|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.bea.ales.management.PoliciesManager
This class manage authorization policies and membership rules. It provides methods to create, remove and find authorization policies and membership rules.
Field Summary | |
static java.lang.String |
FILTER_OPERATOR_AND
Specifies a filter search operator of AND. |
static java.lang.String |
FILTER_OPERATOR_OR
Specifies a filter search operator of OR. |
Method Summary | |
AuthorizationPolicy |
createAuthorizationPolicy(PolicyEffectType effect,
Action action,
Resource resource,
java.lang.Object subject,
User delegator,
java.lang.String constraint)
Create a new authorization policy with single action, resource and subject. |
AuthorizationPolicy |
createAuthorizationPolicy(PolicyEffectType effect,
java.util.List actions,
java.util.List resources,
java.util.List subjects,
User delegator,
java.lang.String constraint)
Create a new authorization policy with one or more actions, resources and subjects. |
MembershipRule |
createMembershipRule(PolicyEffectType effect,
java.util.List roles,
java.util.List resources,
java.util.List subjects,
User delegator,
java.lang.String constraint)
Create a new membership rule with one or more roles, resources and subjects. |
MembershipRule |
createMembershipRule(PolicyEffectType effect,
Role role,
Resource resource,
java.lang.Object subject,
User delegator,
java.lang.String constraint)
Create the new membership rule with single role, resource and subject. |
void |
deleteQuery(PolicyQuery policyQuery)
Delete the policy query. |
AuthorizationPolicyQueryResult |
getAuthorizationPolicies(PolicyEffectType effectType,
java.util.List actions,
java.util.List resources,
java.util.List subjects,
java.util.List delegators,
java.lang.String constraintPattern,
java.lang.String filterSearchOperator)
Find authorization policies which match the given query criteria. |
AuthorizationPolicy |
getAuthorizationPolicy(PolicyEffectType effect,
java.util.List actions,
java.util.List resources,
java.util.List subjects,
User delegator,
java.lang.String constraint)
Find the existing authorization policy which matches exactly all given parameters. |
MembershipRule |
getMembershipRule(PolicyEffectType effect,
java.util.List roles,
java.util.List resources,
java.util.List subjects,
User delegator,
java.lang.String constraint)
Find the existing membership rule which matches exactly all given parameters. |
MembershipRuleQueryResult |
getMembershipRules(PolicyEffectType effectType,
java.util.List roles,
java.util.List resources,
java.util.List subjects,
java.util.List delegators,
java.lang.String constraintPattern,
java.lang.String filterSearchOperator)
Find membership rules which match the given query criteria.. |
java.util.Collection |
listAllQueries(PolicyType policyType)
Find all policy queries with the specific type. |
java.util.Collection |
listQueries(PolicyType policyType,
java.lang.String owner)
Find all policy queries created by the specific user. |
void |
removeAuthorizationPolicy(AuthorizationPolicy authorizationPolicy)
Remove the authorization policy. |
void |
removeAuthorizationPolicy(PolicyEffectType effect,
Action action,
Resource resource,
java.lang.Object subject,
User delegator,
java.lang.String constraint)
Remove an authorization policy which matches accurately all parameters passed in. |
void |
removeAuthorizationPolicy(PolicyEffectType effect,
java.util.List actions,
java.util.List resources,
java.util.List subjects,
User delegator,
java.lang.String constraint)
Remove the authorization policy which matches exactly all given parameters. |
void |
removeMembershipRule(MembershipRule membershipRule)
Remove the membership rule. |
void |
removeMembershipRule(PolicyEffectType effect,
java.util.List roles,
java.util.List resources,
java.util.List subjects,
User delegator,
java.lang.String constraint)
Remove the membership rule which matches accurately all given parameters. |
void |
removeMembershipRule(PolicyEffectType effect,
Role role,
Resource resource,
java.lang.Object subject,
User delegator,
java.lang.String constraint)
Remove the membership rule which matches accurately all given parameters. |
void |
saveQuery(PolicyQuery policyQuery,
boolean overwrite)
Save the policy query if the query does not exist, or modifies the existing policy query if the query already exists. |
Methods inherited from class java.lang.Object |
equals,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Field Detail |
public static final java.lang.String FILTER_OPERATOR_OR
public static final java.lang.String FILTER_OPERATOR_AND
Method Detail |
public AuthorizationPolicy createAuthorizationPolicy(PolicyEffectType effect, java.util.List actions, java.util.List resources, java.util.List subjects, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of the authorization policy.
One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.actions
- list of actions as Action
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.resources
- list of resource as Resource
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.subjects
- list of subjects.
If the list is null or empty, an IllegalArgumentException will be thrown.
