Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.hyperion.css.common
Interface CSSUserIF

All Superinterfaces:
com.hyperion.css.cache.CacheNodeIF, java.io.Serializable
All Known Subinterfaces:
CSSNativeUserIF
public interface CSSUserIF
extends com.hyperion.css.cache.CacheNodeIF, java.io.Serializable

This represents a user in the security platform and the directories.

Definition of terms used in the documentation:

  1. Direct Association: Implies that there is a direct association with this group.
  2. Indirect Association: Implies that an entity is associated with this group through a sequence of groups where this sequence is greater or equal to one.

Since:
CSSv2.0

Field Summary
static java.lang.String LOGIN_NAME
           Constant that holds the name of the property for specifying the login name.
 
Method Summary
 com.hyperion.css.common.CSSApplicationEntry[] getAllRolesList(java.util.Map context, CSSPrincipalIF principal)
          Deprecated. - Use CSSUserProvisioningAPIIF.getRolesListForEntry(Map, CSSPrincipalIF, String, String[], boolean)
 java.lang.String getAssertionToken()
          Purpose of this API is to return assertion Token that will be used to Assert User Identity When EPMIdentityAsserter is configured as one of the Identity Assertion providers in Weblogic Security Realm.
 com.hyperion.css.common.CssSession getCssSession()
          This API returns CssSession object.
 java.lang.String getDescription()
           Returns the description.
 java.lang.String getDisplayName()
          Currently Implementation for this API is only available in Fusion Mode
 java.lang.String[] getEmailAddress()
           Gets the email addresses for this user.
 java.lang.String getFirstName()
           Gets the first name.
 java.lang.String[] getGroupsList()
          Deprecated. Use getGroupsList(CSSPrincipalIF, boolean) instead.
 java.lang.String[] getGroupsList(CSSPrincipalIF principal, boolean indirect)
          This is an EPM mode only API.
 java.lang.String[] getGroupsList(CSSPrincipalIF principal, java.lang.String applicationId, boolean indirect)
           This is an EPM/Fusion Mode API
 com.hyperion.css.cache.CacheNodeIF[] getGroupsTree(CSSPrincipalIF principal, boolean indirect)
           Returns an array of CacheNodeIF depending on the users group association.
 java.lang.String getIdentity()
           Gets the identity of this user.
 com.hyperion.css.common.CssJpsApplicationRole[] getJPSRolesList(CSSPrincipalIF principal, java.lang.String appId, boolean returnIndirect)
          This is an Fusion/JPS mode only API.
 javax.security.auth.Subject getJpsSubject()
          This is FUSION and EPM Mode API.
 java.lang.String getLastName()
           Gets the last name.
 java.lang.String getLoginName()
           Returns the login name for this user.
 java.lang.String getPrimaryGroupID()
          This will return PrimaryGroupID for Active Directory user, which can be used to determine the PrimaryGroup for this user.
 CSSPrincipalIF getPrincipal()
           Returns the instance that represents an authenticated user.
 CSSApplicationInfoIF[] getProvisionedApplications(java.util.Map context, CSSPrincipalIF principal)
          Deprecated. - Use CSSUserProvisioningAPIIF.getProvisionedApplications(Map, CSSPrincipalIF, String, String[])
 java.lang.String[] getRolesList(CSSPrincipalIF principal, java.lang.String appId, boolean returnIndirect)
           Returns the roles associated with this user.
 java.lang.String getToken()
           Gets the token for this user.
 java.lang.String getUserGuid()
          Currently Implementation for this API is only available in Fusion Mode
 java.util.Map getUserInfo()
           Gets the user information specific to the provider.
 boolean isActive()
          This is an EPM mode only API.
 void setCssSession(com.hyperion.css.common.CssSession cssSession)
           This is FUSION Mode only API
 void setDisplayName(java.lang.String displayName)
          Currently Implementation for this API is only available in Fusion Mode
 void setJpsSubject(javax.security.auth.Subject subject)
          This is FUSION and EPM Mode API.
 void setToken(java.lang.String token)
          Deprecated. - Not a public API
 void setUserGuid(java.lang.String userGuid)
          Currently Implementation for this API is only available in Fusion Mode
 void setUserInfo(java.lang.String key, java.lang.Object value)
          Deprecated. - Not a public API
 
Methods inherited from interface com.hyperion.css.cache.CacheNodeIF
clear, getIdentifier, getMembers, getName, getParentGroups, getPrimaryGroupToken, getProviderName, isGroup
 

Field Detail

LOGIN_NAME

static final java.lang.String LOGIN_NAME

Constant that holds the name of the property for specifying the login name.

