Skip navigation links

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services
11g Release 1 (11.1.1)
E14650-03
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.security.jps.service.policystore
Interface ApplicationPolicy

All Superinterfaces:
JavaPolicy, PolicyMgmt
public interface ApplicationPolicy
extends JavaPolicy, PolicyMgmt
Since:
release specific (what release of product did this appear in)

Method Summary
 void addPrincipalToAppRole(PrincipalEntry principalEntry, java.lang.String appRoleName)
          Adds this principal as member to this app role
 void addPrincipalToAppRole(java.security.Principal principal, java.lang.String appRoleName)
          Adds this principal as member to this app role
 void alterAppRole(java.lang.String appRoleName, java.lang.String newDescription, java.lang.String newDisplayName)
          Alters an application Role's display Name and description These paramters are not used to compare two application roles for similarity An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to Description or Display Name will replace previous Description/ Display Name with "null"
 void alterAppRoleCategory(java.lang.String appRoleName, java.lang.String newCategory)
          Alters an application Role's category An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to category will replace previous category with "null"
 boolean containsAppRole(java.lang.String appRoleName)
          checks if this app role exists.
 boolean containsPrincipalAsMember(java.lang.String appRoleName, java.security.Principal principal)
          Checks if this principal is a member of this app role
 void createAppRole(java.lang.String appRoleName, java.lang.String displayName, java.lang.String desc, ExtendedProperty appRoleAttributes)
          Creates the requested application role in the policy store with extended attributes.
 void createAppRole(java.lang.String appRoleName, java.lang.String displayName, java.lang.String desc, java.lang.String guid)
          Deprecated. - use createAppRole(String appRoleName, String displayName, String desc, ExtendedProperty appRoleAttributes)
 void createAppRole(java.lang.String appRoleName, java.lang.String displayName, java.lang.String desc, java.lang.String guid, ExtendedProperty appRoleAttributes)
          Deprecated. - use createAppRole(String appRoleName, String displayName, String desc, ExtendedProperty appRoleAttributes)
 java.util.List getAllAppRoleEntries()
          Returns all app role entries
 java.util.List getAllAppRoles()
          Returns the list of all the application roles in this application context.
 java.util.List getAllGrantedAppRoleEntries(java.security.Principal principal)
          Returns all the granted app role entries for this principal where the principal is either a direct member or indirect member through other app roles.
 java.util.List getAllGrantedAppRoles(java.security.Principal principal)
          Returns all the granted app roles for this principal where the principal is either a direct member or indirect member through other app roles.
 java.lang.String getApplicationDescription()
          Get the Application Description
 java.lang.String getApplicationDisplayName()
          Get the Application Display Name
 java.lang.String getApplicationName()
          Return the application Name
 java.lang.String getApplicationUniqueName()
          Return the application UniqueName
 java.util.List getAppRolesMembers(java.lang.String appRoleName)
          Returns the list of principals granted to this application role.
 EntityManager getEntityManager(java.lang.Class klass)
          Get the entity manager.
 java.util.List getGrantedAppRoles(java.security.Principal principal)
          Returns all the granted app roles for this principal where the principal is a direct member of the App Role.
 java.lang.String getVersion()
          Returns the application version.
 void removeAppRole(java.lang.String appRoleName)
          Removes the application role from policy store.
 void removeAppRole(java.lang.String appRoleName, boolean force)
          Removes the application role from policy store.
 void removePrincipalFromAppRole(PrincipalEntry principalEntry, java.lang.String appRoleName)
          Removes this principal from this appRoleName
 void removePrincipalFromAppRole(java.security.Principal principal, java.lang.String appRoleName)
          Removes this principal from this appRoleName
 java.util.List searchAppRoles(java.lang.String appRoleName)
          This method searches application roles by an attribute role name.
 java.util.List searchAppRoles(java.lang.String roleAttrName, java.lang.String roleAttrNameVal, boolean inequality)
          This method searches application roles by an attribute and its value.
 void setVersion(java.lang.String version)
          Set the application version in memory.

 

Methods inherited from interface oracle.security.jps.jaas.JavaPolicy
getPermissions, getPermissions, getPermissions, getPermissions, getPermissions, hasPermission, implies, refresh

 

Methods inherited from interface oracle.security.jps.service.policystore.PolicyMgmt
getGrantEntries, grant, grant, modifyGrant, revoke, revoke

 

Method Detail

containsAppRole

boolean containsAppRole(java.lang.String appRoleName)
                        throws PolicyStoreException
checks if this app role exists.
Parameters:
appRoleName - - name of the app role
Returns:
true, if this app role exists, false otherwise
Throws:
PolicyStoreException - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.

createAppRole

@Deprecated
void createAppRole(java.lang.String appRoleName,
                              java.lang.String displayName,
                              java.lang.String desc,
                              java.lang.String guid,
                              ExtendedProperty appRoleAttributes)
                   throws PolicyObjectAlreadyExistsException,
                          PolicyStoreException
Deprecated. - use createAppRole(String appRoleName, String displayName, String desc, ExtendedProperty appRoleAttributes)
Creates the requested application role in the policy store with extended attributes.