One of possible type of subject is User
, Group
or Role
.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.delegator
- delegator of the authorization policy.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of the authorization.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of the authorization policy.public AuthorizationPolicy createAuthorizationPolicy(PolicyEffectType effect, Action action, Resource resource, java.lang.Object subject, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of the authorization policy.
One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.action
- action of the authorization policy.
If it is null, an IllegalArgumentException will be thrown.resource
- resource of the authorization policy.
If it is null, an IllegalArgumentException will be thrown.subject
- subject of the authorization policy.
One of possible type of subject is User
,
Group
or Role
.
If it is null or incorrect type, an IllegalArgumentException will be thrown.delegator
- delegator of the authorization policy.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of the authorization.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of the authorization policy.public MembershipRule createMembershipRule(PolicyEffectType effect, java.util.List roles, java.util.List resources, java.util.List subjects, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of the membership rule.
One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.roles
- list of roles as com.bea.ales.management.RBAC_Role
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.resources
- list of resources as Resource
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.subjects
- list of subjects.
If the list is null or empty, an IllegalArgumentException will be thrown.
One of possible type of subject is User
or Group
.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.delegator
- delegator of the membership rule.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of the membership rule.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of membership rule.public MembershipRule createMembershipRule(PolicyEffectType effect, Role role, Resource resource, java.lang.Object subject, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of the membership rule.
One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.role
- role of the membership rule.
If it is null, an IllegalArgumentException will be thrown.resource
- resource of the membership rule.
If it is null, an IllegalArgumentException will be thrown.subject
- subject of the membership rule.
One of possible type of subject is User
or Group
.
If it is null or incorrect type, an IllegalArgumentException will be thrown.delegator
- delegator of the membership rule.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of the membership rule.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of membership rule.public AuthorizationPolicy getAuthorizationPolicy(PolicyEffectType effect, java.util.List actions, java.util.List resources, java.util.List subjects, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of authorization policy. One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.actions
- list of actions as Action
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.resources
- list of resources as Resource
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.subjects
- list of subjects.
If the list is null or empty, an IllegalArgumentException will be thrown.
One of possible type of subject is User
, Group
or com.bea.ales.management.RBAC_Role
.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.delegator
- delegator of authorization policy.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of authorization policy.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of authorization policy.public AuthorizationPolicyQueryResult getAuthorizationPolicies(PolicyEffectType effectType, java.util.List actions, java.util.List resources, java.util.List subjects, java.util.List delegators, java.lang.String constraintPattern, java.lang.String filterSearchOperator) throws java.lang.IllegalArgumentException, ManagementException
effectType
- One of possible values is GRANT, DENY, DELEGATE or ALL.actions
- list of actions names as Action
.
An empty or null list is allowed and will match any action.resources
- list of resources as Resource
.
An empty or null list is allowed and will match any resource.subjects
- list of subjects.
One of possible type of subject is User
,
Group
or Role
.
An empty or null list is allowed and will match any subject.delegators
- list of delegators as User
.
An empty or null list is allowed and will match any delegator.
If the parameter filterSearchOperator is PoliciesManager.FILTER_OPERATOR_AND, the list can not have more than one item.
Otherwise, an IllegalArgumentException will be thrown.constraintPattern
- constraint string. Unlike the other fields in the filter method,
the constraint filed supports pattern matching, with the use of the * character.
An empty or null value is allowed, and will match any constraint.filterSearchOperator
- one of: PoliciesManager.FILTER_OPERATOR_OR, PoliciesManager.FILTER_OPERATOR_ANDpublic MembershipRule getMembershipRule(PolicyEffectType effect, java.util.List roles, java.util.List resources, java.util.List subjects, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of membership rule.
One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.roles
- list of roles as com.bea.ales.management.RBAC_Role
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.resources
- list of resources as Resource
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.subjects
- list of subjects.
If the list is null or empty, an IllegalArgumentException will be thrown.
One of possible type of subject is User
or Group
.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.delegator
- delegator of the membership rule.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of authorization policy.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of the membership rule.public MembershipRuleQueryResult getMembershipRules(PolicyEffectType effectType, java.util.List roles, java.util.List resources, java.util.List subjects, java.util.List delegators, java.lang.String constraintPattern, java.lang.String filterSearchOperator) throws java.lang.IllegalArgumentException, ManagementException
effectType
- One of possible values is GRANT, DENY, DELEGATE or ALL.roles
- list of actions names as com.bea.ales.management.RBAC_Role
.
An empty or null list is allowed and will match any role.resources
- list of resources as Resource
.
An empty or null list is allowed and will match any resource.subjects
- list of subjects.
One of possible type of subject is User
or Group
.
An empty or null list is allowed and will match any subject.delegators
- list of delegators as User
.
