|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
public interface CSSAPIIF
This interface provides API's for:
Note that only a subset of API's will work in Fusion/JPS mode.
In EPM mode searchOrder that is specified in the associated
configuration is used to determine the sequence in which the plugged-in
providers are called to get to the information requested. Note: Unless
specified otherwise the switch from one provider to another in the search
order would take place only if the first provider does not return anything.
Sample use of the application:
<code>
Map context = new HashMap(5);
context.put(CSSAPIIF.LOCALE, new Locale("en", "US"));
String logPath = "<ORACLE_INSTANCE>/diagnostics/logs/";
CSSSystem instance = CSSSystem.getInstance(context, logPath);
CSSAPIIF css = instance.getCSSAPI();
// Host information (IP address/Host Name) is required for Auditing.
context.put(CSSAPIIF.HOST_INFO, "host1.hyperion.com");
try
{
CSSUserIF user = css.authenticate(context, "user", "password");
}
catch (CSSTokenNotAvailableException tNAE)
{
// log this
// check message and error code for more info
// try again
}
catch (CSSAuthenticationException aE)
{
// Unable to authenticate
// check credentials
// check message and error code for more info
// log this
}
catch (CSSIllegalArgumentException iAE)
{
// check arguments and correct them according to the contract
// check message and error code for more info
// try again
}
catch (CSSNoProviderException nPE)
{
// CSS was unable to launch a provider
// that was requested in the provider entry in the context
// check message and error code for more info
// check and try again
// log this
}
catch (CSSInvalidIdentityException iIE)
{
// Unable to use the identity passed in the token
// log this
}
catch (CSSTokenNotAcceptedException tNAcceptedE)
{
// the token passed in is not valid
// log this
}
catch (CSSException e)
{
// Any other abnormality
// check message and error code for more info
// log this
}
</code>
In EPM mode to override the search order, the specification of the provider in the input is supported through the following syntax:
entryName@ProviderName
Here, entryName could be a userName or a
groupName. The ProviderName specifies the name of
the provider as determined in the Configuration settings. The
@ProviderName syntax is not supported in the Fusion/JPS mode.
Some EPM mode examples:
The getUsers(context, name) is to be called with a
name parameter to get user/s that have that name. Passing
null is not accepted and would not return all the users. The
search operation stops at the first provider wherein the match can be made.
You can use wildcards such as '*' for the userName parameter. In
this case users would be returned in the order of directories that is
specified by the search order.
You could retreive all users on a provider by specifying "*@providerName"
The getGroups(context, groupName) can be called with the
wildcard * for groupName to get all the groups from
the first provider in the search order. If there are no matches then the
control flows over to the subsequent provider and so on. In this case it
would go by the search order.
To get all groups from a particular provider, specify
"*@providerName".
This follows the "groupName@providerName" syntax. You can also
have wildcards such as "GA*@providerName" for the
groupName parameter.
This class is classified as thread safe.
| Field Summary | |
|---|---|
static java.lang.String |
ACCESS_TYPE_MANAGE
Constant that holds the flag determining that the MANAGE type of access is requested on specified API call. |
static java.lang.String |
ACCESS_TYPE_VIEW
Constant that holds the flag determining that the VIEW type of access is requested on specified API call. |
static int |
APPID_IS_EQUAL
|
static int |
APPID_IS_NOTEQUAL
|
static int |
APPID_IS_NULL
|
static java.lang.String |
APPLICATION_NAME
Constant that holds the Application or Product Name of the EPM product. |
static java.lang.String |
APPLICATION_ROLES_ONLY
This constant is used in CSSUserProvisioningAPIIF.getRolesForUserInApplication(java.util.Map, com.hyperion.css.common.CSSPrincipalIF, java.lang.String, java.lang.String, boolean) and
CSSUserProvisioningAPIIF.getRolesForGroupInApplication(java.util.Map, com.hyperion.css.common.CSSPrincipalIF, java.lang.String, java.lang.String, boolean) not to
return child roles for the directly provisioned roles. |
static java.lang.String |
AUTO_DETECT
Constant that directs CSS to query the web application container for the currently authenticated user. |
static java.lang.String |
DELEGATEDMODE_SHOW_ALL
|
static java.lang.String |
DEPLOYMENT_METADATA_APP_ID
|
static java.lang.String |
DIRECT_ROLE_ONLY
Constant that holds the type specified for the NATIVE provider. |
static java.lang.String |
ENTITY_DEACTIVATE
Constant that holds the name of the property for specifying the that the user or group entity needs to be deactivated or a deactivated user and group is to be retreived. |
static java.lang.String |
ENTRY_TYPE_GROUP
Constant that holds type of the entry. |
static java.lang.String |
ENTRY_TYPE_OTHER
Constant that holds the type of the entry. |
static java.lang.String |
ENTRY_TYPE_ROLE
Constant that holds type of the entry. |
static java.lang.String |
ENTRY_TYPE_USER
Constant that holds the type of the entry. |
static java.lang.String |
EPMA_APPLICATION_ID
Constant for EPMA Application ID. |
static java.lang.String |
ESCAPE_AUTH_FILTER
|
static java.lang.String |
FORCE_DEPENDENCY_CHECK
Constant that holds the flag deciding whether Native Directory active check is to be done during intialialization. |
static java.lang.String |
HOST_INFO
Constant that holds the name of the property for specifying the Host Name or IP Address of the machine that user is logging in from. |
static java.lang.String |
HTTP_SERVLET_REQUEST
Constant that holds the name of the property for specifying the HTTP Servlet Request object. |
static java.lang.String |
HUB_ADMINISTRATOR_IDENTITY
Constant that holds the seeded Hyperion Shared Services administrator identity. |
static java.lang.String |
HUB_APP_NAME
added HUB project name and application name constants to use in LCM |
static java.lang.String |
HUB_APPLICATION_ID
Constant that holds the Hyperion Shared Services Application Id. |
static java.lang.String |
HUB_PROJECT
Constant that is used to specify that the project is the Hub
(Shared Services) Project. |
static java.lang.String |
HUB_PROJECT_NAME
|
static java.lang.String |
IDENTITY_USER
Constant that holds the name of the property for specifying the identity for a user. |
static java.lang.String |
IE_DELEGATED_MODE
|
static java.lang.String |
IGNORE_APPLICATION_VALIDATION
This constant is used in CSSUserProvisioningAPIIF.setRolesList(java.util.Map, com.hyperion.css.common.CSSPrincipalIF, java.lang.String, java.lang.String[], java.lang.String, boolean) and
to ignore the application instance check. |
static java.lang.String |
IGNORE_COMMUNICATION_EXCEPTION
Constant that holds the name of the property for specifying the interest in not recieving the CSSCommunicationException. |
static java.lang.String |
JPS_SUBJECT
Constant having the key that can be used to retrieve the JPS Subject from a CSS User object. |
static java.lang.String |
KERBEROS_LOGIN_NAME
|
static java.lang.String |
LOCALE
Constant that holds the property that specifies the name of the Locale. |
static java.lang.String |
LOG_PREPEND_TEXT
Constant that holds the the name of the property that specifies the text message to be prepended to the log messages. |
static java.lang.String |
LOGIN_NAME
Constant that holds the name of the property for specifying the user name. |
static java.lang.String |
LOGIN_PROJECT_ID
Constant that holds the project name for the login API. |
static java.lang.String |
NATIVE_PROVIDER_NAME
A constant for the native provider. |
static java.lang.String |
NATIVE_PROVIDER_TYPE
A constant for the native provider type. |
static java.lang.String |
OBJECT_ID
Constant that holds the property that specifies the name of the object id. |
static java.lang.String |
PASSWORD
Constant that holds the name of the property for specifying the password. |