The value of this constant is "hyperion.loginName".

See Also:
Constant Field Values
Method Detail

getIdentity

java.lang.String getIdentity()

Gets the identity of this user.

The identity string has special significance in terms of being unique and stable (impervious to changes in locale). If an identity consists of a component that is fallible to localization, then it is assumed that the directory server is responsible for returning the same value for that component across invocations from multiple locales. For example: if the identity string consists of a "name" component, then it can be localized, for example, in French and English. However it is assumed that the directory service is configured to return only one of the values for use by Hyperion Applications.

Specified by:
getIdentity in interface com.hyperion.css.cache.CacheNodeIF
Returns:
String

getEmailAddress

java.lang.String[] getEmailAddress()

Gets the email addresses for this user.

Returns:
String[] - empty if there are no email addresses for this user.

getFirstName

java.lang.String getFirstName()

Gets the first name. If there is a middle name also, then it is appended to the return of this method. Returns an empty String if there is no first name included in the user's full name.

Returns:
String

getLastName

java.lang.String getLastName()

Gets the last name. Returns an empty String if there is no last name included in the user's full name.

Returns:
String

getGroupsList

@Deprecated
java.lang.String[] getGroupsList()
                                 throws CSSCommunicationException,
                                        CSSException
Deprecated. Use getGroupsList(CSSPrincipalIF, boolean) instead.

Throws:
CSSCommunicationException
CSSException

getUserInfo

java.util.Map getUserInfo()

Gets the user information specific to the provider.

While in EPM mode, the following information can be retrieved from this map:

  1. The provider can return attributes as key-value pairs. This map should contain the key LOGIN_NAMEand the value should be the login name for the user.

  2. This map should also contain the key CSSAPIIF.PROVIDER_REQUEST and the value should be the URL or the domain name of the server where this user entry was looked up (server of reference).

  3. This map should also contain the key CSSAPIIF.PROVIDER_NAME and the value should be the name of the provider where the user entry resides as specified in the configuration.

  4. This map should also contain the key CSSAPIIF.PROVIDER_TYPE and the value should be the type of the provider where the user entry resides as specified in the configuration.

While in Fusion mode, the only information that can be retrieved from this map is:

Returns:
Map containing selective information of this user.

setToken

@Deprecated
void setToken(java.lang.String token)
Deprecated. - Not a public API

getToken

java.lang.String getToken()

Gets the token for this user. The token is null if this user has not been authenticated.

Returns:
String

getRolesList

java.lang.String[] getRolesList(CSSPrincipalIF principal,
                                java.lang.String appId,
                                boolean returnIndirect)
                                throws CSSAuthorizationException,
                                       CSSCommunicationException,
                                       CSSException

Returns the roles associated with this user. This method is invoked by the Products for authorization. This requires that the complete role membership is returned for this user when the principal is the same as this user. This implies that the all the roles that this user is associated with for this project are returned when the principal represents the same entity as the user.

This method returns the roles associated to this user directly or through indirect association. This behavior is governed by the indirect parameter. Aggregate roles are also returned along with its constituents.

The EPM Shared Services global roles are returned in both the cases. Instances of global roles are "Directory Manager", "Provisioning Manager" etc.

Parameters:
principal - The caller invoking this method.
appId - The unique identifier of the application instance.
returnIndirect - If true, returns the roles associated to the user directly or indirectly through association with parent groups. If false (EPM mode only), only roles granted directly to the user are returned.
Returns:
Array of identities for the roles.
Throws:
CSSAuthorizationException - Returned if the principal does not have VIEW on the user or the project that the application is contained in.
CSSException - Any other abnormality.
CSSCommunicationException
Since:
CSS v3.0

getJPSRolesList

com.hyperion.css.common.CssJpsApplicationRole[] getJPSRolesList(CSSPrincipalIF principal,
                                                                java.lang.String appId,
                                                                boolean returnIndirect)
                                                                throws CSSAuthorizationException,
                                                                       CSSCommunicationException,
                                                                       CSSMethodNotSupportedException,
                                                                       CSSException
This is an Fusion/JPS mode only API.

