Skip navigation links

oracle.security.jps.service.policystore.entitymanager
Interface PolicyManager

All Superinterfaces:

EntityManager

public interface PolicyManager

extends EntityManager

A class to hold CRUD methods of policy objects

Method Summary

PolicyEntry	createPolicy(java.lang.String name, java.lang.String displayName, java.lang.String description, PolicyRuleEntry rule, java.util.List<PrincipalEntry> principals, CodeSourceEntry cs, java.util.List<ResourceActionsEntry> resActs, java.util.List<java.lang.String> permissionSetNames, java.util.List<ObligationEntry> obligations, PolicyEntry.POLICY_SEMANTIC policySemantic) Creates a policy with the given parameters.
void	deletePolicy(java.lang.String name) Deletes a policy with the given name
java.util.List<PolicyEntry>	getPolicies(PolicySearchQuery query) Gets all policies which satisfy the query
PolicyEntry	getPolicy(java.lang.String name) Gets policy by its name
void	modifyPolicy(PolicyEntry policy) Persists a revised in-memory PolicyEntry object.

Methods inherited from interface oracle.security.jps.service.policystore.entitymanager.EntityManager

resolveReference

Method Detail

createPolicy

PolicyEntry createPolicy(java.lang.String name,
                         java.lang.String displayName,
                         java.lang.String description,
                         PolicyRuleEntry rule,
                         java.util.List<PrincipalEntry> principals,
                         CodeSourceEntry cs,
                         java.util.List<ResourceActionsEntry> resActs,
                         java.util.List<java.lang.String> permissionSetNames,
                         java.util.List<ObligationEntry> obligations,
                         PolicyEntry.POLICY_SEMANTIC policySemantic)
                         throws InvalidArgumentException,
                                PolicyObjectAlreadyExistsException,
                                PolicyObjectNotFoundException,
                                PolicyStoreException

Creates a policy with the given parameters. The following restrictions apply:

    cs and principals - one or both of these parameters must be specified.
    resActs and permissionSetNames - one or both of these parameters must be specified.
    

Policy also defines semantic that describes how specific principals should be handled:

    PRINCIPAL_AND_SEMANTIC  policy applies to a user if the user matches all principals listed in the policy.
    For example, if list of principals contains two roles, the user must be member of both roles for policy to apply
    PRINCIPAL_OR_SEMANTIC  policy applies to a user if the user matches at least on of principals listed in
    the policy. For example, if list of principals contains two roles, the user can be a member of at least
    one of these roles for policy to apply.
    

Parameters:

name - policy name, the parameter should not be null or empty string. A qualified name should start with a letter or underscore and consist of letter, digit and underscore.

displayName - policy display name, can be either a String value or null.

description - policy description, can be either a String value or null.

rule - PolicyRuleEntry object, the parameter should not be null.

principals - a list of PrincipalEntry object. If cs is null, then list of principals entries should contain at least one element.

cs - a CodeSourceEntry object.If principals is null, then code source entry should be defined.

resActs - a list of ResourceActionsEntry objects.If permissionSetNames is null, then the list of ResourceAcxtionEntries should contain at least one valid element.

permissionSetNames - a list of names of PermissionSetEntry objects.If resActs is null, then the list of PermissionSetNames should contain at least one non-null element.

obligations - a list of ObligationEntry objects, if null is passed in, just ignore it.

policySemantic - semantic of the policy that describes how principals specified in the policy should be handled:

    PRINCIPAL_AND_SEMANTIC  policy applies to a user if the user matches all principals listed in the policy.
    For example, if list of principals contains two roles, the user must be member of both roles for policy to apply.
    

    PRINCIPAL_OR_SEMANTIC  policy applies to a user if the user matches at least on of principals listed in
    the policy. For example, if list of principals contains two roles, the user can be a member of at least
    one of these roles for policy to apply.
    

Returns:

created PolicyEntry object.

Throws:

InvalidArgumentException - if the values passed in are invalid, throws out InvalidArgumentException, e.g. passing null value to one of name, rule, permSets, and principals parameters triggers the exception. Also thrown if policy contains ResourceAction(s) contain ResourceNameExpression with invalid java regex.

PolicyObjectAlreadyExistsException - if the same name policy exists, throws out PolicyObjectAlreadyExistsException.

PolicyObjectNotFoundException - if the policy components used don't exist, including permission set, function used in policy rule, attribute used in policy rule and obligation.

PolicyStoreException - if any internal status error, throws out PolicyStoreException.

deletePolicy

void deletePolicy(java.lang.String name)
                  throws InvalidArgumentException,
                         PolicyObjectNotFoundException,
                         PolicyStoreException

Deletes a policy with the given name

Parameters:

name - the name of the policy to be removed, the parameter should not be null or empty string. A qualified name should start with a letter or underscore and consist of letter, digit and underscore.

Throws:

InvalidArgumentException - if an invalid value is passed in, throws out InvalidArgumentException.

PolicyObjectNotFoundException - if the policy specified by name doesn't exist, throws out PolicyObjectNotFoundException.

PolicyStoreException - if any internal status error, throws out PolicyStoreException.

getPolicies

java.util.List<PolicyEntry> getPolicies(PolicySearchQuery query)
                                        throws InvalidArgumentException,
                                               PolicyStoreException

Gets all policies which satisfy the query

Parameters:

query - the query object which contains query criteria, please refer to PolicySearchQuery for detailed setting. The value shoud not be null.

Returns:

a list of policies which match the query criteria, if nothing found, return an empty list.

Throws:

InvalidArgumentException - the exception is reserved for future use.

PolicyStoreException - if any internal status error, throws out PolicyStoreException.

getPolicy

PolicyEntry getPolicy(java.lang.String name)
                      throws InvalidArgumentException,
                             PolicyObjectNotFoundException,
                             PolicyStoreException

Gets policy by its name

Parameters:

name - policy name, the parameter should not be null or empty string. A qualified name should start with a letter or underscore and consist of letter, digit and underscore.

Returns:

the matched policy with the given name

Throws:

InvalidArgumentException - if an invaid value is passed in, throws out InvalidArgumentException.

PolicyObjectNotFoundException - if the specified policy doesn't exist.

PolicyStoreException - if any internal status error, throws out PolicyStoreException.

modifyPolicy

void modifyPolicy(PolicyEntry policy)
                  throws InvalidArgumentException,
                         PolicyObjectNotFoundException,
                         PolicyStoreException

Persists a revised in-memory PolicyEntry object. In order to change a policy, you have to apply the changes on an in-memory object, and then pass the object to the method.

Parameters:

policy - a modified policy object

Throws:

InvalidArgumentException - if null is passed in or the policy object lacks any of name, policy rule, permission set, principal. Also thrown if added ResourceAction(s) contain ResourceNameExpression with invalid java regex.

PolicyObjectNotFoundException - if the policy doesn't exist in policy repository, or the policy components used don't exist, including permission set, function used in policy rule, attribute used in policy rule and obligation.

PolicyStoreException - if any internal status error, throws out PolicyStoreException.

Skip navigation links