 void recordEvent(java.lang.String message, java.util.Map appContext, AuditSeverity severity)
          Sends an audit message to the audit service system.
 

Field Detail

FLUSH_OPT_ATTRCACHE

static final java.lang.String FLUSH_OPT_ATTRCACHE
Options value which indicates that the attribute cache should be flushed.

See Also:
flushCache(java.lang.String[]), flushCacheByUser(java.lang.String[], java.lang.String), Constant Field Values

FLUSH_OPT_ATZCACHE

static final java.lang.String FLUSH_OPT_ATZCACHE
Options value which indicates that the authorization cache should be flushed.

See Also:
flushCache(java.lang.String[]), flushCacheByUser(java.lang.String[], java.lang.String), Constant Field Values
Method Detail

flushCache

void flushCache(java.lang.String[] options)
                throws ALESControlException
Removes all entries from the OOTB attributes cache and flushes its statistics.

Parameters:
options - The options can be either ALESControl.FLUSH_OPT_ATZCACHE or ALESControl.FLUSH_OPT_ATTRCACHE, or both of them.
Throws:
ALESControlException - This exception is thrown if a parameter passed in contains an invalid option.

flushCacheByUser

void flushCacheByUser(java.lang.String[] options,
                      java.lang.String userID)
                      throws ALESControlException
Removes entries for the user, identified by the userID parameter. The options can be either ALESControl.FLUSH_OPT_ATZCACHE or ALESControl.FLUSH_OPT_ATTRCACHE, or both of them.

Parameters:
options - The options can be either ALESControl.FLUSH_OPT_ATZCACHE or ALESControl.FLUSH_OPT_ATTRCACHE, or both of them.
userID - The user whose cache entries are to be reset. Should be a valid name (not NULL and of positive length). The name should be in the short format and not include directory, i.e. "system" and not "//user/asi/system/"
Throws:
ALESControlException - This exception is thrown if a parameter passed in contains an invalid option or the userID is empty.

getRoles

java.util.Collection getRoles(java.lang.String resource,
                              java.lang.String action,
                              java.util.Map appContext)
                              throws ALESControlException
Gets all roles for current login user in reference to a resource, action, and application context.

Parameters:
resource - a String represents the resource, for example, a resource defined in ALES is "//app/policy/wls9ssm/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService", if want know current login user is permitted to perform a action on the resource, string passed as resource to this method should be "/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService"
action - a String represents the action to be performed on a resource, which should be a defined privilege name in ALES, for example, "execute"
appContext - a Map of name/value pairs of application context attributes, the name type is String and value type is Object
Returns:
a Collection of Strings represents the roles associated for this identity.
Throws:
ALESControlException - an ALESControlException is thrown if any exception caught while calling runtime security service.

hasRole

boolean hasRole(java.lang.String resource,
                java.lang.String action,
                java.util.Map appContext,
                java.lang.String role)
                throws ALESControlException
Determines if current login user has a specific role in reference to a resource, action, and application context.

Parameters:
resource - a String represents the resource, for example, a resource defined in ALES is "//app/policy/wls9ssm/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService", if want know current login user is permitted to perform a action on the resource, string passed as resource to this method should be "/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService"
action - a String represents the action to be performed on a resourcee, which should be a defined privilege name in ALES, for example, "execute"
appContext - a Map of name/value pairs of application context attributes, the name type is String and value type is Object
role - a String represents the role to see if the current login user has
Returns:
a Collection of Strings represent the roles associated for this identity.
Throws:
ALESControlException - an ALESControlException is thrown if any exception caught while calling runtime security service.

isAccessAllowed

boolean isAccessAllowed(java.lang.String resource,
                        java.lang.String action,
                        java.util.Map appContext)
                        throws ALESControlException
Determines if current login user is permitted to access a specific resource with a specific action. The application context is also taken into account for this decision.

Parameters:
resource - a String represents the resource, for example, a resource defined in ALES is "//app/policy/wls9ssm/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService", if want know current login user is permitted to perform a action on the resource, string passed as resource to this method should be "/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService"
action - a String represents the action to be performed on the resource, which should be a defined privilege name in ALES, for example, "execute"
appContext - a Map of name/value pairs of application context attributes, the name type is String and value type is Object
Returns:
true if the current login user has permission to do the action on the resource, false otherwise.
Throws:
ALESControlException - an ALESControlException is thrown if any exception caught while calling runtime security service.

isAccessAllowedWithGrantedresources

boolean isAccessAllowedWithGrantedresources(java.lang.String resource,
                                            java.lang.String action,
                                            java.util.Map appContext,
                                            java.util.Collection grantedresources)
                                            throws ALESControlException
Determines if current login user is permitted to access a specific resource with a specific action and gets all permitted to access resources from this resource. The application context is also taken into account for this decision.

Parameters:
resource - a String represents the resource, for example, a resource defined in ALES is "//app/policy/wls9ssm/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService", if want know current login user is permitted to perform a action on the resource, string passed as resource to this method should be "/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService"
action - a String represents the action to be performed on a resource, which should be a defined privilege name in ALES, for example, "execute"
appContext - a Map of name/value pairs of application context attributes, the name type is String and value type is Object
grantedresources - a Collection of Strings represents resources from the resource passed in that the current login user can perform the action passed in , returned by the authorization system, it's an out parameter.
Returns:
true if the current login user has permission to perform the action on the resource, false otherwise.
Throws:
ALESControlException - an ALESControlException is thrown if any exception caught while calling runtime security service.

isAccessAllowedWithResponseAttribues

boolean isAccessAllowedWithResponseAttribues(java.lang.String resource,
                                             java.lang.String action,
                                             java.util.Map appContext,
                                             java.util.Map responseAttr)
                                             throws ALESControlException
Determines if current login user is permitted to access a specific resource with a specific action and gets response attributes returned by the authorization system. The application context is also taken into account for this decision.

Parameters:
resource - a String represents the resource, for example, a resource defined in ALES is "//app/policy/wls9ssm/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService", if want know current login user is permitted to perform a action on the resource, string passed as resource to this method should be "/ExampleApp_EAR/jpd/ExampleApp_Web/processes.ExampleProcess/performService"
action - a String represents the action to be performed on a resource, which should be a defined privilege name in ALES, for example, "execute"
appContext - a Map of name/value pairs of application context attributes, the name type is String and value type is Object
responseAttr - a Map of name/value pairs of response attributes returned by the authorization system the name and value type is String, it's an out parameter.
Returns:
true if the current login user has permission to perform the action on the resource, false otherwise.
Throws:
ALESControlException - an ALESControlException is thrown if any exception caught while calling runtime security service.

recordEvent

void recordEvent(java.lang.String message,
                 java.util.Map appContext,
                 AuditSeverity severity)
                 throws ALESControlException
Sends an audit message to the audit service system. The message will be auditted by the audit providers configured in the system.

Parameters:
message - a String repesents the message to pass to the audit system
appContext - a Map of name/value pairs of application context attributes, the name type is String and value type is Object
severity - a AuditSeverity represents the severity of the audit message, could be AuditSeverity.INFORMATIONAL, AuditSeverity.WARNING, AuditSeverity.ERROR, AuditSeverity.SUCCESS or AuditSeverity.FAILURE
Throws:
ALESControlException - an ALESControlException is thrown if any exception caught while calling runtime security service.
Package   Class  Tree  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2008, Oracle and/or its affiliates. All rights reserved.