Returns the direct Fusion Application roles that the underlying JPS Subject has on the specified application. Fusion Application roles are returned as Array of type CssJpsApplicationRole

Parameters:
principal -
appId -
returnIndirect -
Returns:
Array of type CssJpsApplicationRole
Throws:
CSSAuthorizationException
CSSCommunicationException
CSSMethodNotSupportedException
CSSException

getPrincipal

CSSPrincipalIF getPrincipal()

Returns the instance that represents an authenticated user. This instance is null if the user is not authenticated.

Returns:
CSSPrincipalIF
Since:
CSS v3.0

getLoginName

java.lang.String getLoginName()

Returns the login name for this user.

Returns:
String
Since:
CSS v3.0

getDescription

java.lang.String getDescription()

Returns the description.

Specified by:
getDescription in interface com.hyperion.css.cache.CacheNodeIF
Returns:
String

getGroupsList

java.lang.String[] getGroupsList(CSSPrincipalIF principal,
                                 boolean indirect)
                                 throws CSSAuthorizationException,
                                        CSSCommunicationException,
                                        CSSException
This is an EPM mode only API.

Returns the list of groups recursively. This method is invoked by the Products for authorization. This requires that the complete role membership is returned for this user when the principal is the same as this user. This implies that the all the roles that this user is associated with for this project are returned when the principal represents the same entity as the user.

This method returns both the direct and indirect associations. Please note that this query might be resource heavy, hence it is recommended to cache the results when you require a recursive group list.

Parameters:
principal - The identity of the caller. The reason for specifying this argument here is that there is an associated method for CSS v2.0. The principal has an effect on the outcome of the results of this call.
indirect -
Returns:
String[] The list of unique identities of the groups.
Throws:
CSSAuthorizationException - Returned if the principal does not have VIEW on the user or the project in which the application is contained.
CSSException - Any other abnormality.
CSSCommunicationException
Since:
CSS v3.0

getGroupsList

java.lang.String[] getGroupsList(CSSPrincipalIF principal,
                                 java.lang.String applicationId,
                                 boolean indirect)
                                 throws CSSAuthorizationException,
                                        CSSCommunicationException,
                                        CSSException

This is an EPM/Fusion Mode API

In EPM Mode following is the behavior of this method:

Returns the list of groups recursively. This method is invoked by the Products for authtorization. This requires that the complete role membership is returned for this user when the principal is the same as this user. This implies that the all the roles that this user is associated with for this project are returned when the principal represents the same entity as the user.

This method returns both the direct and indirect associations. Please note that this query might be resource heavy, hence it is recommended to cache the results when you require a recursive group list.

In Fusion Mode following is the behavior of this method:

Return String array of Group Names of which User is member of directly or indirectly. To keep the behavior of the method similar to other Fusion Application Family, Fusion applicationId passed will be ignored in computing user groups and all the groups are returned instead.

Parameters:
principal - The identity of the caller. The reason for specifying this argument here is that there is an associated method for CSS v2.0. The principal has an effect on the outcome of the results of this call.
applicationId - The id for the application.
indirect - - false is supported in EPM mode only
Returns:
String[] The list of unique identities of the groups that are provisioned to the application.
Throws:
CSSAuthorizationException - Returned if the principal does not have VIEW on the user or the project in which the application is contained.
CSSException - Any other abnormality.
CSSCommunicationException
Since:
CSS v3.0

getGroupsTree

com.hyperion.css.cache.CacheNodeIF[] getGroupsTree(CSSPrincipalIF principal,
                                                   boolean indirect)
                                                   throws CSSAuthorizationException,
                                                          CSSCommunicationException,
                                                          CSSException

Returns an array of CacheNodeIF depending on the users group association. The parents of the group can be obtained by invoking the getNextLevel().

This method returns both the direct and indirect associations depending on the value of the indirect flag specified. Please note that this query might be resource heavy, hence it is recommended to cache the results when you require a recursive group list.

Parameters:
principal - The identity of the caller. The reason for specifying this argument here is that there is an associated method for CSS v2.0. The principal has an effect on the outcome of the results of this call.
indirect - true or false. True fetches indirectly associated parents.
Returns:
CacheNodeIF[] Groups that this user belongs to.
Throws:
CSSAuthorizationException - Returned if the principal does not have VIEW on the user or the project in which the application is contained.
CSSException - Any other abnormality.
CSSCommunicationException
Since:
CSS v3.0

isActive

boolean isActive()
                 throws CSSException
This is an EPM mode only API.

Returns true if the user is active. As of Joyce (CSS 3.0) only the native users can be active or inactive. Corporate directory users are not set to be active or inactive. So this call on the corprated directory users will always return true.

