public interface DirectoryPrincipal
extends java.security.Principal
Notes:
In general, a DirectoryPrincipal is not serializable in a portable fashion.
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CLASS_VERSION |
Modifier and Type | Method and Description |
---|---|
RelativeRole |
createRelativeRole(java.lang.String pFunctionName)
Create an assignable relative role, which represents the
fulfillment of some function relative to this principal.
|
java.util.Collection |
getAccessRights()
Get all AccessRights that are associated with this principal
|
java.lang.String |
getDescription()
Return a short textual description of this principal.
|
java.util.Collection |
getEffectivePrincipals()
Get a collection of all the effective principals in the directory
with which this principal is implicitly associated.
|
java.util.Collection |
getMembers()
Get all users and organizations that are "members" of this
principal, viewing the effective-principal relationship from the
end opposite to that taken by getEffectivePrincipals().
|
java.util.Collection |
getOrganizationMembersSortOnName(int pStartIndex,
int pEndIndex,
int pSortOrder)
Get all organizations that are "members" of this
principal, viewing the effective-principal relationship from the
end opposite to that taken by getEffectivePrincipals().
|
java.lang.Object |
getPrimaryKey()
Get the primary key of a principal which can be used to retrieve
that principals from the directory.
|
RelativeRole |
getRelativeRole(java.lang.String pFunctionName)
Given the name of a logical function, obtain the corresponding
role representing that function performed relative to this
principal if it exists, otherwise return null.
|
java.util.List |
getRelativeRoles()
Obtain a set of roles that may be assumed relative to this
principal.
|
UserDirectory |
getUserDirectory() |
java.util.Collection |
getUserMembersSortOnEmailAddress(int pStartIndex,
int pEndIndex,
int pSortOrder)
Get all users that are "members" of this
principal, viewing the effective-principal relationship from the
end opposite to that taken by getEffectivePrincipals().
|
java.util.Collection |
getUserMembersSortOnFirstName(int pStartIndex,
int pEndIndex,
int pSortOrder)
Get all users that are "members" of this
principal, viewing the effective-principal relationship from the
end opposite to that taken by getEffectivePrincipals().
|
java.util.Collection |
getUserMembersSortOnLastName(int pStartIndex,
int pEndIndex,
int pSortOrder)
Get all users that are "members" of this
principal, viewing the effective-principal relationship from the
end opposite to that taken by getEffectivePrincipals().
|
java.util.Collection |
getUserMembersSortOnLogin(int pStartIndex,
int pEndIndex,
int pSortOrder)
Get all users that are "members" of this
principal, viewing the effective-principal relationship from the
end opposite to that taken by getEffectivePrincipals().
|
boolean |
hasMember(java.security.Principal pMember)
Determine whether a principal has a particular principal as one
of its members, that is, is an effective principal associated
with that entity.
|
static final java.lang.String CLASS_VERSION
java.lang.String getDescription()
java.lang.Object getPrimaryKey()
UserDirectory getUserDirectory()
java.util.Collection getEffectivePrincipals()
The order of the elements as returned by the collection's iterator is significant, as it orders the effective principals from "most specific" to "least specific" in their relationship to the original principal. An access right may granted to one effective principal but denied to another effective principal; in such cases, a security model may need to determine which principal takes precedence, and the order of this collection can be used for this purpose.
As a general policy, effective principals at greater distances in the organizational graph from the original should be less specific. Also, a role should be considered to be less specific than the effective principal that has that role. A dynamic role, being implicit and rule-based, is less specific than any roles explicitly assigned to its principal. Finally, effective principals that could be considered to have multiple rankings should be assigned the most specific of those rankings.
A
- collection of effective DirectoryPrincipalsjava.util.Collection getMembers()
Following the definition of effective principals, it follows that:
pPrincipal
- a principalgetEffectivePrincipals()
java.util.Collection getOrganizationMembersSortOnName(int pStartIndex, int pEndIndex, int pSortOrder)
Following the definition of effective principals, it follows that:
pStartIndex
- starting index of the sorted result set.pEndEndex
- end index of the sorted result set. a value of -1 sets the end index to infinite.pSortOrder
- sort order of the return set.
valid values = { UserDirectory.ASCENDING, UserDirectory.DESCENDING }getMembers()
,
getEffectivePrincipals()
java.util.Collection getUserMembersSortOnLogin(int pStartIndex, int pEndIndex, int pSortOrder)
Following the definition of effective principals, it follows that:
pStartIndex
- starting index of the sorted result set.pEndEndex
- end index of the sorted result set. a value of -1 sets the end index to infinite.pSortOrder
- sort order of the return set.
valid values = { UserDirectory.ASCENDING, UserDirectory.DESCENDING }getMembers()
,
getEffectivePrincipals()
java.util.Collection getUserMembersSortOnFirstName(int pStartIndex, int pEndIndex, int pSortOrder)
Following the definition of effective principals, it follows that:
pStartIndex
- starting index of the sorted result set.pEndEndex
- end index of the sorted result set. a value of -1 sets the end index to infinite.pSortOrder
- sort order of the return set.
valid values = { UserDirectory.ASCENDING, UserDirectory.DESCENDING }getMembers()
,
getEffectivePrincipals()
java.util.Collection getUserMembersSortOnLastName(int pStartIndex, int pEndIndex, int pSortOrder)
Following the definition of effective principals, it follows that:
pStartIndex
- starting index of the sorted result set.pEndEndex
- end index of the sorted result set. a value of -1 sets the end index to infinite.pSortOrder
- sort order of the return set.
valid values = { UserDirectory.ASCENDING, UserDirectory.DESCENDING }getMembers()
,
getEffectivePrincipals()
java.util.Collection getUserMembersSortOnEmailAddress(int pStartIndex, int pEndIndex, int pSortOrder)
Following the definition of effective principals, it follows that:
pStartIndex
- starting index of the sorted result set.pEndEndex
- end index of the sorted result set. a value of -1 sets the end index to infinite.pSortOrder
- sort order of the return set.
valid values = { UserDirectory.ASCENDING, UserDirectory.DESCENDING }getMembers()
,
getEffectivePrincipals()
boolean hasMember(java.security.Principal pMember)
pPrincipal
- a principal that might have pMember as a memberpMember
- a principal representing a user or organizationjava.util.List getRelativeRoles()
Note that an individual having a role relative to some organization need not actually belong to that organization.
The createRelativeRole() method can be used to create a new assignable role relative to this principal.
createRelativeRole(java.lang.String)
RelativeRole getRelativeRole(java.lang.String pFunctionName)
pFunctionName
- the logical name of a function relative to
this principalRelativeRole createRelativeRole(java.lang.String pFunctionName) throws DirectoryModificationException
For instance, an relative role created for the organization "ATG Sales" and the function name "Content Admin" has the semantics of "Content Admin for ATG Sales". The resulting role can be examined with getOrganization() and getFunctionName() to find both the organization and function whose intersection it represents.
If the specified relative role already exists, it is simply returned, without any modification to the directory having taken place.
pFunctionName
- the logical name of a function relative to this principalDirectoryModificationException
- occurs if the operation fails
unexpectedly; a nested exception provides details.java.util.Collection getAccessRights()