com.bea.p13n.security.management.authentication
Class AtnManagerProxy

java.lang.Object
  extended by com.bea.p13n.security.management.authentication.AtnManagerProxy

public class AtnManagerProxy
extends Object

This class provides access to all user and group management functions as defined by the WLS Security Service Provider Interface (SSPI). This class acts as a proxy for a single, configured Authentication Provider plug-in by proxying calls to the UserProvider and GroupProvider classes.

This class should not contain any layered product dependencies.

Since it is possible that an Authentication Provider may not implement all optional management interfaces, an OperationNotSupportedException may be thrown.

This class is constructed using the AtnProviderDescription.

See Also
AtnSecurityMgmtHelper

Constructor Summary
AtnManagerProxy(AtnProviderDescription aProviderDescription)
          Creates an instance of AtnManagerProxy that provides access to all user and group management functions.
AtnManagerProxy(AtnProviderDescription aProviderDescription, boolean cacheAdminMBean)
          Creates an instance of AtnManagerProxy that provides access to all user and group management functions.
 
Method Summary
 void addGroupToGroup(String parentGroup, String childGroup)
          Add a child group to a group within this provider.
 void addUserToGroup(String groupName, String userName)
          Add a user to an existing group within this provider.
 void createGroup(String groupName)
          Create a new group within this provider.
 void createGroup(String groupName, String description)
          Create a new group within this provider.
 void createUser(String userName, String password)
          Creates a user with the given username and password.
 void createUser(String userName, String password, String description)
          Creates a user with the given username and password.
 List<String> getAllGroupNames()
          Retrieve a list of all groups from this provider.
 List<String> getChildGroupNames(String groupName)
          Retrieve a list of all children of a group within this provider.
 String getGroupDescription(String groupName)
          Get description for a group
 List<String> getGroupNamesForUser(String userName)
          Retrieve a list of all groups that a given user belongs to within this provider.
 String getName()
          The name of the provider is the AtnProviderDescription's name
 List<String> getParentGroupNames(String groupName)
          Retrieve a list of all direct parents of a group within this provider.
 String getUniqueName()
          Get the unique name for this AtnManagerProxy.
 String getUserDescription(String userName)
          Get description for a user
 List<String> getUserNames(String searchExpression, int limit)
          Returns a List of user names matching the search expression
 List<String> getUsernamesForGroup(String groupName)
          Retrieve a list of all users in a group in this provider.
 List<String> getUsernamesForGroup(String groupName, String searchExpression, int limit)
          Retrieve a list of users in a group within this provider, matching the provided wildcard expression.
 boolean groupExists(String groupName)
          Determines if a group exists within this provider (does not check all providers).
 boolean isDescendent(String ancestor, String descendent)
          Determine if one group is a descendent of another.
 boolean isMemberGroup(String groupNameParent, String groupNameChild, boolean recurse)
          Determine if a group is a member of a group.
 boolean isMemberUser(String groupName, String userName, boolean recurse)
          Determine if a user is a member of a group.
 void removeGroup(String groupName)
          Remove a group from this provider.
 void removeGroupFromGroup(String parentGroup, String childGroup)
          Remove a child group from an existing group within this provider.
 void removeUser(String userName)
          Removes a user from the system.
 void removeUserFromGroup(String groupName, String userName)
          Remove a user from an existing group within this provider.
 void setContextHandler(P13nContextHandler contextHandler)
          Associate the context handler identifying the caller of AtnManagerProxy methods.
 void setGroupDescription(String groupName, String description)
          Update the description associated with a group name.
 void setPassword(String userName, String password)
          Sets the password for a user in the realm.
 void setUserDescription(String userName, String description)
          Update the description associated with a user name.
 boolean userExists(String userName)
          Determines if a user exists.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AtnManagerProxy

public AtnManagerProxy(AtnProviderDescription aProviderDescription)
Creates an instance of AtnManagerProxy that provides access to all user and group management functions.

Parameters
aProviderDescription - An authentication provider's description
Throws
IllegalArgumentException - if aProviderDescription is null.

AtnManagerProxy

public AtnManagerProxy(AtnProviderDescription aProviderDescription,
                       boolean cacheAdminMBean)
Creates an instance of AtnManagerProxy that provides access to all user and group management functions.

Parameters
aProviderDescription - An authentication provider's description
cacheAdminMBean - flag for caching admin MBean
Throws
IllegalArgumentException - if aProviderDescription is null.
Method Detail

groupExists

public boolean groupExists(String groupName)
                    throws OperationNotSupportedException
Determines if a group exists within this provider (does not check all providers).