static java.lang.String |
PREFIX_TO_APP_LOGGER
Constant that holds the prefix to the Application Logger that is invoked throught the CSSApplicationIF.log(String) method. |
static java.lang.String |
PROVIDER_NAME
Constant that holds the name of the property for specifying the provider to be used. |
static java.lang.String |
PROVIDER_REQUEST
Constant that holds the name of the property for specifying the provider URL that an entry belongs to. |
static java.lang.String |
PROVIDER_TYPE
Constant that holds the name of the property for specifying the provider type to be used. |
static java.lang.String |
PROVIDER_TYPE_CUSTOM
Constant that holds the type specified for the custom provider. |
static java.lang.String |
PROVIDER_TYPE_DATABASE
Constant that holds the type specified for the DB provider. |
static java.lang.String |
PROVIDER_TYPE_LDAP
Constant that holds the type specified for the LDAP provider. |
static java.lang.String |
PROVIDER_TYPE_MSAD
Constant that holds the type specified for the MSAD provider. |
static java.lang.String |
PROVIDER_TYPE_NATIVE
Constant that holds the type specified for the NATIVE provider. |
static java.lang.String |
PROVIDER_TYPE_SAP
Constant that holds the type specified for the SAP provider. |
static java.lang.String |
PRP_CACHE_SCHEME_ABORTCACHING
Constant that holds the name of the property for disabling the the CSS configuration caching scheme. |
static java.lang.String |
PRP_CACHE_SCHEME_CACHE_PATH
Constant that holds the name of the property for specifying the cache directory to use for the CSS configuration caching scheme. |
static java.lang.String |
PRP_CACHE_SCHEME_LOCK_PORT
Constant that holds the name of the property for specifying the local port CSS should use for its file locking scheme. |
static java.lang.String |
PRP_NATIVE_PROVIDER_TRANSPORT_COMPRESSION
Constant that holds the name of the property for specifying native provider transport compression. |
static java.lang.String |
PRP_NATIVE_PROVIDER_TRANSPORT_ENABLE
Constant that holds the name of the property to enable and disable the native provider RPC transport. |
static java.lang.String |
QUERY_LIMIT
Constant that holds the name of the property for specifiying that the scope of the query should be limited. |
static java.lang.String |
RESULT_COUNT_LIMIT
Constant that holds the name of the property for specifying the number of results to be returned for an API call. |
static java.lang.String |
RETURN_HIERARCHY
Constant that holds the name of the property for specifiying that the "memberOf" relationships are to be returned. |
static java.lang.String |
ROLE_ADMINISTRATOR_IDENTITY
Constant that holds the Administrator role identity. |
static java.lang.String |
ROLE_ANALYTIC_SERVICES_APPLICATION_CREATOR_IDENTITY
Constant that holds the Analytic Services Application Creator role identity. |
static java.lang.String |
ROLE_APPLICATION_CREATOR_IDENTITY
Constant that holds the Application Creator role identity. |
static java.lang.String |
ROLE_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY
Constant that holds the Calculation Manager Administrator role identity. |
static java.lang.String |
ROLE_CREATE_INTEGRATIONS_IDENTITY
Constant that holds the Create Integrations role identity. |
static java.lang.String |
ROLE_DIMENSION_EDITOR_IDENTITY
Constant that holds the Dimension Editor role identity. |
static java.lang.String |
ROLE_DIRECTORY_MANAGER_IDENTITY
Constant that holds the Directory Manager role identity. |
static java.lang.String |
ROLE_EPMA_ADMINISTRATOR_IDENTITY
Constant that holds the EPMA Administrator role identity. |
static java.lang.String |
ROLE_FINANCIAL_MANAGEMENT_APPLICATION_CREATOR_IDENTITY
Constant that holds the Financial Management Application Creator role identity. |
static java.lang.String |
ROLE_FINANCIAL_MANAGEMENT_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY
Constant that holds the Financial Management Calculation Manager Administrator role identity. |
static java.lang.String |
ROLE_LCM_ADMINISTRATOR_IDENTITY
Constant that holds the LCM Administrator role identity. |
static java.lang.String |
ROLE_MANAGE_MODELS_UNIQUE_ID
Constant that holds the Manage Model role Unique ID. |
static java.lang.String |
ROLE_MANAGE_TASKFLOWS_IDENTITY
Constant that holds the Manage Taskflows role identity. |
static java.lang.String |
ROLE_PLANNING_APPLICATION_CREATOR_IDENTITY
Constant that holds the Planning Application Creator role identity. |
static java.lang.String |
ROLE_PLANNING_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY
Constant that holds the Planning Calculation Manager Administrator role identity. |
static java.lang.String |
ROLE_PROFITABILITY_APPLICATION_CREATOR_IDENTITY
Constant that holds the Profitability Application Creator role identity. |
static java.lang.String |
ROLE_PROJECT_MANAGER_IDENTITY
Constant that holds the Project Manager role identity. |
static java.lang.String |
ROLE_PROVISIONING_MANAGER_IDENTITY
Constant that holds the Provisioning Manager role identity. |
static java.lang.String |
ROLE_RUN_INTEGRATIONS_IDENTITY
Constant that holds the Run Integrations role identity. |
static java.lang.String |
ROLE_RUN_TASKFLOWS_IDENTITY
Constant that holds the Run Taskflows role identity. |
static java.lang.String |
SAP_TICKET
Constant that holds the name of the property for specifying the SAP Ticket. |
static java.lang.String |
SECURITY_AGENT_LOGIN_NAME
Constant that holds name of the property for specifying the login name. |
static java.lang.String |
SORT_RESULTS
Constant that holds the flag determining that the results to be sorted. |
static java.lang.String |
SPECIFY_ALL
Constant that is used to specify interest in all instances for the argument/parameter in question. |
static java.lang.String |
SPECIFY_CONTAINER
Constant that is used to specify interest in the container instance for the argument/parameter in question. |
static java.lang.String |
SPECIFY_NONE
Constant that is used to specify that argument/parameter in question should not be taken into account in the result of this query. |
static java.lang.String |
STATUS
Constant that holds the status of the User or Group (whether active or inactive). |
static java.lang.String |
THROW_COMMUNICATION_EXCEPTION
Deprecated. |
static java.lang.String |
TOKEN
Constant that holds the name of the property for specifying the token string. |
static java.lang.String |
USE_LOCAL_HUB
Constant that holds name of the property for specifying that Hyperion Shared Services is local to the process that CSS is running on. |
static java.lang.String |
VALIDATE_ROLE
Constant that holds the flag deciding whether role validation for the principal is to be done before performing an operation. |
static java.lang.String |
WORLD_GROUP_DESCRIPTION
Constant that holds the WORLD Group description. |
static java.lang.String |
WORLD_GROUP_IDENTITY
Constant that holds the WORLD Group identity. |
static java.lang.String |
WORLD_GROUP_NAME
Constant that holds the WORLD Group name. |
| Method Summary | |
|---|---|
CSSUserIF |
authenticate(java.util.Map context)
Deprecated. - Use any of the following: authenticate(Map, String, String) authenticateToken(Map, String) authenticateUserFromSecurityAgent(Map, String, String)
authenticateSapTicket(Map, String) authenticateSecurityAgent(Map, HttpServletRequest) |
CSSUserIF |
authenticate(java.util.Map context,
java.lang.String username,
java.lang.String password)
Authenticates the specified username against the specified password with the providers configured in the security system. |
CSSUserIF |
authenticateProxyUser(java.util.Map context,
java.lang.String username,
java.lang.String trustedServiceKey)
Authenticates the specified username using proxy, after validating the trusted service key. |
CSSUserIF |
authenticateProxyUser(java.util.Map context,
java.lang.String username,
java.lang.String trustedServiceKey,
javax.servlet.http.HttpServletRequest request)
This API is currently supported only in Fusion Mode |
CSSUserIF |
authenticateSapTicket(java.util.Map context,
java.lang.String ticket)
This is an EPM mode only API. |
CSSUserIF |
authenticateSecurityAgent(java.util.Map context,
javax.servlet.http.HttpServletRequest request)
This is an EPM mode only API. |
CSSUserIF |
authenticateToken(java.util.Map context,
java.lang.String token)
Authenticates the specified sso_token against the providers configured in the security system. |
CSSUserIF |
authenticateUserFromSecurityAgent(java.util.Map context,
java.lang.String username,
java.lang.String trustedServiceKey)
This is an EPM mode only API. |
int |
compareToapplicationIdInToken(java.util.Map context,
java.lang.String token,
java.lang.String applicationID)
This API is currently supported in Fusion Mode. |
CSSDirectoryManagementAPIIF |
getDirectoryManagementAPI(java.util.Map context)
This is an EPM mode only API. |
CSSGroupIF |
getGroupByIdentity(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String identity)
This is an EPM mode only API. |
CSSGroupIF |
getGroupByIdentity(java.util.Map context,
java.lang.String identity)
Deprecated. - Use getGroupByIdentity(Map, CSSPrincipalIF, String)
. This is an EPM mode only API. |
CSSGroupIF[] |
getGroups(java.util.Map context,
CSSPrincipalIF principal,
GroupSearchFilter groupSrchFilter)
This is an EPM mode only API. |
CSSGroupIF[] |
getGroups(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String groupName)
This is an EPM mode only API. |
CSSGroupIF[] |
getGroups(java.util.Map context,
java.lang.String groupName)
Deprecated. - Use getGroups(Map, CSSPrincipalIF, String)
This is an EPM mode only API. |
java.util.Set<CSSGroupIF> |
getGroupsByIdentities(java.util.Map context,
CSSPrincipalIF principal,
java.util.Set<java.lang.String> identities)
This is an EPM mode only API. |
CSSGroupIF[] |
getGroupsByIdentities(java.util.Map context,
java.lang.String[] identities)
Deprecated. - Use getGroupsByIdentities(Map, CSSPrincipalIF, Set) |
java.lang.String[] |
getHeaderNamesFromSecurityAgent(java.util.Map context)
This is an EPM mode only API. |
CSSMigrationAPIIF |
getMigrationAPI(java.util.Map context)
This is an EPM mode only API. |
java.util.Map |
getProviderMap(java.util.Map context)
This is an EPM mode only API. |
java.lang.String[] |
getProviderNames(java.util.Map context)
Deprecated. - Use CSSManager.getProviderMap() This
is an EPM mode only API. |
java.lang.String |
getSAPTicketFromToken(java.util.Map context,
java.lang.String token)
This is an EPM mode only API |
CSSUserIF |
getUserByEmail(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String email)
This is an EPM mode only API. |
CSSUserIF |
getUserByEmail(java.util.Map context,
java.lang.String email)
Deprecated. - Use getUsers(Map, CSSPrincipalIF, UserSearchFilter)
This is an EPM mode only API. |
CSSUserIF |
getUserByIdentity(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String identity)
This is an EPM mode only API. |
CSSUserIF |
getUserByIdentity(java.util.Map context,
java.lang.String identity)
Deprecated. - Use getUserByIdentity(Map, CSSPrincipalIF, String)
This is an EPM mode only API. |
CSSUserProvisioningAPIIF |
getUserProvisioningAPI(java.util.Map context)
Returns the User and Group Provisioning Interface. |
CSSUserIF[] |
getUsers(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String userName)
This is an EPM mode only API. |
CSSUserIF[] |
getUsers(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String userName,
java.lang.String firstName,
java.lang.String lastName)
This is an EPM mode only API. |
CSSUserIF[] |
getUsers(java.util.Map context,
CSSPrincipalIF principal,
UserSearchFilter userSrchFilter)
This is an EPM mode only API. |
CSSUserIF[] |
getUsers(java.util.Map context,
java.lang.String userName)
Deprecated. - Use getUsers(Map, CSSPrincipalIF, String)
This is an EPM mode only API. |
CSSUserIF[] |
getUsers(java.util.Map context,
java.lang.String userName,
java.lang.String firstName,
java.lang.String lastName)
Deprecated. - Use getUsers(Map, CSSPrincipalIF, UserSearchFilter)
This is an EPM mode only API. |
java.util.Set<CSSUserIF> |
getUsersByIdentities(java.util.Map context,
CSSPrincipalIF principal,
java.util.Set<java.lang.String> identities)
|
CSSUserIF[] |
getUsersByName(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String firstName,
java.lang.String lastName)
This is an EPM mode only API. |
CSSUserIF[] |
getUsersByName(java.util.Map context,
java.lang.String firstName,
java.lang.String lastName)
Deprecated. - Use getUsers(Map, CSSPrincipalIF, UserSearchFilter)
This is an EPM mode only API. |
void |
initialize(java.util.Map context,
com.hyperion.css.application.CSSApplicationIF appCallback)
Deprecated. - Use CSSSystem.getInstance(Map, String) |
boolean |
isNativeProviderActive(java.util.Map context)
This is an EPM mode only API. |
boolean |
isSecurityAgentProtected(java.util.Map context)
This is an EPM mode only API. |
boolean |
isValidCSSToken(java.util.Map context,
java.lang.String token)
Determines if the token is valid. |
CSSLoginUserIF |
login(java.util.Map context,
java.lang.String applicationId,
boolean indirect)
Deprecated. - Use any of the following: login(Map, String, String, String[]) loginToken(Map, String, String[]) loginSapTicket(Map, String, String[]) loginSecurityAgent(Map, HttpServletRequest, String[]) |
CSSLoginUserIF |
login(java.util.Map context,
java.lang.String username,
java.lang.String password,
java.lang.String[] applicationIds)
Authenticates the specified username against the specified password with the providers configured in the security system. |
CSSLoginUserIF |
loginProxyUser(java.util.Map context,
java.lang.String username,
java.lang.String trustedKey,
java.lang.String[] applicationIds)
This is Fusion mode only API. |
CSSLoginUserIF |
loginSapTicket(java.util.Map context,
java.lang.String sapTicket,
java.lang.String[] applicationIds)
This is an EPM mode only API. |
CSSLoginUserIF |
loginSecurityAgent(java.util.Map context,
javax.servlet.http.HttpServletRequest request,
java.lang.String[] applicationIds)
This is an EPM mode only API. |
CSSLoginUserIF |
loginToken(java.util.Map context,
java.lang.String token,
java.lang.String[] applicationIds)
Authenticates the specified sso_token against the providers configured in the security system. |
| Field Detail |
|---|
static final java.lang.String PRP_CACHE_SCHEME_CACHE_PATH
java.io.tmpdir.
static final java.lang.String PRP_CACHE_SCHEME_ABORTCACHING
Setting this property to <code>true</code> turns off caching. Setting this property to <code>false</code> enables caching. Caching is enabled by default.Values assigned in the map override any settings specified on the command line.
static final java.lang.String PRP_CACHE_SCHEME_LOCK_PORT
static final java.lang.String HOST_INFO
Constant that holds the name of the property for specifying the Host Name or IP Address of the machine that user is logging in from.
The value of this constant is "hyperion.login.hostinfo".
static final java.lang.String LOGIN_NAME
Constant that holds the name of the property for specifying the user name. The value of the property should be the login name of the user.
The value of this constant is "hyperion.loginName".
static final java.lang.String SAP_TICKET
Constant that holds the name of the property for specifying the SAP Ticket. The value of the property should be the SAP Ticket representing a user that has been authenticated through SAP.
The value of this constant is "hyperion.sAPTicket".
static final java.lang.String HTTP_SERVLET_REQUEST
Constant that holds the name of the property for specifying the HTTP Servlet Request object. The value of the property should be the HTTP servlet request object that contains information about the user to be authenticated. Note that this constant has to be used only with web applications.
The value of this constant is "hyperion.httpServletRequest".
static final java.lang.String PASSWORD
Constant that holds the name of the property for specifying the password. The value of the property should be the password of the user.
The value of this constant is "hyperion.password".
static final java.lang.String TOKEN
Constant that holds the name of the property for specifying the token string. The value of the property should be the token associated with a user.
The value of this constant is "hyperion.token".
CSSUserIF.getToken(),
Constant Field Valuesstatic final java.lang.String PROVIDER_REQUEST
Constant that holds the name of the property for specifying the provider URL that an entry belongs to. The value of the property should be the provider URL. For instance: "ldap://localhost:389/ou=abc,o=com"
This is used in isValidCSSToken(Map, String)
The value of this constant is "hyperion.providerRequest".
static final java.lang.String PROVIDER_NAME
Constant that holds the name of the property for specifying the provider
to be used. The value of the property should be the provider name. For
instance: ldapServer1 etc.
In the configuration, the provider name maps to the entries in the
searchOrder element.
The value of this constant is "hyperion.providerName".
static final java.lang.String NATIVE_PROVIDER_NAME
static final java.lang.String NATIVE_PROVIDER_TYPE
static final java.lang.String PREFIX_TO_APP_LOGGER
CSSApplicationIF.log(String) method.
The value of this constant is "***CSS***".
static final java.lang.String LOGIN_PROJECT_ID
Constant that holds the project name for the login API.
static final java.lang.String RESULT_COUNT_LIMIT
CSSUserProvisioningAPIIF.getAllProvisionedUsersInApp(Map, CSSPrincipalIF, String, String, String)
and
CSSUserProvisioningAPIIF.getAllProvisionedGroupsInApp(Map, CSSPrincipalIF, String, String, String)
methods only.
The value of this constant is "hyperion.result.count".
static final java.lang.String SORT_RESULTS
Constant that holds the flag determining that the results to be sorted.
static final java.lang.String PROVIDER_TYPE
Constant that holds the name of the property for specifying the provider type to be used. The value of the property should be the provider type. For instance: LDAP, MSAD etc.
This is specified by constants:
The value of this constant is "hyperion.providerType".
static final java.lang.String ENTRY_TYPE_USER
The value of this constant is "USER".
static final java.lang.String ENTRY_TYPE_GROUP
The value of this constant is "GROUP".
static final java.lang.String ENTRY_TYPE_ROLE
The value of this constant is "ROLE".
static final java.lang.String ENTRY_TYPE_OTHER
The value of this constant is "OTHER".
static final java.lang.String WORLD_GROUP_IDENTITY
The value of this constant is "native://DN=cn=611,ou=Groups,dc=css,dc=hyperion,dc=com?GROUP".
static final java.lang.String WORLD_GROUP_NAME
The value of this constant is "WORLD".
static final java.lang.String WORLD_GROUP_DESCRIPTION
The value of this constant is "All Users are members of this group".
static final java.lang.String HUB_APPLICATION_ID
The value of this constant is "HUB:1111".
static final java.lang.String APPLICATION_NAME
The value of this constant is "APPLICATION_NAME".
static final java.lang.String ROLE_ADMINISTRATOR_IDENTITY
The value of this constant is ""native://DN=cn=HUB:1,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"".
static final java.lang.String ROLE_PROVISIONING_MANAGER_IDENTITY
The value of this constant is ""native://DN=cn=HUB:2,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"".
static final java.lang.String ROLE_DIRECTORY_MANAGER_IDENTITY
The value of this constant is ""native://DN=cn=HUB:3,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"".
static final java.lang.String ROLE_PROJECT_MANAGER_IDENTITY
The value of this constant is ""native://DN=cn=HUB:4,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"".
static final java.lang.String ROLE_CREATE_INTEGRATIONS_IDENTITY
The value of this constant is ""native://DN=cn=HUB:5,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"".
static final java.lang.String ROLE_RUN_INTEGRATIONS_IDENTITY
The value of this constant is ""native://DN=cn=HUB:6,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"".
static final java.lang.String ROLE_LCM_ADMINISTRATOR_IDENTITY
The value of this constant is ""native://DN=cn=HUB:7,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"".
static final java.lang.String ROLE_DIMENSION_EDITOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:8,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_APPLICATION_CREATOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:9,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_FINANCIAL_MANAGEMENT_APPLICATION_CREATOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:10,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_PLANNING_APPLICATION_CREATOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:11,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_ANALYTIC_SERVICES_APPLICATION_CREATOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:12,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_PROFITABILITY_APPLICATION_CREATOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:16,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:17,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_FINANCIAL_MANAGEMENT_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:18,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_PLANNING_CALCULATION_MANAGER_ADMINISTRATOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:19,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_MANAGE_TASKFLOWS_IDENTITY
The value of this constant is "native://DN=cn=HUB:20,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_RUN_TASKFLOWS_IDENTITY
The value of this constant is "native://DN=cn=HUB:21,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_EPMA_ADMINISTRATOR_IDENTITY
The value of this constant is "native://DN=cn=HUB:22,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE".
static final java.lang.String ROLE_MANAGE_MODELS_UNIQUE_ID
Constant that holds the Manage Model role Unique ID. Note that this role should be registered by the product. This unique id is to ensure a standard across teams.
The value of this constant is ""1313"".
static final java.lang.String HUB_ADMINISTRATOR_IDENTITY
The value of this constant is ""native://DN=cn=911,ou=People,dc=css,dc=hyperion,dc=com?USER"".
static final java.lang.String LOCALE
Constant that holds the property that specifies the name of the Locale.
The value of this constant is "LOCALE".
static final java.lang.String OBJECT_ID
Constant that holds the property that specifies the name of the object id.
The value of this constant is "OBJECT_ID".
static final java.lang.String QUERY_LIMIT
The value of this constant is "hyperion.query.limit".
static final java.lang.String RETURN_HIERARCHY
The value of this constant is "hyperion.return.hierarchy".
static final java.lang.String ENTITY_DEACTIVATE
Constant that holds the name of the property for specifying the that the
user or group entity needs to be deactivated or a deactivated user and
group is to be retreived. The value of the property is
"true" is the user or group entry has to be deactivated or a
deactivated user or group needs to be returned.
The value of this constant is "hyperion.deactivate".
static final java.lang.String LOG_PREPEND_TEXT
Constant that holds the the name of the property that specifies the text message to be prepended to the log messages.
The value of this constant is "LOG_PREPEND_TEXT".
static final java.lang.String SECURITY_AGENT_LOGIN_NAME
Constant that holds name of the property for specifying the login name. The value of this property is the login name that is retrieved from the Security Agent.
The value of this constant is "securityAgent.loginName".
static final java.lang.String STATUS
Constant that holds the status of the User or Group (whether active or inactive). The value of this property can be set to "active" or "inactive". user.
The value of this constant is "status".
static final java.lang.String USE_LOCAL_HUB
Constant that holds name of the property for specifying that Hyperion
Shared Services is local to the process that CSS is running on. The value
of this property is "true" if there is no requirement for
RPC to Shared Services, as Shared Services is local.
The value of this constant is "hyperion_use_local_hub".
static final java.lang.String HUB_PROJECT
Constant that is used to specify that the project is the Hub
(Shared Services) Project.
The Hub Project is preconfigured and cannot be deleted or updated.
This property serves as the identity of the Hyperion Hub (Shared Services) Project. The Hyperion Hub Project cannot be updated in any way including addition or removal of applications.
The value of this constant is "hyperion.hub.project".
static final java.lang.String SPECIFY_ALL
Constant that is used to specify interest in all instances for
the argument/parameter in question.
This property would be made use in invocations of the various CSS API
methods. Details would be elucidated in the documentation of the
respective methods.
The value of this constant is "hyperion.all".
static final java.lang.String SPECIFY_NONE
Constant that is used to specify that argument/parameter in question
should not be taken into account in the result of this query.
This property would be made use in invocations of the various CSS API
methods. Details would be elucidated in the documentation of the
respective methods.
The value of this constant is "hyperion.none".
static final java.lang.String SPECIFY_CONTAINER
Constant that is used to specify interest in the container
instance for the argument/parameter in question.
This property would be made use in invocations of the various CSS API
methods. Details would be elucidated in the documentation of the
respective methods.
The value of this constant is "hyperion.container".
static final java.lang.String PRP_NATIVE_PROVIDER_TRANSPORT_COMPRESSION
Constant that holds the name of the property for specifying native
provider transport compression. This property is used if Hyperion Shared
Services is running on a different computer than the CSS API consumer. A
value of "true" enables compression. A falue of
"false" disables compression. "true" is the
default.
Values assigned in the map override any settings specified on the command line.
The value of this constant is "com.hyperion.css.rpc.transport.compression".
static final java.lang.String PRP_NATIVE_PROVIDER_TRANSPORT_ENABLE
Constant that holds the name of the property to enable and disable the
native provider RPC transport. A value of "true" enables
RPC. A falue of "false" disables RPC. The setting is
"true" by default. This setting should only be used by
applications running on Hyperion Shared Services; typically CTG
applications. A word of warning: using the native provider locally
requires certain HUB, Slide, and other components to be propertly
configured.
Values assigned in the map override any settings specified on the command line.
The value of this constant is "com.hyperion.css.rpc.transport.enable".
static final java.lang.String IDENTITY_USER
Constant that holds the name of the property for specifying the identity for a user.
The value for this property is the value of the user identity.
The value of this constant is "hyperion.user.identity".
static final java.lang.String PROVIDER_TYPE_LDAP
Constant that holds the type specified for the LDAP provider.
The value of this constant is specified by
CSSConfigurationDefaults.PROVIDER_TYPE_LDAP.
static final java.lang.String PROVIDER_TYPE_MSAD
Constant that holds the type specified for the MSAD provider.
The value of this constant is specified by
CSSConfigurationDefaults.PROVIDER_TYPE_MSAD.
static final java.lang.String PROVIDER_TYPE_NATIVE
Constant that holds the type specified for the NATIVE provider.
The value of this constant is specified by
CSSConfigurationDefaults.PROVIDER_TYPE_NATIVE.
static final java.lang.String PROVIDER_TYPE_SAP
Constant that holds the type specified for the SAP provider.
The value of this constant is specified by
CSSConfigurationDefaults.PROVIDER_TYPE_SAP.
static final java.lang.String PROVIDER_TYPE_DATABASE
Constant that holds the type specified for the DB provider.
The value of this constant is specified by
CSSConfigurationDefaults.PROVIDER_TYPE_DATABASE.
static final java.lang.String DIRECT_ROLE_ONLY
Constant that holds the type specified for the NATIVE provider.
The value of this constant is specified by
CSSConfigurationDefaults.PROVIDER_TYPE_NATIVE.
static final java.lang.String THROW_COMMUNICATION_EXCEPTION
Constant that holds the name of the property for specifying the interest
in recieving the CSSCommunicationException. The value of the
property should be true and this exception is propogated to
the consumer of the API (the client).
The value of this constant is "com.hyperion.css.throwCommunicationException".
static final java.lang.String IGNORE_COMMUNICATION_EXCEPTION
Constant that holds the name of the property for specifying the interest
in not recieving the CSSCommunicationException. The value of the
property should be true and this exception is propogated to
the consumer of the API (the client).
The value of this constant is "com.hyperion.css.ignoreCommunicationException".
static final java.lang.String PROVIDER_TYPE_CUSTOM
Constant that holds the type specified for the custom provider.
The value of this constant is specified by
CSSConfigurationDefaults.PROVIDER_TYPE_CUSTOM.
static final java.lang.String VALIDATE_ROLE
Constant that holds the flag deciding whether role validation for the principal is to be done before performing an operation.
The flag can be added to the context and the value associated with the flag can be either TRUE or FALSE.
static final java.lang.String FORCE_DEPENDENCY_CHECK
Constant that holds the flag deciding whether Native Directory active check is to be done during intialialization.
The flag can be added to the context and the value associated with the flag can be either TRUE or FALSE.
Presense of this flag with value TRUE will dictate the
initialize(Map, CSSApplicationIF) to throw exception if the
Native Directory is not reachable. FALSE would ignore this check and
continue the initialization.
Absence of this flag will be treated as FALSE.
static final java.lang.String KERBEROS_LOGIN_NAME
static final java.lang.String ACCESS_TYPE_VIEW
Constant that holds the flag determining that the VIEW type of access is requested on specified API call.
static final java.lang.String AUTO_DETECT
static final java.lang.String JPS_SUBJECT
Usage:
CSSUserIF user = authenticate("admin", "password");
Map userInfo = user.getUserInfo();
Subject jpsSubject = (Subject) userInfo.get(CSSAPIIF.JPS_SUBJECT);
static final java.lang.String ACCESS_TYPE_MANAGE
Constant that holds the flag determining that the MANAGE type of access is requested on specified API call.
static final java.lang.String DELEGATEDMODE_SHOW_ALL
static final java.lang.String HUB_APP_NAME
static final java.lang.String HUB_PROJECT_NAME
static final java.lang.String IE_DELEGATED_MODE
static final int APPID_IS_EQUAL
static final int APPID_IS_NOTEQUAL
static final int APPID_IS_NULL
static final java.lang.String DEPLOYMENT_METADATA_APP_ID
static final java.lang.String ESCAPE_AUTH_FILTER
static final java.lang.String APPLICATION_ROLES_ONLY
CSSUserProvisioningAPIIF.getRolesForUserInApplication(java.util.Map, com.hyperion.css.common.CSSPrincipalIF, java.lang.String, java.lang.String, boolean) and
CSSUserProvisioningAPIIF.getRolesForGroupInApplication(java.util.Map, com.hyperion.css.common.CSSPrincipalIF, java.lang.String, java.lang.String, boolean) not to
return child roles for the directly provisioned roles.
static final java.lang.String IGNORE_APPLICATION_VALIDATION
CSSUserProvisioningAPIIF.setRolesList(java.util.Map, com.hyperion.css.common.CSSPrincipalIF, java.lang.String, java.lang.String[], java.lang.String, boolean) and
to ignore the application instance check.
static final java.lang.String EPMA_APPLICATION_ID
| Method Detail |
|---|
@Deprecated
CSSUserIF authenticate(java.util.Map context)
throws CSSNoProviderException,
CSSTokenNotAvailableException,
CSSIllegalArgumentException,
CSSAuthenticationException,
CSSTokenNotAcceptedException,
CSSInvalidIdentityException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
authenticate(Map, String, String) authenticateToken(Map, String) authenticateUserFromSecurityAgent(Map, String, String)
authenticateSapTicket(Map, String) authenticateSecurityAgent(Map, HttpServletRequest)
CSSNoProviderException
CSSTokenNotAvailableException
CSSIllegalArgumentException
CSSAuthenticationException
CSSTokenNotAcceptedException
CSSInvalidIdentityException
com.hyperion.css.common.configuration.CSSConfigurationException
CSSCommunicationException
CSSException
CSSUserIF authenticate(java.util.Map context,
java.lang.String username,
java.lang.String password)
throws CSSException
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
context - - Map structure holding key-value information about locale,
host infousername - - name of the user to be authenticated.password - - password for the user to be authenticated.
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
CSSUserIF authenticateToken(java.util.Map context,
java.lang.String token)
throws CSSException
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
context - - Map structure holding key-value information about locale,
host infotoken - - CSS token to be used for authentication
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
CSSUserIF authenticateSecurityAgent(java.util.Map context,
javax.servlet.http.HttpServletRequest request)
throws CSSException
Authenticates by parsing the username and password if available from the specified HTTP Servlet Request. If password is not present the providers will be treated as trusted and will check only for the validity of the username derived from the HTTP request..
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
context - - Map structure holding key-value information about locale,
host inforequest - - The HTTP Servlet Request containing information about the
username and password.
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
CSSUserIF authenticateUserFromSecurityAgent(java.util.Map context,
java.lang.String username,
java.lang.String trustedServiceKey)
throws CSSException
Authenticates the specified username , after validating the trusted service key. This key is known only to trusted services and is required for successful authentication of the user. Note that this user should belong to a trusted provider.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
context - - Map structure holding key-value information about locale,
host infousername - - name of the user to be authenticated.trustedServiceKey - - value of the trusted services key.
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
CSSUserIF authenticateSapTicket(java.util.Map context,
java.lang.String ticket)
throws CSSException
Authenticates the specified sap ticket against the providers configured in the security system.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
context - - Map structure holding key-value information about locale,
host infoticket - - SAP ticket that will be used for authentication.
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
@Deprecated
CSSLoginUserIF login(java.util.Map context,
java.lang.String applicationId,
boolean indirect)
throws CSSNoProviderException,
CSSTokenNotAvailableException,
CSSIllegalArgumentException,
CSSAuthenticationException,
CSSAuthorizationException,
CSSTokenNotAcceptedException,
CSSInvalidIdentityException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
login(Map, String, String, String[]) loginToken(Map, String, String[]) loginSapTicket(Map, String, String[]) loginSecurityAgent(Map, HttpServletRequest, String[])
CSSNoProviderException
CSSTokenNotAvailableException
CSSIllegalArgumentException
CSSAuthenticationException
CSSAuthorizationException
CSSTokenNotAcceptedException
CSSInvalidIdentityException
com.hyperion.css.common.configuration.CSSConfigurationException
CSSCommunicationException
CSSException
CSSLoginUserIF login(java.util.Map context,
java.lang.String username,
java.lang.String password,
java.lang.String[] applicationIds)
throws CSSException
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
An empty or null value for applicationId will return empty results for group and roles listing.
context - - Map structure holding key-value information about locale,
host infousername - - name of the user to be authenticated.password - - password for the user to be authenticated.applicationIds - - array of application ids to check the roles and group info
on.
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
CSSLoginUserIF loginToken(java.util.Map context,
java.lang.String token,
java.lang.String[] applicationIds)
throws CSSException
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
An empty or null value for applicationId will return empty results for group and roles listing.
context - - Map structure holding key-value information about locale,
host infotoken - - CSS token to be used for authentication.applicationIds - - array of application ids to check the roles and group info
on.
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
CSSLoginUserIF loginProxyUser(java.util.Map context,
java.lang.String username,
java.lang.String trustedKey,
java.lang.String[] applicationIds)
throws CSSException
This is Fusion mode only API.
Currently this API is not supported in the EPM Mode. User Assertion is performed for the specified username as long as trustedKey passed is validated successfully. This method return a composite login user object that returns pre-computed list of groups and roles for the specified Fusion Applications. String array of application IDs include Fusion Application IDs.
context - - Map structure holding key-value information about locale,
host infousername - - username to be used for User AssertiontrustedKey - - trustedKey, read from Registry and validated against
incoming value.applicationIds - - Fusion Application Ids.
CSSException
CSSLoginUserIF loginSecurityAgent(java.util.Map context,
javax.servlet.http.HttpServletRequest request,
java.lang.String[] applicationIds)
throws CSSException
This is an EPM mode only API. Authenticates by parsing the username and password if available from the specified HTTP Servlet Request. If password is not present the providers will be treated as trusted and will check only for the validity of the username derived from the HTTP request.
This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
An empty or null value for applicationId will return empty results for group and roles listing.
context - - Map structure holding key-value information about locale,
host inforequest - - The HTTP Servlet Request containing information about the
username and password.applicationIds - - array of application ids to check the roles and group info
on.
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
CSSLoginUserIF loginSapTicket(java.util.Map context,
java.lang.String sapTicket,
java.lang.String[] applicationIds)
throws CSSException
Authenticates the specified sap ticket against the providers configured in the security system.
This method return a composite login user object that returns pre-computed list of groups and roles for the specified applications. The implementation of this method has been tuned for login performance and is recommended to be used for login use case.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
An empty or null value for applicationId will return empty results for group and roles listing.
context - - Map structure holding key-value information about locale,
host infosapTicket - - SAP ticket that will be used for authentication.applicationIds - - array of application ids to check the roles and group info
on.
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
CSSUserIF[] getUsers(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String userName)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
Gets the user specified by userName. The
userName could be mapped to a particular attribute in a
directory through the Configuration. The search for users based on
*userName* should be based on getting all users who have
userName as a part of the value of the attribute
specified.
The userName could contain a wildcard such as
"*". This implies that all the matching users in the
directory need to be returned.
Passing null as the userName parameter is not
accepted and does not return all the users. You can use wildcards such as
'*' for the userName parameter. In this case,
users are returned in the order of directories that are specified by the
search order.
You can retreive all users on a provider by specifying "*@providerName"
Passing a groupName to this call is not supported and no
guarantees are made on the validity of the results.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The entryName@ProviderName syntax is supported by this
method as a part of the user name.
Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.
Only the users matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no users matching the filter OR principal is not authorized to view them.
context - - Map structure holding key-value information about locale.principal - CSSPrincipal identifying the user requesting information.
Cannot be null.userName - String argument representing the user login name.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
CSSCommunicationException - - if provider is specified with the name of the user viz.
in the userName argument but is not
reachable. For instance:
"userName@providerName". If this provider
cannot be contacted then the exception is thrown.
CSSException - - if there was any other abnormality.
CSSUserIF getUserByEmail(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String email)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
Get a user based on an email match. The
email could be mapped to a particular attribute in a
directory through the configuration. The search for users based on
email should be absolute.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
Wildcards should not be used in the arguments of this method. No guarantee is made for the behavior of this method if wildcards are part of the arguments.
Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.
context - Map structure holding key-value information about locale.principal - CSSPrincipal identifying the user requesting information.
Cannot be null.email - The complete e-mail address string for the user.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
CSSException - - if there was any other abnormality.
CSSCommunicationException
CSSUserIF[] getUsersByName(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String firstName,
java.lang.String lastName)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
Get a user based on a firstName and
lastName match. The firstName and
lastName could be mapped to a particular set of
attribute/s in a directory through the configuration. If there are two
attributes, one each for firstName and
lastName , then the search would be absolute and an
AND would be performed.
If one of the parameters (for example, firstName) is not
specified, then results for the other (for example, lastName
are returned.
Wildcards should not be used in the arguments of this method. No guarantee is made for the behavior of this method if wildcards are part of the arguments.
The context can specify the following:
These properties are discussed in the field description.
Please note that if thelocale is not specified, the default
locale set for the system is used.
Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.
Only the users matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no users matching the filter OR principal is not authorized to view them.
context - Map structure holding key-value information about locale.principal - CSSPrincipal identifying the user requesting information.
Cannot be null.firstName - The user's first name, with appended middle name if one
exists.lastName - The user's last name.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
CSSException - - if there was any other abnormality.
CSSCommunicationException
CSSUserIF[] getUsers(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String userName,
java.lang.String firstName,
java.lang.String lastName)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
Get a user based on a user name , firstName
and lastName match. All the attributes are absolute and
required. The way this is evaluated is as follows (in LDAP parlance):
(&(userName="gkhanna")(firstName="Gaurav")(lastName="khanna") )
This can be explained as simply the AND of all the arguments.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
Wildcards should not be used in the arguments of this method. No guarantee is made for the behavior of this method if wildcards are part of the arguments.
Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.
Only the users matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no users matching the filter OR principal is not authorized to view them.
context - Map structure holding key-value information about locale.principal - CSSPrincipal identifying the user requesting information.
Cannot be null.userName - String argument representing the user login name.firstName - The user's first name, with appended middle name if one
exists.lastName - The user's last name.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
CSSException - - if there was any other abnormality.
CSSCommunicationExceptiongetUsersByName(Map, String, String),
getUsers(Map, String)
CSSUserIF getUserByIdentity(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String identity)
throws CSSNoProviderException,
CSSInvalidIdentityException,
CSSInvalidUserException,
CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
Get a user based on the identity of the user. The identity
is stored by the application and is generated by the security platform.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.
context - Map structure holding information about the locale.principal - CSSPrincipal identifying the user requesting information.
Cannot be null.identity - String returned from the user object that uniquely identifies
one user on a provider.
CSSNoProviderException - - if no provider exists with the name specified.
CSSInvalidIdentityException - - if the identity is invalid.
CSSInvalidUserException - - if the user specified by the identity does not exist.
The user might have been deleted.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
CSSCommunicationException - - if the caller has specified interest in consuming this
and a provider of the type specified by the
identity is not reachable. If any one of the
providers of this type cannot be contacted and the user
specified by the identity passed in cannot be
found then the exception is thrown.
CSSException - - if there was any other abnormality.
CSSGroupIF[] getGroups(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String groupName)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
Get a group based on the name. The name could
be mapped to a particular attribute in a directory through the
configuration. The search for groups based on *name* should
be based on getting all groups who have name as a part of
the value of the attribute specified. For instance: the search is on "
*name*".
Passing in null as the groupName is equivalent
to the * wildcard character.
The method can be called with the wildcard * for
groupName to get all the groups from the first provider in
the search order. In this case it would go by the search order.
To get all groups from a particular provider, specify
"*@providerName"
This follows the "groupName@providerName" syntax. You can
also have wildcards such as "GA*@providerName" for the
groupName parameter.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The entryName@ProviderName syntax is supported by this
method. This is used in the name parameter.
Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.
Only the groups matching the filter AND are authorized for view by the specified principal will be returned. An empty array will be returned if there are no groups matching the filter OR principal is not authorized to view them.
context - Map structure holding locale information.principal - CSSPrincipal identifying the user requesting information.
Cannot be null.groupName - Name of the group.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
CSSCommunicationException - - if provider is specified with the name of the group viz.
in the groupName argument but is not
reachable. For instance:
"groupName@providerName". If this provider
cannot be contacted then the exception is thrown.
CSSException - - if there was any other abnormality.
CSSGroupIF getGroupByIdentity(java.util.Map context,
CSSPrincipalIF principal,
java.lang.String identity)
throws CSSNoProviderException,
CSSIllegalArgumentException,
CSSInvalidIdentityException,
CSSInvalidGroupException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
Get a group based on the identity of the group. The
identity is stored by the application and is generated by the security
platform.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
Also, reserved characters for different directory servers are not directly supported.The caller needs to escape them in the appropriate way for the underlying directory store.
context - Map structure holding locale information.principal - CSSPrincipal identifying the user requesting information.
Cannot be null.identity - String returned from the group object that uniquely identifies
one group on a provider.
CSSNoProviderException - - if no provider exists with the name specified.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
CSSInvalidIdentityException - - if the identity is invalid.
CSSInvalidGroupException - - if the group specified by the identity does not exist.
The group might have been deleted.
com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
CSSException - - if there was any other abnormality.
CSSCommunicationException
boolean isValidCSSToken(java.util.Map context,
java.lang.String token)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSException
Determines if the token is valid.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
context - Map structure holding provider and/or locale information.token - Encrypted string that holds information for a user.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
com.hyperion.css.common.configuration.CSSConfigurationException - - if the configuration specified is not valid.
CSSException - - if there was any other abnormality.
@Deprecated
void initialize(java.util.Map context,
com.hyperion.css.application.CSSApplicationIF appCallback)
throws com.hyperion.css.common.configuration.CSSConfigurationException,
CSSIllegalArgumentException,
CSSCommunicationException,
CSSException
CSSSystem.getInstance(Map, String)
com.hyperion.css.common.configuration.CSSConfigurationException
CSSIllegalArgumentException
CSSCommunicationException
CSSException
java.util.Map getProviderMap(java.util.Map context)
throws CSSIllegalArgumentException,
CSSException
Gets the names and types of the providers that are registered with the security platform.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The keys of the returned Map instance hold the provider type
names, one for each type. The value associated with each type key is an
ArrayList that contains a list of provider names as Strings.
context - Map structure holding locale information.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
CSSMethodNotSupportedException - - if this method is not supported for a particular CSS
mode.
CSSException - - if there was any other abnormalityPROVIDER_TYPE_LDAP,
PROVIDER_TYPE_MSAD,
PROVIDER_TYPE_CUSTOM,
PROVIDER_TYPE_NATIVE
boolean isSecurityAgentProtected(java.util.Map context)
throws CSSIllegalArgumentException,
CSSException
This method is invoked to determine if the access to a resource might be protected by a Security Agent.
The Security Agent could be Netegrity Siteminder. If this method
returns true then the caller should attempt to locate the appropriate
header; for instance, for Netegrity: SECURITY_AGENT_LOGIN_NAME;
in the HTTP headers. If the header exists then the value for that should
be passed into the (@link #authenticate(Map)} method.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
context - Map structure holding locale information.
Security Agent is used to protect the resources.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
CSSMethodNotSupportedException - - if this method is not supported for a particular CSS
mode.
CSSException - - if there was any other abnormality
java.lang.String[] getHeaderNamesFromSecurityAgent(java.util.Map context)
throws CSSIllegalArgumentException,
CSSException
This method returns the HTTP headers that would carry the login name of the user.
The header names are populated by the Security Agent. The Security Agent could be Netegrity SiteMinder.
The array returned could be of length > 0. If that is the case then
the calling application needs to compare the headers from the
HTTP REQUEST with the names from this array one by one
starting from index 0. This comparison should be case
insensitive.
There could be more than one header because different application/web
servers map headers to different names. For instance, some might prepend
HTTP to the header name.
It is the reponsibility of the product team to invoke this method and use
the header names returned by it to retrieve the login name from
the HTTP REQUEST.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
context - Map structure holding locale information.
CSSIllegalArgumentException - - if there is an argument that is inappropriate.
CSSMethodNotSupportedException - - if this method is not supported for a particular CSS
mode.
CSSException - - if there was any other abnormalityCSSUserProvisioningAPIIF getUserProvisioningAPI(java.util.Map context)
Returns the User and Group Provisioning Interface.
Some of the functionality provided by the interface is as follows:
context - - Map structure holding locale information.
CSSDirectoryManagementAPIIF getDirectoryManagementAPI(java.util.Map context)
throws CSSException
Returns an interface to CRUD of Hyperion Shared Services User Directory.
Some of the functionality provided by the interface is as follows:
context - - Map structure holding locale information.
CSSMethodNotSupportedException - - if this method is not supported for a particular CSS
mode.
CSSException - - if there was any other abnormality
boolean isNativeProviderActive(java.util.Map context)
throws CSSException
Return the status of the Native Provider after CSS has initialized.
A true will be returned if the Native Directory (open LDAP) is active for connections.
context - - Map structure holding locale information.
CSSMethodNotSupportedException - - if this method is not supported for a particular CSS
mode.
CSSException - - if there was any other abnormality
CSSMigrationAPIIF getMigrationAPI(java.util.Map context)
throws CSSException
Provides handle to the Migration Interface.
The migration interface provides functionality like:
context - - Map structure holding locale information.
CSSMethodNotSupportedException - - if this method is not supported for a particular CSS
mode.
CSSException - - if there was any other abnormality
CSSUserIF[] getUsers(java.util.Map context,
CSSPrincipalIF principal,
UserSearchFilter userSrchFilter)
throws CSSCommunicationException,
CSSException
Gets the user specified by user search filter passed in The user search filter contains user filter attributes and values like, USERNAME,FIRSTNAME,LASTNAME,EMAIL,DESCRIPTION (Also ACTIVE, INACTIVE and ALL for native) Etc. This supports wild card search. Eg. The search for users based on *userName* should return all users matching this pattern.
when the attribute value is specified as "*" This implies that all the users in the directory need to be returned.The query can be based on any one of the above attributes. For native if the filter attribute can be set to ACTIVE, INACTIVE or ALL to return active, inactive and all users respectively.
context - - Map structure holding key-value information about locale and
other parameters.principal - - identity of the caller. Can not be null.userSrchFilter - - contains the search filter attributes and values.
CSSCommunicationException - - The provider could not connect to the directory server.
CSSException - - Any other abnormality.
CSSGroupIF[] getGroups(java.util.Map context,
CSSPrincipalIF principal,
GroupSearchFilter groupSrchFilter)
throws CSSCommunicationException,
CSSException
Get a group specified by group search filter passed in The group search
filter contains group filter attributes and values like, GROUPNAME,
DESCRIPTION. The name could be mapped to a particular attribute in a
directory through the Configuration. The search for groups based on
*name* should be based on getting all groups who have name
as a part of the value of the attribute specified.
The attribute could contain a wildcard such as "*". This implies that all the groups in the directory need to be returned.The query can be based on any one of the above attributes.
context - Map structure holding key-value information about locale.principal - - identity of the caller. Can not be null.groupSrchFilter - - contains the group filter attributes and values.
CSSCommunicationException - - The provider could not connect to the directory.
CSSException - - Any other abnormality.
CSSGroupIF[] getGroupsByIdentities(java.util.Map context,
java.lang.String[] identities)
throws CSSException
getGroupsByIdentities(Map, CSSPrincipalIF, Set)
Return an Array for a CSSGroupIF objects for an array of group identities.
Note: This method does not refine the list if the delegated mode is on, this method is to get CSSGroupIF objects for given entries.
context - A map object that holds the context information.identities - An array of non null string identities.
CSSMethodNotSupportedException - - if this method is not supported for a particular CSS
mode.
CSSException - - if there was any other abnormality
java.util.Set<CSSGroupIF> getGroupsByIdentities(java.util.Map context,
CSSPrincipalIF principal,
java.util.Set<java.lang.String> identities)
throws CSSException
Return a set of CSSGroupIF objects for a set of group identities.
Note: This method does not refine the list if the delegated mode is on, this method is to get CSSGroupIF objects for given entries.
context - A map object that holds the context information.principal - - identity of the caller. Can not be null.identities - A set of non null string identities.
CSSMethodNotSupportedException - - if this method is not supported for a particular CSS
mode.
CSSException - - if there was any other abnormality
CSSUserIF authenticateProxyUser(java.util.Map context,
java.lang.String username,
java.lang.String trustedServiceKey)
throws CSSException
While in Fusion mode, the username can be specified in two forms - either as a JPS GUID or as the string constant AUTO_DETECT. During Auto detection, CSS will query the container to retrieve the currently authenticated user.
The context can specify the following:
These properties are discussed in the field description. Please note that
if the locale is not specified, the default locale set for
the system is used.
The host info (ip-address/hostname) is required for auditing purposes.
Note: If a SAP user name is specified the CSS token generated will not contain any SAP ticket. In other words this token cannot be used to Single Sign On into any SAP application.
context - - Map structure holding key-value information about locale,
host infousername - - name of the user to be authenticated. Alternatively, JPS
GUID or string constant AUTO_DETECT (Fusion mode only).trustedServiceKey - - value of the trusted services key.
token string that can
be used to single-sign-on.
CSSException - - one of the following exception will be thrown.
CSSUserIF authenticateProxyUser(java.util.Map context,
java.lang.String username,
java.lang.String trustedServiceKey,
javax.servlet.http.HttpServletRequest request)
throws CSSException
This API is currently supported only in Fusion Mode
Consuming EPM Product will use this API only if ALL of the following is True:-
CSSAPIIF.authenticateToken(map,Token)This API will use new ATG API that uses request cookie to derieve Service URL for Last Accessed Fusion Pillar which will then be be used to invoke a webservice running within Fusion Domain.
context - username - trustedServiceKey - request -
CSSException
int compareToapplicationIdInToken(java.util.Map context,
java.lang.String token,
java.lang.String applicationID)
throws CSSException
The purpose of this API is to compare Application ID in the CSS Token to the Application ID passed as parameter to the method. Result of comparison of Application IDs is returned as a integer. Possible values of interger returned include 1, 2 or 3 where integer values represent:
CSSAPIIF.APPID_IS_EQUAL indicates that
ApplicationID in the Token and Application ID passed as parameter are
equal.CSSAPI.APPID_IS_NOTEQUAL indicates
that ApplicationID in the Token and Application ID passed as parameter
are not equal.CSSAPI.APPID_IS_NULL indicates that
ApplicationID in the Token is NULL
context - token - applicationID -
CSSException
java.util.Set<CSSUserIF> getUsersByIdentities(java.util.Map context,
CSSPrincipalIF principal,
java.util.Set<java.lang.String> identities)
throws CSSException
CSSException
java.lang.String getSAPTicketFromToken(java.util.Map context,
java.lang.String token)
throws CSSException
Retrieves the SAP Login Ticket if the CSS token can retrieve it.
The context can specify the following:
These properties are discussed in the field description at
CSSAPIIF. Please note that if the locale is not
specified, the default locale set for the system is used.
context - - Map structure holding key-value information about locale.token - - the CSS token string
CSSException - - Any abnormality
@Deprecated
CSSUserIF[] getUsers(java.util.Map context,
java.lang.String userName)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
getUsers(Map, CSSPrincipalIF, String)
This is an EPM mode only API.
CSSIllegalArgumentException
com.hyperion.css.common.configuration.CSSConfigurationException
CSSCommunicationException
CSSException
@Deprecated
CSSUserIF getUserByEmail(java.util.Map context,
java.lang.String email)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
getUsers(Map, CSSPrincipalIF, UserSearchFilter)
This is an EPM mode only API.
CSSIllegalArgumentException
com.hyperion.css.common.configuration.CSSConfigurationException
CSSCommunicationException
CSSException
@Deprecated
CSSUserIF[] getUsersByName(java.util.Map context,
java.lang.String firstName,
java.lang.String lastName)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
getUsers(Map, CSSPrincipalIF, UserSearchFilter)
This is an EPM mode only API.
CSSIllegalArgumentException
com.hyperion.css.common.configuration.CSSConfigurationException
CSSCommunicationException
CSSException
@Deprecated
CSSUserIF[] getUsers(java.util.Map context,
java.lang.String userName,
java.lang.String firstName,
java.lang.String lastName)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
getUsers(Map, CSSPrincipalIF, UserSearchFilter)
This is an EPM mode only API.
CSSIllegalArgumentException
com.hyperion.css.common.configuration.CSSConfigurationException
CSSCommunicationException
CSSException
@Deprecated
CSSUserIF getUserByIdentity(java.util.Map context,
java.lang.String identity)
throws CSSNoProviderException,
CSSInvalidIdentityException,
CSSInvalidUserException,
CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
getUserByIdentity(Map, CSSPrincipalIF, String)
This is an EPM mode only API.
CSSNoProviderException
CSSInvalidIdentityException
CSSInvalidUserException
CSSIllegalArgumentException
com.hyperion.css.common.configuration.CSSConfigurationException
CSSCommunicationException
CSSException
@Deprecated
CSSGroupIF[] getGroups(java.util.Map context,
java.lang.String groupName)
throws CSSIllegalArgumentException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
getGroups(Map, CSSPrincipalIF, String)
This is an EPM mode only API.
CSSIllegalArgumentException
com.hyperion.css.common.configuration.CSSConfigurationException
CSSCommunicationException
CSSException
@Deprecated
CSSGroupIF getGroupByIdentity(java.util.Map context,
java.lang.String identity)
throws CSSNoProviderException,
CSSIllegalArgumentException,
CSSInvalidIdentityException,
CSSInvalidGroupException,
com.hyperion.css.common.configuration.CSSConfigurationException,
CSSCommunicationException,
CSSException
getGroupByIdentity(Map, CSSPrincipalIF, String)
. This is an EPM mode only API.
CSSNoProviderException
CSSIllegalArgumentException
CSSInvalidIdentityException
CSSInvalidGroupException
com.hyperion.css.common.configuration.CSSConfigurationException
CSSCommunicationException
CSSException
@Deprecated
java.lang.String[] getProviderNames(java.util.Map context)
throws CSSIllegalArgumentException,
CSSException
CSSManager.getProviderMap() This
is an EPM mode only API.
CSSIllegalArgumentException
CSSException
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||