Returns:
- true if the user is active, false otherwise.
Throws:
CSSMethodNotSupportedException - - if this method is not supported for a particular CSS mode.
CSSException - - if there was any other abnormality

setUserInfo

@Deprecated
void setUserInfo(java.lang.String key,
                            java.lang.Object value)
                 throws CSSIllegalArgumentException
Deprecated. - Not a public API

Throws:
CSSIllegalArgumentException

getAllRolesList

@Deprecated
com.hyperion.css.common.CSSApplicationEntry[] getAllRolesList(java.util.Map context,
                                                                         CSSPrincipalIF principal)
                                                              throws CSSException
Deprecated. - Use CSSUserProvisioningAPIIF.getRolesListForEntry(Map, CSSPrincipalIF, String, String[], boolean)

Throws:
CSSException

getProvisionedApplications

@Deprecated
CSSApplicationInfoIF[] getProvisionedApplications(java.util.Map context,
                                                             CSSPrincipalIF principal)
                                                  throws CSSException
Deprecated. - Use CSSUserProvisioningAPIIF.getProvisionedApplications(Map, CSSPrincipalIF, String, String[])

Throws:
CSSException

getCssSession

com.hyperion.css.common.CssSession getCssSession()

This API returns CssSession object.

CssSession object is constructed with information available from ApplSession or existing CSSToken object. CSS support for this API is only available in FUSION mode.

Following Session Attributes are Supported:

  1. sessionID
  2. userGuid
  3. language
  4. clientEncoding
  5. ApplicationID
  6. accessibilityMode
  7. timeFormat
  8. timeZone
  9. dateFormat
  10. groupingSeperator
  11. decimalSeperator
  12. animationEnabled
  13. embeddedHelpEnabled
  14. colorContrast
  15. fontSize

Returns:
- Returns CssSession

setCssSession

void setCssSession(com.hyperion.css.common.CssSession cssSession)

This is FUSION Mode only API

This method sets CssSession for the User. CssSession is constructed with Information available through ApplSession.

All the session information contained in CssSession, is also included in the User Token

Parameters:
cssSession -

setJpsSubject

void setJpsSubject(javax.security.auth.Subject subject)

This is FUSION and EPM Mode API.

In Fusion Mode:-

This method sets JpsSubject with Authenticated Subject available through JPS's Authentication/Assertion Modules or Weblogic Container.

In EPM Mode:-

CssJpsUtil is used to generate Subject using Authenticated CSS User's loginName along JPS Assertion.

Parameters:
subject -

getJpsSubject

javax.security.auth.Subject getJpsSubject()
                                          throws CSSException

This is FUSION and EPM Mode API.

This method returns authenticated Subject of type javax.security.Auth.Subject

Returns:
valid Subject
Throws:
CSSException

setUserGuid

void setUserGuid(java.lang.String userGuid)

Currently Implementation for this API is only available in Fusion Mode

This method sets User GUID that is obtained by searching user with username in the identity store using User/Role API. User GUID is available as UserProfile Property

Parameters:
userGuid -

getUserGuid

java.lang.String getUserGuid()

Currently Implementation for this API is only available in Fusion Mode

This method returns User GUID of authenticated User.

Returns:

setDisplayName

void setDisplayName(java.lang.String displayName)

Currently Implementation for this API is only available in Fusion Mode

This method sets User displayName that is available as displayName attribute for User in the Identity Store. User displayName property will be retrieved as property of UserProfile. If value of displayName attribute is not populated in the Identity Store User firstName appended with lastname, will be used as value for displayName. In near Future Multiple Language Support (MLS) will be available for displayName.

Parameters:
displayName -

getDisplayName

java.lang.String getDisplayName()

Currently Implementation for this API is only available in Fusion Mode

This method returns displayName for User.

Returns:
displayName attribute value for User

getAssertionToken

java.lang.String getAssertionToken()
                                   throws CSSException

Purpose of this API is to return assertion Token that will be used to Assert User Identity When EPMIdentityAsserter is configured as one of the Identity Assertion providers in Weblogic Security Realm.

To trigger EPMIdentityAsseter when configured in WLS Security Realm, Assertion Token returned by this API should be passed as Cookie or Request Header with name "ora_epm_ctg".

Returns:
Throws:
CSSException

getPrimaryGroupID

java.lang.String getPrimaryGroupID()
This will return PrimaryGroupID for Active Directory user, which can be used to determine the PrimaryGroup for this user.

Returns:
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005-2009 Oracle Corporation.