Parameters
groupName - the group name to check
Returns
true if the group exists, false otherwise
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

createGroup

public void createGroup(String groupName)
                 throws GroupAlreadyExistsException,
                        InvalidGroupnameException,
                        OperationNotSupportedException
Create a new group within this provider. This method will always check to insure the group name is not a reserved WLS group name or a reserved group name as listed in the Security Provider Service settings in the Portal Admin tool.

Parameters
groupName - the name of the group to create.
Throws
GroupAlreadyExistsException - if the group already exists
InvalidGroupnameException - if the group name is invalid
OperationNotSupportedException - if authentication provider implementation does not support this operation

createGroup

public void createGroup(String groupName,
                        String description)
                 throws GroupAlreadyExistsException,
                        InvalidGroupnameException,
                        OperationNotSupportedException
Create a new group within this provider. This method will always check to insure the group name is not a reserved WLS group name or a reserved group name as listed in the Security Provider Service settings in the Portal Admin tool.

Parameters
groupName - the name of the group to create.
description - the optional description
Throws
GroupAlreadyExistsException - if the group already exists
InvalidGroupnameException - if the group name is invalid
OperationNotSupportedException - if authentication provider implementation does not support this operation

removeGroup

public void removeGroup(String groupName)
                 throws InvalidGroupnameException,
                        OperationNotSupportedException
Remove a group from this provider.

Parameters
groupName - of the group to remove
Throws
InvalidGroupnameException - if the group is protected and cannot be deleted
OperationNotSupportedException - if authentication provider implementation does not support this operation

addUserToGroup

public void addUserToGroup(String groupName,
                           String userName)
                    throws OperationNotSupportedException
Add a user to an existing group within this provider.

Parameters
groupName - the name of the group to modify
userName - the name of the user to add
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

removeUserFromGroup

public void removeUserFromGroup(String groupName,
                                String userName)
                         throws OperationNotSupportedException
Remove a user from an existing group within this provider.

Parameters
groupName - the name of the group to modify
userName - the name of the user to remove
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

addGroupToGroup

public void addGroupToGroup(String parentGroup,
                            String childGroup)
                     throws OperationNotSupportedException
Add a child group to a group within this provider.

Parameters
parentGroup - the name of the group to modify
childGroup - the name of the group to add
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

removeGroupFromGroup

public void removeGroupFromGroup(String parentGroup,
                                 String childGroup)
                          throws OperationNotSupportedException
Remove a child group from an existing group within this provider.

Parameters
parentGroup - the name of the group to modify
childGroup - the name of the group to remove
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

getAllGroupNames

public List<String> getAllGroupNames()
                              throws OperationNotSupportedException
Retrieve a list of all groups from this provider.

Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

getGroupNamesForUser

public List<String> getGroupNamesForUser(String userName)
                                  throws OperationNotSupportedException
Retrieve a list of all groups that a given user belongs to within this provider.

Parameters
userName - the user to query
Returns
a List of Strings containing the groups
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

getUsernamesForGroup

public List<String> getUsernamesForGroup(String groupName)
                                  throws OperationNotSupportedException
Retrieve a list of all users in a group in this provider.

Parameters
groupName - the group to query
Returns
a List of Strings containing the users
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

getUsernamesForGroup

public List<String> getUsernamesForGroup(String groupName,
                                         String searchExpression,
                                         int limit)
                                  throws OperationNotSupportedException
Retrieve a list of users in a group within this provider, matching the provided wildcard expression.

Parameters
groupName - the group to query
searchExpression - a wildcard expression to match
limit - the maximum number of results to return
Returns
a List of usernames that are in this group
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

getParentGroupNames

public List<String> getParentGroupNames(String groupName)
                                 throws OperationNotSupportedException
Retrieve a list of all direct parents of a group within this provider.

Parameters
groupName - the group to query
Returns
a List of Strings containing the children which are groups
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

getChildGroupNames

public List<String> getChildGroupNames(String groupName)
                                throws OperationNotSupportedException
Retrieve a list of all children of a group within this provider.

Parameters
groupName - the group to query
Returns
a List of Strings containing the children which are groups
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

isDescendent

public boolean isDescendent(String ancestor,
                            String descendent)
                     throws OperationNotSupportedException
Determine if one group is a descendent of another.

Parameters
ancestor - see if the other group is a descendent of this group
descendent - see if this is a descendent of the other group
Returns
true if group is a descendentl, otherwise false
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

isMemberUser

public boolean isMemberUser(String groupName,
                            String userName,
                            boolean recurse)
                     throws OperationNotSupportedException
Determine if a user is a member of a group.

Parameters
groupName - the group to query
userName - the user to look for
recurse - Extend search to descendents of groupName
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

isMemberGroup

public boolean isMemberGroup(String groupNameParent,
                             String groupNameChild,
                             boolean recurse)
                      throws OperationNotSupportedException
Determine if a group is a member of a group.

Parameters
groupNameParent - the group to query
groupNameChild - the child group to look for
recurse - Extend search to descendents of groupName
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

userExists

public boolean userExists(String userName)
                   throws OperationNotSupportedException
Determines if a user exists. This method simply checks all providers for a user with the given name.

Parameters
userName - the user to look for
Returns
true if the user exists, false if it does not
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

createUser

public void createUser(String userName,
                       String password)
                throws UserAlreadyExistsException,
                       InvalidUsernameException,
                       InvalidPasswordException,
                       OperationNotSupportedException
Creates a user with the given username and password.

Parameters
userName - the username for the new user
password - the password for the new user
Throws
InvalidPasswordException - if the password is malformed or otherwise invalid
InvalidUsernameException - if the username is malformed or otherwise invalid
UserAlreadyExistsException - if the username is already in use
OperationNotSupportedException - if authentication provider implementation does not support this operation

createUser

public void createUser(String userName,
                       String password,
                       String description)
                throws UserAlreadyExistsException,
                       InvalidUsernameException,
                       InvalidPasswordException,
                       OperationNotSupportedException
Creates a user with the given username and password.

Parameters
userName - the username for the new user
password - the password for the new user
description - the optional description
Throws
InvalidPasswordException - if the password is malformed or otherwise invalid
InvalidUsernameException - if the username is malformed or otherwise invalid
UserAlreadyExistsException - if the username is already in use
OperationNotSupportedException - if authentication provider implementation does not support this operation

setPassword

public void setPassword(String userName,
                        String password)
                 throws InvalidPasswordException,
                        OperationNotSupportedException
Sets the password for a user in the realm.

Parameters
userName - the username of the user
password - the new password for the user
Throws
InvalidPasswordException - if the password is malformed or otherwise invalid
OperationNotSupportedException - if authentication provider implementation does not support this operation

removeUser

public void removeUser(String userName)
                throws InvalidUsernameException,
                       OperationNotSupportedException
Removes a user from the system.

Parameters
userName - the username of the user to remove
Throws
InvalidUsernameException - if the user is protected and cannot be deleted
OperationNotSupportedException - if authentication provider implementation does not support this operation

getUserNames

public List<String> getUserNames(String searchExpression,
                                 int limit)
                          throws OperationNotSupportedException
Returns a List of user names matching the search expression

Parameters
searchExpression - a wildcard search expression
limit - a limit of results to return
Throws
OperationNotSupportedException - if authentication provider implementation does not support this operation

getName

public String getName()
The name of the provider is the AtnProviderDescription's name


getUniqueName

public String getUniqueName()
Get the unique name for this AtnManagerProxy. It's the concatenation of the display name with the version.


setUserDescription

public void setUserDescription(String userName,
                               String description)
                        throws OperationNotSupportedException
Update the description associated with a user name.

Parameters
userName - User to update description for
description - Updated description
Throws
OperationNotSupportedException

setGroupDescription

public void setGroupDescription(String groupName,
                                String description)
                         throws OperationNotSupportedException
Update the description associated with a group name.

Parameters
groupName - Group to update description for
description - Updated description
Throws
OperationNotSupportedException

getUserDescription

public String getUserDescription(String userName)
                          throws OperationNotSupportedException
Get description for a user

Parameters
userName -
Returns
user description
Throws
OperationNotSupportedException

getGroupDescription

public String getGroupDescription(String groupName)
                           throws OperationNotSupportedException
Get description for a group

Parameters
groupName -
Returns
group description
Throws
OperationNotSupportedException

setContextHandler

public void setContextHandler(P13nContextHandler contextHandler)
Associate the context handler identifying the caller of AtnManagerProxy methods. If the roles protecting the user and group CRUD operations are expression-based roles, then the context handler must be set.

Parameters
contextHandler - Optional context handler identifying caller.


Copyright © 2000, 2008, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates.
Other names may be trademarks of their respective owners.