com.bea.ales.management
Class Role

java.lang.Object
  |
  +--com.bea.ales.management.Role
public class Role
extends java.lang.Object

This class represents role.

Field Summary
static java.lang.String ROLE_DESCRIBTION
           
 
Method Summary
 void addDeniedRole(Role role)
          Add the role to excluded role list against this role.
 void addDeniedRoles(java.util.Collection roles)
          Add the set of roles to to excluded role list against this role.
 Role cloneTo(Role destination)
          Clone this role and all its children to be child of the destination role
 Role createChild(java.lang.String nodeName)
          Create the child role for this role.
 MembershipRule createMembershipRule(PolicyEffectType effect, java.lang.Object subject, java.lang.String constraint)
          Create the membership rule for this role.
 MembershipRule createMembershipRule(PolicyEffectType effect, Resource resource, java.lang.Object subject, User delegator, java.lang.String constraint)
          Create the new membership rule for this role
 void deleteChild(Role role)
          Delete the child role.
 RoleQueryResult getAncestors(java.lang.String filterString)
          Find all ancestors of this role that match the given filterString.
 AttributeElement getAttribute(java.lang.String name)
          Get the attribute from this role by the name.
 AttributeQueryResult getAttributes(int queryType)
          Get the attributes of this role.
 RoleQueryResult getChildren(int queryType, java.lang.String filterString)
          Find all the children of this role which matches the given filterString.
 java.util.Collection getDeniedRoles()
          Find all excluded roles against this role.
 java.lang.String getDescription()
          Get the description of the role
 java.lang.String getFullyQualifiedRoleName()
          Get the fully qualified name of this role
 MembershipRuleQueryResult getMembershipRules(PolicyEffectType effectType, java.util.List resources, java.util.List subjects, java.util.List delegators, java.lang.String constraintPattern, java.lang.String filterSearchOperator)
          Find membership rules according to the provided query criteria.
 java.lang.String getName()
          Get the name of this role
 Role getParent()
          Get the parent of this role.
 java.util.Collection getRolesDenyMe()
          get the set of roles that have this role in their denied roles list.
 void moveTo(Role destination)
          Move this role to be child of the destination role.
 void removeAttributeElement(AttributeElement attributeElement)
          Remove the given attribute from this role.
 void removeDeniedRole(Role role)
          Remove the role from the excluded role list against this role.
 void removeDeniedRoles(java.util.Collection rolesList)
          Remove the set of roles from the excluded role list against this role.
 void removeMembershipRule(MembershipRule rule)
           
 void removeMembershipRule(PolicyEffectType effect, Resource resource, java.lang.Object subject, User delegator, java.lang.String constraint)
          Remove the membership rule which matches the given parameters.
 void rename(java.lang.String newName)
          Rename the role with the given newName.
 void setAttributeValue(AttributeElement attribute)
          Set the attribute value to this role.
 void setDescription(java.lang.String description)
          Set the description of this role
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ROLE_DESCRIBTION

public static java.lang.String ROLE_DESCRIBTION
Method Detail

getName

public java.lang.String getName()
                         throws ManagementException
Get the name of this role

Returns:
the name of this role.

rename

public void rename(java.lang.String newName)
            throws ManagementException
Rename the role with the given newName.

Parameters:
newName - the new name desired.
Throws:
ManagementException - if the operation fails.

setAttributeValue

public void setAttributeValue(AttributeElement attribute)
                       throws ManagementException,
                              BadParameterException
Set the attribute value to this role.

Parameters:
attribute - The name of this passed in attribute is used to find attribute to be set of the role. The value of this passed in attribute is set to the value of the found attribute of the role.
Throws:
ManagementException - if the operation fails.
BadParameterException - if the parameter is not correct.

removeAttributeElement

public void removeAttributeElement(AttributeElement attributeElement)
                            throws ManagementException
Remove the given attribute from this role. This method removes the attribute which has the same name with the given attribute.

Parameters:
attribute - the attribute element to be removed.
Throws:
ManagementException - if the operation fails.
BadParameterException - if the parameter is not correct.

getAttribute

public AttributeElement getAttribute(java.lang.String name)
                              throws ManagementException
Get the attribute from this role by the name.

Parameters:
name - the name of attribute
Throws:
ManagementException - if the operation fails.

getAttributes

public AttributeQueryResult getAttributes(int queryType)
                                   throws ManagementException
Get the attributes of this role. The role attributes also contains the inherited attributes from the parent.

Parameters:
queryType - - One of:
  • QueryType.DIRECT - Direct attributes on this role.
  • QueryType.ALL - All attributes on this role, including inheritted and direct.
      QueryType.INHERITTED - Only the inheritted attributes of this role.
    Returns:
    the AttributeQueryResult object with all attributes found.
    Throws:
    ManagementException - if the operation fails.
    See Also:
    AttributeQueryResult

getDescription

public java.lang.String getDescription()
                                throws ManagementException
Get the description of the role

Returns:
a string description for the role
Throws:
ManagementException - if the operation fails

setDescription

public void setDescription(java.lang.String description)
                    throws ManagementException
Set the description of this role

Parameters:
description - the description to set
Throws:
ManagementException - if the operation fails

getParent

public Role getParent()
               throws ManagementException
Get the parent of this role.

Returns:
the parent of this role.
Throws:
ManagementException - if the operation fails.

getAncestors

public RoleQueryResult getAncestors(java.lang.String filterString)
                             throws ManagementException
Find all ancestors of this role that match the given filterString.

Returns:
the RoleQueryResult instance which contains all found roles.
Throws:
ManagementException - if the operation fails.

getMembershipRules

public MembershipRuleQueryResult getMembershipRules(PolicyEffectType effectType,
                                                    java.util.List resources,
                                                    java.util.List subjects,
                                                    java.util.List delegators,
                                                    java.lang.String constraintPattern,
                                                    java.lang.String filterSearchOperator)
                                             throws java.lang.IllegalArgumentException,
                                                    ManagementException
Find membership rules according to the provided query criteria.

Parameters:
effectType - One of possible values is GRANT, DENY, DELEGATE or ALL.
resources - list of resources as Resource. An empty or null list is allowed and will match any resource.
subjects - list of subjects. One of possible type of subject is User or Group. An empty or null list is allowed and will match any subject.
delegators - list of delegators as User. An empty or null list is allowed and will match any delegator. If the parameter filterSearchOperator is PoliciesManager.FILTER_OPERATOR_AND, the list can not have more than one item. Otherwise, an IllegalArgumentException will be thrown.
constraintPattern - constraint string. Unlike the other fields in the filter method, the constraint filed supports pattern matching, with the use of the * character. An empty or null value is allowed, and will match any constraint.
filterSearchOperator - one of: PoliciesManager.FILTER_OPERATOR_OR, PoliciesManager.FILTER_OPERATOR_AND
Returns:
the membership rules on this role which match the query criteria.
Throws:
ManagementException - if failed to find membership rules.

createMembershipRule

public MembershipRule createMembershipRule(PolicyEffectType effect,
                                           Resource resource,
                                           java.lang.Object subject,
                                           User delegator,
                                           java.lang.String constraint)
                                    throws java.lang.IllegalArgumentException,
                                           ManagementException
Create the new membership rule for this role

Parameters:
effect - effect of the membership rule. One of possible values is GRANT, DENY or DELEGATE. If it is null, an IllegalArgumentException will be thrown.
resource - resource of the membership rule. If it is null, an IllegalArgumentException will be thrown.
subject - subject of the membership rule. One of possible type of subject is User or Group. If it is null or incorrect type, an IllegalArgumentException will be thrown.
delegator - delegator of the membership rule. This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored. If it is null for delegate policy, an IllegalArgumentException will be thrown.
constraint - constraint of the membership rule. The constraint is a series of boolean operations over attribute values which can be used to further limit the applicability of membership rule.
Returns:
the new created membership rule.
Throws:
java.lang.IllegalArgumentException - if one of parameters is invalid.
ManagementException - if failed to create the membership rule.

createMembershipRule

public MembershipRule createMembershipRule(PolicyEffectType effect,
                                           java.lang.Object subject,
                                           java.lang.String constraint)
                                    throws java.lang.IllegalArgumentException,
                                           ManagementException
Create the membership rule for this role. This is convenient method to create the none delegate membership ship rule.

Parameters:
effect - effect of the membership rule. One of possible values is GRANT, DENY or DELEGATE. If it is null, an IllegalArgumentException will be thrown.
subject - subject of the membership rule. One of possible type of subject is User or Group. If it is null or incorrect type, an IllegalArgumentException will be thrown.
constraint - constraint of the membership rule. The constraint is a series of boolean operations over attribute values which can be used to further limit the applicability of membership rule.
Returns:
the new created membership rule.
Throws:
java.lang.IllegalArgumentException - if one of parameters is invalid.
ManagementException - if failed to create the membership rule.

removeMembershipRule

public void removeMembershipRule(PolicyEffectType effect,
                                 Resource resource,
                                 java.lang.Object subject,
                                 User delegator,
                                 java.lang.String constraint)
                          throws java.lang.IllegalArgumentException,
                                 ManagementException
Remove the membership rule which matches the given parameters. This method is used to rmove the membership rule which is composed of single role, resource and subject.

Parameters:
effect - effect of membership rule. One of possible values is GRANT, DENY or DELEGATE. If it is null, an IllegalArgumentException will be thrown.
resource - resource of the membership rule. If it is null, an IllegalArgumentException will be thrown.
subject - subject of the membership rule. One of possible type of subject is User or Group. If it is null or incorrect type, an IllegalArgumentException will be thrown.
delegator - delegator of the membership rule. This parameter is available only when the policy effect is DELEGATE, otherwise it is ignored. If it is null for delegate policy, an IllegalArgumentException will be thrown.
constraint - constraint of authorization policy. The constraint is a series of boolean operations over attribute values which can be used to further limit the applicability of the membership rule.
Throws:
java.lang.IllegalArgumentException - if one of parameters is invalid.
ManagementException - if failed to remove the membership rule.

removeMembershipRule

public void removeMembershipRule(MembershipRule rule)
                          throws ManagementException

getChildren

public RoleQueryResult getChildren(int queryType,
                                   java.lang.String filterString)
                            throws ManagementException
Find all the children of this role which matches the given filterString.

Parameters:
queryType - - One of:
  • QueryType.DIRECT - The direct children of this role
  • QueryType.ALL - All children of this role
filterString - the pattern the children matches.
Returns:
the RoleQueryResult instance which contains all children found.
Throws:
ManagementException - if the operation fails.

cloneTo

public Role cloneTo(Role destination)
             throws ManagementException,
                    java.lang.IllegalArgumentException
Clone this role and all its children to be child of the destination role

Parameters:
destination - the destination role to clone this role to.
Returns:
The new created cloned role.
Throws:
ManagementException - if the operation fails.
java.lang.IllegalArgumentException - if the parameter is not correct.

moveTo

public void moveTo(Role destination)
            throws ManagementException,
                   java.lang.IllegalArgumentException
Move this role to be child of the destination role.

Parameters:
destination - the destination role to be parent of this role.
Throws:
ManagementException - if the operation fails.
java.lang.IllegalArgumentException - if the parameter is not correct.

createChild

public Role createChild(java.lang.String nodeName)
                 throws ManagementException
Create the child role for this role.

Parameters:
nodeName - the name of the child role to create
Returns:
The new created child role.
Throws:
ManagementException - if the operation fails.

deleteChild

public void deleteChild(Role role)
                 throws ManagementException,
                        java.lang.IllegalArgumentException
Delete the child role.

Parameters:
role - the child role to delete
Throws:
ManagementException - if the operation fails.
java.lang.IllegalArgumentException - if the parameter is not correct.

getDeniedRoles

public java.util.Collection getDeniedRoles()
                                    throws ManagementException
Find all excluded roles against this role.

Returns:
the collection of roles which is excluded against this role.
Throws:
ManagementException - if the operation fails.

addDeniedRole

public void addDeniedRole(Role role)
                   throws ManagementException
Add the role to excluded role list against this role.

Parameters:
role - the role excluded against this role.
Throws:
ManagementException - if the operation fails.

addDeniedRoles

public void addDeniedRoles(java.util.Collection roles)
                    throws ManagementException
Add the set of roles to to excluded role list against this role.

Parameters:
roles - the set of roles excluded against this role.
Throws:
ManagementException - if the operation fails.

removeDeniedRole

public void removeDeniedRole(Role role)
                      throws ManagementException
Remove the role from the excluded role list against this role.

Parameters:
role - the role to be removed from theexcluded against this role.
Throws:
ManagementException - if the operation fails.

removeDeniedRoles

public void removeDeniedRoles(java.util.Collection rolesList)
                       throws ManagementException
Remove the set of roles from the excluded role list against this role.

Parameters:
role - the set of roles to be removed from theexcluded against this role.
Throws:
ManagementException - if the operation fails.

getRolesDenyMe

public java.util.Collection getRolesDenyMe()
                                    throws ManagementException
get the set of roles that have this role in their denied roles list.

Throws:
ManagementException - if the operation fails.

getFullyQualifiedRoleName

public java.lang.String getFullyQualifiedRoleName()
                                           throws ManagementException
Get the fully qualified name of this role

Returns:
the fully qualified name of this role.
Copyright © 2004-2008, Oracle and/or its affiliates. All rights reserved.