Standard attributes supplied as parameters in this api ( DISPLAY_NAME, DESCRIPTION and GUID) cannot be part of the extended attributes.

The following code fragment illustrates how to construct the extended attributes:

     ExtendedProperty  ep = new ExtendedProperty();
     String attribute = ApplicationRoleAttributes.SCOPE.name();
     List < String > values = new ArrayList< String >();
     values.add( "user-defined-value");
     ep.setProperty(attribute, values);

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "createAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
appRoleName - name of the application role
displayName - diplay name of the application role
desc - description of the application role
guid - guid of the application role
appRoleAttributes - - Extended attributes for the application role
Throws:
PolicyObjectAlreadyExistsException - if the role already exists.
PolicyStoreException - if the policy store provider reports an error while creating the role.
java.lang.IllegalArgumentException - if the standard attributes are part of
java.lang.NullPointerException - if the application name is empty. the extendedAttributes.
See Also:
for a list of valid extended attributes.

createAppRole

@Deprecated
void createAppRole(java.lang.String appRoleName,
                              java.lang.String displayName,
                              java.lang.String desc,
                              java.lang.String guid)
                   throws PolicyObjectAlreadyExistsException,
                          PolicyStoreException
Deprecated. - use createAppRole(String appRoleName, String displayName, String desc, ExtendedProperty appRoleAttributes)
Creates the requested application role in policy store.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "createAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
appRoleName - - name of the app role
displayName - - diplay name of the app role
desc - - description of the app role
guid - - guid of the app role
Throws:
PolicyObjectAlreadyExistsException - - if this application role already exists
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.

createAppRole

void createAppRole(java.lang.String appRoleName,
                   java.lang.String displayName,
                   java.lang.String desc,
                   ExtendedProperty appRoleAttributes)
                   throws PolicyObjectAlreadyExistsException,
                          PolicyStoreException
Creates the requested application role in the policy store with extended attributes.

Standard attributes supplied as parameters in this api ( DISPLAY_NAME and DESCRIPTION) cannot be part of the extended attributes.

The following code fragment illustrates how to construct the extended attributes:

     ExtendedProperty  ep = new ExtendedProperty();
     String attribute = ApplicationRoleAttributes.SCOPE.name();
     List < String > values = new ArrayList< String >();
     values.add( "user-defined-value");
     ep.setProperty(attribute, values);

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "createAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
appRoleName - name of the application role
displayName - diplay name of the application role
desc - description of the application role
appRoleAttributes - - Extended attributes for the application role
Throws:
PolicyObjectAlreadyExistsException - if the role already exists.
PolicyStoreException - if the policy store provider reports an error while creating the role.
java.lang.IllegalArgumentException - if the standard attributes are part of
java.lang.NullPointerException - if the application name is empty. the extendedAttributes.
See Also:
for a list of valid extended attributes.

removeAppRole

void removeAppRole(java.lang.String appRoleName)
                   throws PolicyObjectNotFoundException,
                          PolicyStoreException
Removes the application role from policy store.

This is equivalent to calling removeAppRole(appRoleName, true).

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "removeAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
appRoleName - - name of the app role to remove
Throws:
PolicyObjectNotFoundException - - if this app role does not exist
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.

removeAppRole

void removeAppRole(java.lang.String appRoleName,
                   boolean force)
                   throws ApplicationRoleInUseException,
                          PolicyObjectNotFoundException,
                          PolicyStoreException
Removes the application role from policy store. If force is false, this method checks If any of the above conditions are true, then this operation throws an ApplicationRoleInUseException with the cause. If force is true, then this method

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "removeAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
appRoleName - - name of the app role to remove
Throws:
ApplicationRoleInUseException - - if the application role is in use as described above.
PolicyObjectNotFoundException - - if this application role does not exist
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.

