com.bea.p13n.security.management.authentication
Class AtnSecurityMgmtHelper

java.lang.Object
  com.bea.p13n.security.management.authentication.AtnSecurityMgmtHelper

public class AtnSecurityMgmtHelper

extends Object

Provides helper methods for accessing security management classes, especially those used to manage SSPI providers.

Constructor Summary

AtnSecurityMgmtHelper()

Method Summary

static AtnProviderDescription	findProviderByName(String aDisplayName) Returns the configured SSPI authentication provider with a matching display name.
static AtnProviderDescription	findProviderByName(String aDisplayName, boolean getCachedMBean) Returns the configured SSPI authentication provider with a matching display name.
static AtnProviderDescription	findProviderByUniqueName(String aUniqueId) Returns the configured SSPI authentication provider with a matching unique id which is the concatenation of display name and version number.
static AtnProviderDescription	getDefaultProvider() Returns the default configured SSPI authentication provider.
static String	getDisallowedUserPattern() Returns the set of characters which are disallowed in the creation of user names.
static List	getProviders() Returns the list of currently configured SSPI authentication providers.
static String	getProviderUniqueName(String aDisplayName, String aVersion) Returns unique id of the provider which is the concatenation of display name and version number.
static boolean	isDeletableGroup(String aProviderDescription, String groupName) Checks whether the groupName specified is a protected group name or whether the groupName is a WLS special group name, neither of which will be allowed to be deleted.
static boolean	isMultiAtnProviderMode() Returns an indication of whether multiple authentication providers have been configured.
static boolean	isProtectedGroupName(String aProviderDescription, String groupName) Checks whether the groupName specified is an optional reserved group name or whether the groupName is a WLS special group name, neither of which will be allowed to be created by this provider.
static boolean	isProtectedUserName(String aProviderDescription, String userName) Checks whether the userName specified is a protected user name which willnot be allowed to be created by this provider.
static boolean	isReservedGroupName(String aProviderDescription, String groupName) Checks whether the groupName specified is an optional reserved group name which will not be allowed to be created by this provider.
static boolean	isReservedUserName(String aProviderDescription, String userName) Checks whether the userName specified is an optional reserved user name or whether the userName is a WLS special user name, neither of which will be allowed to be created by this provider.
static void	validateGroupCallerRole(String operationType, String targetUserName) Throws an exception if the caller is not in the proper role to perform the requested user management operation.
static void	validateUserCallerRole(String operationType, String targetUserName) Throws an exception if the caller is not in the proper role to perform the requested user management operation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AtnSecurityMgmtHelper

public AtnSecurityMgmtHelper()

Method Detail

findProviderByName

public static AtnProviderDescription findProviderByName(String aDisplayName)
                                                 throws ProviderMgmtException

Returns the configured SSPI authentication provider with a matching display name. Will return a cached reference which may be stale if the admin server has bounced.

Parameters:

aDisplayName - The name entered at the WLS console when creating a new authentication provider.

Returns:

AtnProviderDescription or null, if no matching provider found

Throws:

ProviderMgmtException

findProviderByName

public static AtnProviderDescription findProviderByName(String aDisplayName,
                                                        boolean getCachedMBean)
                                                 throws ProviderMgmtException

Returns the configured SSPI authentication provider with a matching display name. The getCachedMBean parameter can be used to force a refreshing of the provider MBean reference contained in the returned AtnProviderDescription. This is only necessary if it has been determined the admin server is down or has been cycled.

Parameters:

aDisplayName - The display name this provider is recognized by

getCachedMBean - If true, uses an existing reference to the provider

Returns:

AtnProviderDescription

Throws:

ProviderMgmtException

findProviderByUniqueName

public static AtnProviderDescription findProviderByUniqueName(String aUniqueId)
                                                       throws ProviderMgmtException

Returns the configured SSPI authentication provider with a matching unique id which is the concatenation of display name and version number.

Parameters:

aUniqueId - Concatenation of display name and version number

Returns:

AtnProviderDescription or null, if no matching provider found

Throws:

ProviderMgmtException

getDefaultProvider

public static AtnProviderDescription getDefaultProvider()
                                                 throws ProviderMgmtException

Returns the default configured SSPI authentication provider.

Returns:

default AtnProviderDescription

Throws:

ProviderMgmtException

getDisallowedUserPattern

public static String getDisallowedUserPattern()

Returns the set of characters which are disallowed in the creation of user names.

Returns:

disallowed chars

getProviders

public static List getProviders()
                         throws ProviderMgmtException

Returns the list of currently configured SSPI authentication providers.

Returns:

List of AtnProviderDescription objects

Throws:

ProviderMgmtException

getProviderUniqueName

public static String getProviderUniqueName(String aDisplayName,
                                           String aVersion)

Returns unique id of the provider which is the concatenation of display name and version number.

Parameters:

aDisplayName - The provider name

aVersion - The provider version

Returns:

unique id

isDeletableGroup

public static boolean isDeletableGroup(String aProviderDescription,
                                       String groupName)

Checks whether the groupName specified is a protected group name or whether the groupName is a WLS special group name, neither of which will be allowed to be deleted.

Parameters:

aProviderDescription - the string identifying this authentication provider in the properties file.

groupName - the group name to evaluate

Returns:

true if group name can be deleted, else false

isMultiAtnProviderMode

public static boolean isMultiAtnProviderMode()

Returns an indication of whether multiple authentication providers have been configured.

Returns:

True if more than one authentication provider is found, else false

isProtectedGroupName

public static boolean isProtectedGroupName(String aProviderDescription,
                                           String groupName)

Checks whether the groupName specified is an optional reserved group name or whether the groupName is a WLS special group name, neither of which will be allowed to be created by this provider.

Parameters:

aProviderDescription - the string identifying this authentication provider in the properties file.

groupName - the group name to evaluate

Returns:

List of Strings containing reserved user names

isProtectedUserName

public static boolean isProtectedUserName(String aProviderDescription,
                                          String userName)

Checks whether the userName specified is a protected user name which willnot be allowed to be created by this provider.

Parameters:

aProviderDescription - the string identifying this authentication provider in the properties file.

userName - the user name to evaluate

Returns:

true if userName is protecteds by provider else false

isReservedGroupName

public static boolean isReservedGroupName(String aProviderDescription,
                                          String groupName)

Checks whether the groupName specified is an optional reserved group name which will not be allowed to be created by this provider.

Parameters:

aProviderDescription - the string identifying this authentication provider in the properties file.

groupName - the group name to evaluate

Returns:

True if group name is reserved, otherwise false

Throws:

IllegalArgumentException

isReservedUserName

public static boolean isReservedUserName(String aProviderDescription,
                                         String userName)

Checks whether the userName specified is an optional reserved user name or whether the userName is a WLS special user name, neither of which will be allowed to be created by this provider.

Parameters:

aProviderDescription - the string identifying this authentication provider in the properties file.

userName - the user name to evaluate

Returns:

true if userName is reserved by provider, else false

validateGroupCallerRole

public static void validateGroupCallerRole(String operationType,
                                           String targetUserName)

Throws an exception if the caller is not in the proper role to perform the requested user management operation.

Throws:

SecurityException

validateUserCallerRole

public static void validateUserCallerRole(String operationType,
                                          String targetUserName)

Throws an exception if the caller is not in the proper role to perform the requested user management operation.

Throws:

SecurityException