An empty or null list is allowed and will match any delegator.
If the parameter filterSearchOperator is PoliciesManager.FILTER_OPERATOR_AND, the list can not have more than one item.
Otherwise, an IllegalArgumentException will be thrown.constraintPattern
- constraint string. Unlike the other fields in the filter method,
the constraint filed supports pattern matching, with the use of the * character.
An empty or null value is allowed, and will match any constraint.filterSearchOperator
- one of: PoliciesManager.FILTER_OPERATOR_OR, PoliciesManager.FILTER_OPERATOR_ANDpublic void removeAuthorizationPolicy(PolicyEffectType effect, java.util.List actions, java.util.List resources, java.util.List subjects, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of authorization policy.
One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.actions
- list of actions as Action
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.resources
- list of resources as Resource
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.subjects
- list of subjects.
If the list is null or empty, an IllegalArgumentException will be thrown.
One of possible type of subject is User
, Group
or com.bea.ales.management.RBAC_Role
.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.delegator
- delegator of authorization policy.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of authorization policy.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of authorization policy.public void removeAuthorizationPolicy(PolicyEffectType effect, Action action, Resource resource, java.lang.Object subject, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of authorization policy.
One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.action
- action of authorization policy.
If it is null, an IllegalArgumentException will be thrown.resource
- resource of authorization policy.
If it is null, an IllegalArgumentException will be thrown.subject
- subject of authorization policy.
One of possible type of subject is User
, Group
or Role
.
If it is null or its type is incorrect, an IllegalArgumentException will be thrown.delegator
- delegator of authorization policy.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of authorization policy.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of authorization policy.public void removeAuthorizationPolicy(AuthorizationPolicy authorizationPolicy) throws java.lang.IllegalArgumentException, ManagementException
authorizationPolicy
- the authorization policy to be removed.public void removeMembershipRule(PolicyEffectType effect, java.util.List roles, java.util.List resources, java.util.List subjects, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of membership rule.
One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.roles
- list of roles as com.bea.ales.management.RBAC_Role
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.resources
- list of resources as Resource
.
If the list is null or empty, an IllegalArgumentException will be thrown.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.subjects
- list of subjects.
If the list is null or empty, an IllegalArgumentException will be thrown.
One of possible type of subject is User
or Group
.
If the element of list is null or its type is incorrect, an IllegalArgumentException will be thrown.delegator
- delegator of the membership rule.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of authorization policy.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of the membership rule.public void removeMembershipRule(PolicyEffectType effect, Role role, Resource resource, java.lang.Object subject, User delegator, java.lang.String constraint) throws java.lang.IllegalArgumentException, ManagementException
effect
- effect of membership rule.
One of possible values is GRANT, DENY or DELEGATE.
If it is null, an IllegalArgumentException will be thrown.role
- role of membership rule.
If it is null, an IllegalArgumentException will be thrown.resource
- resource of the membership rule.
If it is null, an IllegalArgumentException will be thrown.subject
- subject of the membership rule.
One of possible type of subject is User
or Group
.
If it is null or incorrect type, an IllegalArgumentException will be thrown.delegator
- delegator of the membership rule.
This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored.
If it is null for delegate policy, an IllegalArgumentException will be thrown.constraint
- constraint of authorization policy.
The constraint is a series of boolean operations over attribute values
which can be used to further limit the applicability of the membership rule.public void removeMembershipRule(MembershipRule membershipRule) throws java.lang.IllegalArgumentException, ManagementException
membershipRule
- the membership rule to be removed.public java.util.Collection listAllQueries(PolicyType policyType) throws ManagementException
policyType
- policy type.
one of possible values is PolicyType.AUTHORIZATION_POLICY or PolicyType.MEMBERSHIP_RULE.
If it is null, both types of policy queries will be returned.PolicyQuery
.public java.util.Collection listQueries(PolicyType policyType, java.lang.String owner) throws java.lang.IllegalArgumentException, ManagementException
policyType
- policy type.
one of possible values is PolicyType.AUTHORIZATION_POLICY or PolicyType.MEMBERSHIP_RULE.
If it is null, both types of policy queries will be returned.owner
- the user who creates policy queries.
It is a qualified name, like "//user/asi/system/".
If it is null, an IllegalArgumentException will be returned.PolicyQuery
.public void deleteQuery(PolicyQuery policyQuery) throws java.lang.IllegalArgumentException, ManagementException
policyQuery
- the policy query to be deleted.public void saveQuery(PolicyQuery policyQuery, boolean overwrite) throws java.lang.IllegalArgumentException, ManagementException
policyQuery
- the policy query to be saved or modified.overwrite
- true if overwriting the existing policy query is wanted, false if not.
|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |