|
Oracle® Data Integrator Java API Reference 11g Release 1 (11.1.1.6.0) E17060-03 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.odi.core.security.SecurityManager
public final class SecurityManager
This class implements Oracle Data Integrator operation related to security.
SecurityManager is obtained from an OdiInstance
by calling OdiInstance.getSecurityManager()
method. The SecurityManager class should be used to:
Here is a typical usage of SecurityManager to manage the Oracle Data Integrator Authentication:
OdiInstance odiInstance = ... // First create an Authentication object Authentication authentication = odiInstance.getSecurityManager().createAuthentication(username, password); try { // Bind the Authentication as the currently authenticated user for the SecurityManager and the current thread. odiInstance.getSecurityManager().setCurrentThreadAuthentication(authentication); try { ... use Oracle Data Integrator java APIs that requires to be authenticated here... } finally { // Unnind the Authentication for the current thread odiInstance.getSecurityManager().clearCurrentThreadAuthentication(); } } finally { // Close the authentication to release the attached resources. authentication.close(); }
Constructor Summary | |
---|---|
SecurityManager(OdiInstance pInstance) Internal: Constructs a new SecurityManager. |
Method Summary | |
---|---|
void |
checkPermission(IRepositoryEntity entity, PermissionType pPermissionType) This is a helper method to check the Permission on the current authentication. |
void |
checkPermission(Permission pPermission) This is a helper method to check the Permission on the current authentication. |
void |
clearCurrentThreadAuthentication() Unbind the Authentication currently bound to this SecurityManager and to the current thread. |
void |
clearGlobalAuthentication() Unbind the Authentication currently bound to this SecurityManager as global authentication. |
Authentication |
createAuthentication(java.lang.String pUsername, char[] pPassword) This method creates an ODI Authentication from a ODI user name and password. |
Authentication |
createAuthentication(java.lang.String pSupervisorUsername, char[] pSupervisorPassword, java.lang.String pRunAsUsername) This method creates an ODI Authentication using the runas pattern. |
Authentication |
createAuthentication(javax.security.auth.Subject pSubject) This method creates an ODI authentication from a previously authenticated Subject. |
java.util.Collection |
filterOnReadPermission(java.util.Collection pCollection) This methods returns a copy of pCollection in which the objects for which current authenticated user does not have PermissionType.READ permission have been filtered out. |
Authentication |
getCurrentAuthentication() Returns the Authentication that is currently bound to this SecurityManager and that will be used for privileges checking. |
boolean |
hasCurrentThreadAuthentication() Allows to check is there is currently an Authentication bound at thread level in this SecurityManager for the current thread. |
boolean |
hasGlobalAuthentication() Allows to check it there is an Authentication bound at global level on this security manager. |
boolean |
isAuthorized(IRepositoryEntity pEntity, PermissionType pPermissionType) Almost same as above method, but take in entity and permission type directly. |
boolean |
isAuthorized(Permission pPermission) This method checks if the Permission is authorized for the current authentication. |
boolean |
isUsingExternalAuthentication() This method returns true if the ODI Master repository to which the OdiInstance is connected is configured to use external authentication. |
void |
setAuthenticatedUserPassword(char[] pNewPassword) This method changes the password for the currently authenticated user. |
void |
setCurrentThreadAuthentication(Authentication pAuthentication) Set the current Authentication for the current thread. |
void |
setGlobalAuthentication(Authentication pAuthentication) Set pAuthentication as the current global Authentication for the current global thread. |
void |
setPassword(java.lang.String pUserName, char[] pNewPassword) This method will set the password for the specified user. |
void |
setPassword(java.lang.String pUserName, char[] pCurrentPassword, char[] pNewPassword) This method will change the password for the user named pUserName from pCurrentPassword to pNewPassword. |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SecurityManager(OdiInstance pInstance)
Note:This constructor is not intended to be used by SDK users and is only public for technical reason. SDK users should use method OdiInstance.getSecurityManager()
to obtain a SecurityManager
.
pInstance
- an OdiInstance object.Method Detail |
---|
public Authentication createAuthentication(java.lang.String pUsername, char[] pPassword) throws PasswordExpiredException, BadCredentialsException, AccountExpiredException, InvalidExternalAuthenticationConfiguration
Authentication
from a ODI user name and password.
If the master repository is configured to use internal authentication. The user name and password will be checked against the user population defined in the master repository. If user name and password are valid an ODI authentication will be created and returned.
If the master repository is configured to use external authentication. The user name and password will be first authenticated against the default OPSS LoginService defined in the OPSS configuration. If this first authentication step succeed the user name will be checked against the users registered in the ODI repository and create an Authentication if the user is registered.
Note: It is of caller responsibility to call the Authentication.close()
on the created Authentication to release resource when the Authentication
is not needed anymore.
Note: It is of caller responsibility to overwrite the content of the pPassword char array to remove the password from memory.
pUsername
- the name of the user to log inpPassword
- the password for this user.PasswordExpiredException
- this exception is raised if the password expired. This is only checked when internal authentication is used.AccountExpiredException
- this exception is raised if the ODI user account is expired in ODI repositoryBadCredentialsException
- This exception is raised when user name does not match a valid ODI user in this repository or if the password is not valid for this user.InvalidExternalAuthenticationConfiguration
- This exception is raised if we can't create the LoginContext for external authenticationAuthentication.close()
, createAuthentication(Subject)
, createAuthentication(String, char[], String)
public Authentication createAuthentication(javax.security.auth.Subject pSubject) throws BadCredentialsException
Note: This is an API for advanced users of the SDK. Most SDK User should use createAuthentication(String, char[])
method instead.
This method is typically useful in the case for J2EE applications relying on the J2EE container for authentication. The Subject has to be created using the OPSS framework. The Subject has to match a valid user in the ODI master repository. If one of this condition is not matched then a BadCredentialsException will be raised.
Note: It is of caller responsibility to call the Authentication.close()
on the created Authentication to release resource when the Authentication
is not needed anymore.
pSubject
- the OPSS subject to authenticate against ODIBadCredentialsException
- if pSubject is not valid for ODIAuthentication.close()
, createAuthentication(String, char[], String)
, createAuthentication(String, char[])
public Authentication createAuthentication(java.lang.String pSupervisorUsername, char[] pSupervisorPassword, java.lang.String pRunAsUsername) throws BadCredentialsException
Note: This is an API for advanced users of the SDK. Most SDK User should use createAuthentication(String, char[])
method instead.
This method will first check that the pSupervisorUsernmae and pSupervisorPassword match a SUPERVISOR user for ODI. Then it checks that the pRunAsUsername is a valid user and creates an authentication for it.
Note: It is of caller responsibility to overwrite the content of the pSupervisorPassword char array to remove the password from memory.
Note: It is of caller responsibility to call the Authentication.close()
on the created Authentication to release resource when the Authentication
is not needed anymore.
pSupervisorUsername
- the supervisor username.pSupervisorPassword
- the supervisor password.pRunAsUsername
- the user to run as.BadCredentialsException
- is raised if the pSupervisorUsernmae and pSupervisorPassword does not match a valid Supervisor user or if the pRunAsUsername does not match a valid user.Authentication.close()
, createAuthentication(Subject)
, createAuthentication(String, char[])
public void checkPermission(Permission pPermission) throws PermissionDeniedException, AuthenticationRequiredException
pPermission
- the permission to check.PermissionDeniedException
- if permission is denied.AuthenticationRequiredException
- if Authentication is missing.public void checkPermission(IRepositoryEntity entity, PermissionType pPermissionType) throws PermissionDeniedException, AuthenticationRequiredException
entity
- the enity object to check permission.pPermissionType
- the permission type to check.PermissionDeniedException
- if permission is denied.AuthenticationRequiredException
- if Authentication is missing.public boolean isAuthorized(Permission pPermission) throws AuthenticationRequiredException
pPermission
- the permission object to checkAuthenticationRequiredException
- if there is no current authenticationpublic boolean isAuthorized(IRepositoryEntity pEntity, PermissionType pPermissionType) throws AuthenticationRequiredException
pEntity
- is the ODI entity object to check permission.pPermissionType
- is the type of permission to check, such as READ, WRITE, GENERATE and EXECUTE etc.AuthenticationRequiredException
