Skip navigation links

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware Management Java API Reference for Oracle Entitlements Server
11g Release 1 (11.1.1)
E22649-02 ESAPI
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.security.jps.service.policystore.search
Class GrantSearchQuery

java.lang.Object
  extended by oracle.security.jps.search.SearchQuery
      extended by oracle.security.jps.service.policystore.search.BaseSearchQuery
          extended by oracle.security.jps.service.policystore.search.GrantSearchQuery

public class GrantSearchQuery
extends BaseSearchQuery

A class to build search criterias to query Grants.

Following code snippet illustrates how to build a search criteria to search by the exact resource name

  query = new GrantSearchQuery(GrantSearchQuery.SEARCH_PROPERTY.RESOURCE_NAME, negation, ComparatorType.EQUALITY, "target", BaseSearchQuery.MATCHER.EXACT);

To build complex search criteria, construct simple queries first and then add them to a List of queries.

Consider the following example to search for Grants granted to an ApplicationRole called 'MyAdmin', and Resource Name is "wallet.sso". First, build 2 simple queries

 Principal myAdminPrincipal = applicationPolicy.searchAppRole("myAdmin").get(0).getPrincipal();
 q1 = new GrantSearchQuery(GrantSearchQuery.SEARCH_PROPERTY.PRINCIPAL, negation, ComparatorType.EQUALITY, myAdminPrincipal, BaseSearchQuery.MATCHER.EXACT);
 q2 = new GrantSearchQuery(GrantSearchQuery.SEARCH_PROPERTY.RESOURCE_NAME, negation, ComparatorType.EQUALITY, "wallet.sso", BaseSearchQuery.MATCHER.EXACT);

Next, join these two queries to create an and query:

  List<GrantSearchQuery> gsqList = new ArrayList<GrantSearchQuery>();
  gsqList.add(q1);
  gsqList.add(q2);
  negation = false;
  boolean isORMatch = false;
  GrantSearchQuery query = new GrantSearchQuery(gsqList, negation, isORMatch);

AND-ing certain search properties more than once with each other in the same query has certain connotations, and hence, it may not yield the expected results.

  1. RESOURCE_ACTIONS: A Permission cannot have two or more actions with different values. It is legal however to OR two or more actions.
  2. PRINCIPAL, PRINCIPAL_NAME, PRINCIPAL_ENTRY: In the same query, an AND of two or more PRINCIPALs implies a Composite Grantee. This is different from a Grantee with a single Principal.

NOTE: As the complexity of the query increases, the time taken to fetch the results from the store may increase.

Nested Class Summary
static class GrantSearchQuery.SEARCH_PROPERTY
           

 

Nested classes/interfaces inherited from class oracle.security.jps.search.SearchQuery
SearchQuery.MATCHER

 

Constructor Summary
GrantSearchQuery(GrantSearchQuery.SEARCH_PROPERTY property, boolean negation, ComparatorType operator, java.lang.Object valueObject, SearchQuery.MATCHER match)
          Constructor to build a GrantSearchQuery.
GrantSearchQuery(GrantSearchQuery.SEARCH_PROPERTY property, boolean negation, ComparatorType operator, java.lang.String value, SearchQuery.MATCHER match)
          Constructor to build a GrantSearchQuery.
GrantSearchQuery(java.util.List<GrantSearchQuery> queries, boolean negation, boolean isORMatch)
          Constructor

 

Method Summary
 void addBaseQuery(BaseSearchQuery query)
          Deprecated. 
 GrantSearchQuery.SEARCH_PROPERTY getSearchProperty()
           
 GrantSearchQuery[] getSearchQueryInOrder()
           

 

Methods inherited from class oracle.security.jps.service.policystore.search.BaseSearchQuery
getComparator, getQueries, toString

 

Methods inherited from class oracle.security.jps.search.SearchQuery
addBaseQuery, getBaseSearchQueryInOrder, getSearchByPropertyString, getSearchByValue, getSearchByValueObject, getSearchComparator, getSearchQueries, getSearchValueMatch, isANDMatch, isComplexQuery, isNegativeMatch, isORMatch

 

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

 

Constructor Detail

GrantSearchQuery

public GrantSearchQuery(GrantSearchQuery.SEARCH_PROPERTY property,
                        boolean negation,
                        ComparatorType operator,
                        java.lang.String value,
                        SearchQuery.MATCHER match)
Constructor to build a GrantSearchQuery.
Parameters:
property - SearchBy property.

For this constructor, the following Search property types are meaningful.

SEARCH_PROPERTY Value
PRINCIPAL_NAME Principal Name.
PERMISSIONSET_NAME PermissionSet Name
RESOURCETYPE_NAME Name of ResourceType
RESOURCE_NAME Name of Resource
ACTION Name of action.
negation - if true, the NOT of this query is evaluated.
operator - how should the values be compared
value - the String value to search by.

If value is null, then match must be ANY.

If value is non-null, this value is matched against the values to search for. The match algorithm is applied to values to search against.

match - how the value should match-ed with the values to search against. If match is null, an EXACT match is assumed. value should be non-null.

For performance reason, SEARCH_PROPERTY.PRINCIPAL_NAME and MATCHER.ANY will not be supported together. Otherwise, IllegalArgumentException will be thrown. Alternatively, you can use PolicyMgmt.getGrantEntries() instead to get all the GrantEntries.

GrantSearchQuery

public GrantSearchQuery(GrantSearchQuery.SEARCH_PROPERTY property,
                        boolean negation,
                        ComparatorType operator,
                        java.lang.Object valueObject,
                        SearchQuery.MATCHER match)
Constructor to build a GrantSearchQuery.
Parameters:
property - SearchBy property.

For this constructor, the following Search property types are meaningful.

SEARCH_PROPERTY Object of Class
PRINCIPAL java.security.Principal. An Exact match is always applied.
PRINCIPAL_ENTRY oracle.security.jps.service.policystore.info.PrincipalEntry. An Exact match is always applied.
negation - if true, the NOT of this query is evaluated.
operator - how should the values be compared
valueObject - the value to search by.

If value is null, then match must be ANY.

If value is non-null, this value is matched against the values to search for. The match algorithm is applied to values to search against.

match - how the value should match-ed with the values to search against. If match is null, an EXACT match is assumed. value should be non-null.

For performance reason, SEARCH_PROPERTY.PRINCIPAL_NAME and MATCHER.ANY will not be supported together. Otherwise, IllegalArgumentException will be thrown. Alternatively, you can use PolicyMgmt.getGrantEntries() instead to get all the GrantEntries.

GrantSearchQuery

public GrantSearchQuery(java.util.List<GrantSearchQuery> queries,
                        boolean negation,
                        boolean isORMatch)
Constructor
Parameters:
queries - child queries of this query. It is incorrect to supploy a query list of size 0.
negation - if true, the NOT of this query is evaluated.
isORMatch - if true the syntax among the child queries is 'OR', if false, the syntax among child queries is 'AND'

Method Detail

getSearchProperty

public GrantSearchQuery.SEARCH_PROPERTY getSearchProperty()

getSearchQueryInOrder

public GrantSearchQuery[] getSearchQueryInOrder()

addBaseQuery

@Deprecated
public void addBaseQuery(BaseSearchQuery query)
Deprecated. 

Skip navigation links

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware Management Java API Reference for Oracle Entitlements Server
11g Release 1 (11.1.1)
E22649-02 ESAPI
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2011, Oracle. All rights reserved.