containsPrincipalAsMember

boolean containsPrincipalAsMember(java.lang.String appRoleName,
                                  java.security.Principal principal)
                                  throws PolicyObjectNotFoundException,
                                         PolicyStoreException
Checks if this principal is a member of this app role
Parameters:
appRoleName - - the app role name
principal - - the principal name
Returns:
true if this principal is a member of this appRoleName, false otherwise
Throws:
PolicyObjectNotFoundException - - if this appRoleName itself does not exist
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principal is null.

addPrincipalToAppRole

void addPrincipalToAppRole(java.security.Principal principal,
                           java.lang.String appRoleName)
                           throws PolicyObjectNotFoundException,
                                  PolicyObjectAlreadyExistsException,
                                  PolicyStoreException
Adds this principal as member to this app role

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "addPrincipalToAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
principal - - the principal to add
appRoleName - - the app role
Throws:
PolicyObjectNotFoundException - - if this appRoleName itself does not exist
PolicyObjectAlreadyExistsException - - if this principal is already a member of this app role
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principal is null.

addPrincipalToAppRole

void addPrincipalToAppRole(PrincipalEntry principalEntry,
                           java.lang.String appRoleName)
                           throws PolicyObjectNotFoundException,
                                  PolicyObjectAlreadyExistsException,
                                  PolicyStoreException
Adds this principal as member to this app role

Use this method when it is not possible to create a Principal representation of the principalEntry. Typically, this may arise if the Java class that implements the principalEntry is not in the current Class Path. For well known JpsPrincipal types, you must use the other version of this API that takes the Principal parameter.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "addPrincipalToAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
principalEntry - - the principal to add
appRoleName - - the app role
Throws:
PolicyObjectNotFoundException - - if this appRoleName itself does not exist
PolicyObjectAlreadyExistsException - - if this principal is already a member of this app role
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principal is null.

If either the Principal class name or the Principal name is null (or an empty String) in the PrincipalEntry, then the principalEntry is considered to be null.

removePrincipalFromAppRole

void removePrincipalFromAppRole(java.security.Principal principal,
                                java.lang.String appRoleName)
                                throws PolicyObjectNotFoundException,
                                       PolicyStoreException
Removes this principal from this appRoleName

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "removePrincipalFromAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
principal - - the principal to be removed
appRoleName - - the app role name
Throws:
PolicyObjectNotFoundException - - if this principal does not exist in this appRoleName
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principal is null.

removePrincipalFromAppRole

void removePrincipalFromAppRole(PrincipalEntry principalEntry,
                                java.lang.String appRoleName)
                                throws PolicyObjectNotFoundException,
                                       PolicyStoreException
Removes this principal from this appRoleName

Use this method when it is not possible to create a Principal representation of the principalEntry. Typically, this may arise if the Java class that implements the principalEntry is not in the current Class Path. For well known JpsPrincipal types, you must use the other version of this API that takes the Principal parameter.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "removePrincipalFromAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
principalEntry - - the principal to be removed
appRoleName - - the app role name
Throws:
PolicyObjectNotFoundException - - if this principal does not exist in this appRoleName
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principalEntry is null.

If either the Principal class name or the Principal name is null (or an empty String) in the PrincipalEntry, then the principalEntry is considered to be null.

getAllAppRoleEntries

java.util.List getAllAppRoleEntries()
                                    throws PolicyStoreException
Returns all app role entries
Returns:
- the list of all app role entries
Throws:
PolicyStoreException - - if there is an error during this operation

getAllGrantedAppRoleEntries

java.util.List getAllGrantedAppRoleEntries(java.security.Principal principal)
                                           throws PolicyStoreException
Returns all the granted app role entries for this principal where the principal is either a direct member or indirect member through other app roles.
Parameters:
principal - - the principal to find the granted app role for
Returns:
- the list of granted app role entries for this principal
Throws:
PolicyStoreException - - if there is an error during this operation

getGrantedAppRoles

java.util.List getGrantedAppRoles(java.security.Principal principal)
                                  throws PolicyStoreException
Returns all the granted app roles for this principal where the principal is a direct member of the App Role.
Parameters:
principal - - the principal to find the granted app role for
Returns:
- the list of granted app roles for this principal or null if there are no granted roles
Throws:
PolicyStoreException - - if there is an error during this operation

getAllGrantedAppRoles

java.util.List getAllGrantedAppRoles(java.security.Principal principal)
                                     throws PolicyStoreException
Returns all the granted app roles for this principal where the principal is either a direct member or indirect member through other app roles.
Parameters:
principal - - the principal to find the granted app role for
Returns:
- the list of granted app roles for this principal
Throws:
PolicyStoreException - - if there is an error during this operation

searchAppRoles

java.util.List searchAppRoles(java.lang.String appRoleName)
                              throws PolicyStoreException
This method searches application roles by an attribute role name.
Parameters:
appRoleName - This is the value for the above attribute.

The value can be a regular expression. The Regular Expression supports the '*' wildcard character. An example would be 'app*Role'.

Returns:
the List of AppRoleEntries or null if no matching roles found
Throws:
PolicyStoreException - if there is an underlying provider error.
java.lang.NullPointerException - if the application name is empty.

searchAppRoles

java.util.List searchAppRoles(java.lang.String roleAttrName,
                              java.lang.String roleAttrNameVal,
                              boolean inequality)
                              throws PolicyStoreException
This method searches application roles by an attribute and its value.
Parameters:
roleAttrName - Role attribute name to search by. Attribute name is case-insensitive.
roleAttrNameVal - This is the value for the above attribute.

The value can be a regular expression. The wild card character '*' is supported. An example would be 'user*defined*value'.

Attribute values are case-sensitive.

inequality - boolean value.
  • If inequality is true, then the application roles where the roleAttrName whose value is not equal to the roleAttrNameVal are returned.
  • If inequality is false, then the application roles where the roleAttrName whose value is equal to the roleAttrNameVal are returned.
  • The default value is FALSE
Returns:
the List of AppRoleEntries or null if no matching roles found
Throws:
PolicyStoreException - if there is an underlying provider error.
java.lang.IllegalArgumentException - if the roleAttrName is null, or the roleAttrNameVal is not a valid regular expression.
See Also:
for a list of valid attributes.

getAppRolesMembers

java.util.List getAppRolesMembers(java.lang.String appRoleName)
                                  throws PolicyObjectNotFoundException,
                                         PolicyStoreException
Returns the list of principals granted to this application role. This includes Application roles that are direct members of this role, but not Application Roles that are indirect members of this role.
Parameters:
appRoleName - - the application role name
Returns:
List of principals granted to this App role. Empty list if none granted this role.
Throws:
PolicyObjectNotFoundException - - if this appRoleName does not exist in policy store
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.

getAllAppRoles

java.util.List getAllAppRoles()
                              throws PolicyStoreException
Returns the list of all the application roles in this application context.
Returns:
the list of app roles
Throws:
PolicyStoreException - - if there is an error during this operation

alterAppRole

void alterAppRole(java.lang.String appRoleName,
                  java.lang.String newDescription,
                  java.lang.String newDisplayName)
                  throws PolicyObjectNotFoundException,
                         PolicyStoreException
Alters an application Role's display Name and description These paramters are not used to compare two application roles for similarity An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to Description or Display Name will replace previous Description/ Display Name with "null"

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "alterAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
appRoleName - - the app role name
newDescription - - new description of the app role
newDisplayName - - new display name of the app role
Throws:
PolicyObjectNotFoundException - - if this app role does not exist in policy store
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.

alterAppRoleCategory

void alterAppRoleCategory(java.lang.String appRoleName,
                          java.lang.String newCategory)
                          throws PolicyObjectNotFoundException,
                                 PolicyStoreException
Alters an application Role's category An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to category will replace previous category with "null"

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "alterAppRole"). This may result in an AccessControlException or SecurityException

Parameters:
appRoleName - - the app role name
newCategory - - new category of the app role
Throws:
PolicyObjectNotFoundException - - if this app role does not exist in policy store
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.

getApplicationName

java.lang.String getApplicationName()
Return the application Name
Returns:
app Name

getApplicationUniqueName

java.lang.String getApplicationUniqueName()
Return the application UniqueName
Returns:
app uniqueName

getApplicationDisplayName

java.lang.String getApplicationDisplayName()
Get the Application Display Name
Returns:
application display name

getApplicationDescription

java.lang.String getApplicationDescription()
Get the Application Description
Returns:
application descrption

setVersion

void setVersion(java.lang.String version)
Set the application version in memory. Supply null to remove the version. To persist the changes in the store, use PolicyStore.modifyApplicationPolicy(ApplicationPolicy) To prevent multiple threads from updating the version concurrently in the store for the same application, the method PolicyStore.modifyApplicationPolicy(ApplicationPolicy) should be called called immediately after this method.

getVersion

java.lang.String getVersion()
Returns the application version. Will return null if the application version is not available
Returns:
the application version. Will return null if the application version is not available

getEntityManager

EntityManager getEntityManager(java.lang.Class klass)
Get the entity manager.
Parameters:
klass - the interface class that extends an EntityManager
Returns:
An instance of the requested EntityManager

Skip navigation links

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services
11g Release 1 (11.1.1)
E14650-03
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2010, Oracle. All rights reserved.