- if there is no current authenticationpublic void setCurrentThreadAuthentication(Authentication pAuthentication) throws InvalidAuthenticationAPIUsageException
pAuthentication
- an Authentication object specifying the current thread authentication valueInvalidAuthenticationAPIUsageException
- if there is already an Authentication bound at this thread level for this SecurityManager or if the pAuthentication is not created by this SecurityManager.getCurrentAuthentication()
, clearCurrentThreadAuthentication()
, hasCurrentThreadAuthentication()
public void clearCurrentThreadAuthentication() throws InvalidAuthenticationAPIUsageException
InvalidAuthenticationAPIUsageException
- if there is currently no Authentication bound to this current thread and SecurityManager.setCurrentThreadAuthentication(Authentication)
, hasCurrentThreadAuthentication()
public boolean hasCurrentThreadAuthentication()
setCurrentThreadAuthentication(Authentication)
, clearCurrentThreadAuthentication()
public void setGlobalAuthentication(Authentication pAuthentication) throws InvalidAuthenticationAPIUsageException
setCurrentThreadAuthentication(Authentication)
.pAuthentication
- an Authentication object specifying the global authentication valueInvalidAuthenticationAPIUsageException
- if there is already an Authentication bound as global Authentication for this SecurityManager or if this SecurityManager has not created this pAuthentication.clearGlobalAuthentication()
, getCurrentAuthentication()
, hasGlobalAuthentication()
public void clearGlobalAuthentication() throws InvalidAuthenticationAPIUsageException
InvalidAuthenticationAPIUsageException
- if there is currently no global Authentication bound to this SecurityManager.setGlobalAuthentication(Authentication)
, hasGlobalAuthentication()
public boolean hasGlobalAuthentication()
public Authentication getCurrentAuthentication()
Authentication
that is currently bound to this SecurityManager and that will be used for privileges checking.
setCurrentThreadAuthentication(Authentication)
). If so this thread level Authentication
is returned.setGlobalAuthentication(Authentication)
. If so this global Authentication
is returned.null
is returned.setCurrentThreadAuthentication(Authentication)
, setGlobalAuthentication(Authentication)
public void setPassword(java.lang.String pUserName, char[] pNewPassword) throws PasswordPolicyNotMatchedException, PermissionDeniedException
The authenticated user will require the SUPERVISOR privilege to execute the method otherwise a PermissionDeniedException will be raised. If the new password does not match the password policy defined in the ODI repository then a PasswordPolicyNotMatchedException will be raised.
pUserName
- the name of the user who changed the passwordpNewPassword
- the new passwordPermissionDeniedException
- if no current authentication found or if current authentication hasn't SUPERVISOR privilege.PasswordPolicyNotMatchedException
- if given password doesn't match password policy.public void setPassword(java.lang.String pUserName, char[] pCurrentPassword, char[] pNewPassword) throws PasswordPolicyNotMatchedException, PermissionDeniedException, BadCredentialsException
This method does not require a user to be authenticated to be used. It allows to change the password even if previous one has expired.
pUserName
- user namepCurrentPassword
- the previously defined passwordpNewPassword
- the new password to be setPermissionDeniedException
- if no current authentication found or if current authentication hasn't SUPERVISOR privilege.PasswordPolicyNotMatchedException
- if the pNewPassword does not match the password policy defined in the master repository.BadCredentialsException
- if the pUserName or pCurrentPassword are not valid.public void setAuthenticatedUserPassword(char[] pNewPassword) throws PasswordPolicyNotMatchedException, AuthenticationRequiredException
No specific privileges will be needed to call this method. If the new password does not match the password policy defined in the ODI repository then a PasswordPolicyNotMatchedException will be raised.
pNewPassword
- the new passwordAuthenticationRequiredException
- if there is no current Authentication for this security managerPasswordPolicyNotMatchedException
- if given password doesn't match password policypublic boolean isUsingExternalAuthentication()
public java.util.Collection filterOnReadPermission(java.util.Collection pCollection)
pCollection
in which the objects for which current authenticated user does not have PermissionType.READ
permission have been filtered out.pCollection
- Collection object returned by ODI SDK finder or ODI SDK navigation methods between entities e.g. from parent to children or from object to the referenced.object.
|
Oracle® Data Integrator Java API Reference 11g Release 1 (11.1.1.6.0) E17060-03 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |