Skip navigation links

Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services
11g Release 1 (11.1.1)

Interface ApplicationPolicy

All Superinterfaces:
JavaPolicy, PolicyMgmt

public interface ApplicationPolicy
extends JavaPolicy, PolicyMgmt

The class represents an application in which entity objects and policies are created.

release specific (what release of product did this appear in)
$Header: jazn/jps/src/jps-api/oracle/security/jps/service/policystore/ jishang_fixingjavadoc/1 2012/11/13 03:43:48 jishang Exp $

Method Summary
 void addPrincipalToAppRole(PrincipalEntry principalEntry, java.lang.String appRoleName)
          Adds this principal as member to this app role
 void addPrincipalToAppRole( principal, java.lang.String appRoleName)
          Adds this principal as member to this app role
 void alterAppRole(java.lang.String appRoleName, java.lang.String newDescription, java.lang.String newDisplayName)
          Alters an application Role's display Name and description These paramters are not used to compare two application roles for similarity An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to Description or Display Name will replace previous Description/ Display Name with "null"
 void alterAppRoleCategory(java.lang.String appRoleName, java.lang.String newCategory)
          Alters an application Role's category An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to category will replace previous category with "null"
 boolean containsAppRole(java.lang.String appRoleName)
          checks if this app role exists.
 boolean containsPrincipalAsMember(java.lang.String appRoleName, principal)
          Checks if this principal is a member of this app role
 void createAppRole(java.lang.String appRoleName, java.lang.String displayName, java.lang.String desc, ExtendedProperty appRoleAttributes)
          Creates the requested application role in the policy store with extended attributes.
 void createAppRole(java.lang.String appRoleName, java.lang.String displayName, java.lang.String desc, java.lang.String guid)
          Creates the requested application role in policy store.
 void createAppRole(java.lang.String appRoleName, java.lang.String displayName, java.lang.String desc, java.lang.String guid, ExtendedProperty appRoleAttributes)
          Creates the requested application role in the policy store with extended attributes.
 java.util.List<AppRoleEntry> getAllAppRoleEntries()
          Returns all app role entries
 java.util.List<JpsApplicationRole> getAllAppRoles()
          Returns the list of all the application roles in this application context.
 java.util.List<AppRoleEntry> getAllGrantedAppRoleEntries( principal)
          Returns all the granted app role entries for this principal where the principal is either a direct member or indirect member through other app roles.
 java.util.List<JpsApplicationRole> getAllGrantedAppRoles( principal)
          Returns all the granted app roles for this principal where the principal is either a direct member or indirect member through other app roles.
 java.lang.String getApplicationDescription()
          Get the Application Description.
 java.lang.String getApplicationDisplayName()
          Get the Application Display Name.
 java.lang.String getApplicationName()
          Return the application Name
 java.lang.String getApplicationUniqueName()
          Return the application UniqueName
 java.util.List<> getAppRolesMembers(java.lang.String appRoleName)
          Returns the list of principals granted to this application role.
<T extends EntityManager>
getEntityManager(java.lang.Class<T> klass)
          Get the entity manager.
 java.util.List<JpsApplicationRole> getGrantedAppRoles( principal)
          Returns all the granted app roles for this principal where the principal is a direct member of the App Role.
 java.lang.String getName()
          Get the name of this application.
 java.lang.String getVersion()
          Returns the application version.
 void removeAppRole(java.lang.String appRoleName)
          Removes the application role from policy store.
 void removeAppRole(java.lang.String appRoleName, boolean force)
          Removes the application role from policy store.
 void removePrincipalFromAppRole(PrincipalEntry principalEntry, java.lang.String appRoleName)
          Removes this principal from this appRoleName
 void removePrincipalFromAppRole( principal, java.lang.String appRoleName)
          Removes this principal from this appRoleName
 java.util.List<AppRoleEntry> searchAppRoles(java.lang.String appRoleName)
          This method returns a list of application roles by an app role name.
 java.util.List<AppRoleEntry> searchAppRoles(java.lang.String roleAttrName, java.lang.String roleAttrNameVal, boolean inequality)
          This method searches application roles by an attribute and its value.
 void setVersion(java.lang.String version)
          Set the application version in memory.


Methods inherited from interface
getPermissions, getPermissions, getPermissions, getPermissions, getPermissions, hasPermission, implies, refresh


Methods inherited from interface
getGrantEntries, grant, grant, modifyGrant, revoke, revoke


Method Detail


boolean containsAppRole(java.lang.String appRoleName)
                        throws PolicyStoreException
checks if this app role exists.
appRoleName - - name of the app role
true, if this app role exists, false otherwise
PolicyStoreException - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.


void createAppRole(java.lang.String appRoleName,
                   java.lang.String displayName,
                   java.lang.String desc,
                   java.lang.String guid,
                   ExtendedProperty appRoleAttributes)
                   throws PolicyObjectAlreadyExistsException,
Creates the requested application role in the policy store with extended attributes.

Standard attributes supplied as parameters in this api ( DISPLAY_NAME, DESCRIPTION and GUID) cannot be part of the extended attributes.

The following code fragment illustrates how to construct the extended attributes:

     ExtendedProperty  ep = new ExtendedProperty();
     String attribute =;
     List < String > values = new ArrayList< String >();
     values.add( "user-defined-value");
     ep.setProperty(attribute, values);

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "createAppRole"). This may result in an AccessControlException or SecurityException

appRoleName - name of the application role
displayName - diplay name of the application role
desc - description of the application role
guid - guid of the application role
appRoleAttributes - - Extended attributes for the application role
PolicyObjectAlreadyExistsException - if the role already exists.
PolicyStoreException - if the policy store provider reports an error while creating the role.
java.lang.IllegalArgumentException - if the standard attributes are part of
java.lang.NullPointerException - if the application name is empty. the extendedAttributes.
See Also:
for a list of valid extended attributes.


void createAppRole(java.lang.String appRoleName,
                   java.lang.String displayName,
                   java.lang.String desc,
                   java.lang.String guid)
                   throws PolicyObjectAlreadyExistsException,
Creates the requested application role in policy store.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "createAppRole"). This may result in an AccessControlException or SecurityException

appRoleName - - name of the app role
displayName - - diplay name of the app role
desc - - description of the app role
guid - - guid of the app role
PolicyObjectAlreadyExistsException - - if this application role already exists
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.


void createAppRole(java.lang.String appRoleName,
                   java.lang.String displayName,
                   java.lang.String desc,
                   ExtendedProperty appRoleAttributes)
                   throws PolicyObjectAlreadyExistsException,
Creates the requested application role in the policy store with extended attributes.

Standard attributes supplied as parameters in this api ( DISPLAY_NAME and DESCRIPTION) cannot be part of the extended attributes.

The following code fragment illustrates how to construct the extended attributes:

     ExtendedProperty  ep = new ExtendedProperty();
     String attribute =;
     List < String > values = new ArrayList< String >();
     values.add( "user-defined-value");
     ep.setProperty(attribute, values);

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "createAppRole"). This may result in an AccessControlException or SecurityException

appRoleName - name of the application role
displayName - diplay name of the application role
desc - description of the application role
appRoleAttributes - - Extended attributes for the application role
PolicyObjectAlreadyExistsException - if the role already exists.
PolicyStoreException - if the policy store provider reports an error while creating the role.
java.lang.IllegalArgumentException - if the standard attributes are part of
java.lang.NullPointerException - if the application name is empty. the extendedAttributes.
See Also:
for a list of valid extended attributes.


void removeAppRole(java.lang.String appRoleName)
                   throws PolicyObjectNotFoundException,
Removes the application role from policy store.

This is equivalent to calling removeAppRole(appRoleName, true).

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "removeAppRole"). This may result in an AccessControlException or SecurityException

appRoleName - - name of the app role to remove
PolicyObjectNotFoundException - - if this app role does not exist
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.


void removeAppRole(java.lang.String appRoleName,
                   boolean force)
                   throws ApplicationRoleInUseException,
Removes the application role from policy store. If force is false, this method checks If any of the above conditions are true, then this operation throws an ApplicationRoleInUseException with the cause. If force is true, then this method

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "removeAppRole"). This may result in an AccessControlException or SecurityException

appRoleName - - name of the app role to remove
ApplicationRoleInUseException - - if the application role is in use as described above.
PolicyObjectNotFoundException - - if this application role does not exist
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.


boolean containsPrincipalAsMember(java.lang.String appRoleName,
                                  throws PolicyObjectNotFoundException,
Checks if this principal is a member of this app role
appRoleName - - the app role name
principal - - the principal name
true if this principal is a member of this appRoleName, false otherwise
PolicyObjectNotFoundException - - if this appRoleName itself does not exist
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principal is null.


void addPrincipalToAppRole( principal,
                           java.lang.String appRoleName)
                           throws PolicyObjectNotFoundException,
Adds this principal as member to this app role

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "addPrincipalToAppRole"). This may result in an AccessControlException or SecurityException

principal - - the principal to add
appRoleName - - the app role
PolicyObjectNotFoundException - - if this appRoleName itself does not exist
PolicyObjectAlreadyExistsException - - if this principal is already a member of this app role
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principal is null.


void addPrincipalToAppRole(PrincipalEntry principalEntry,
                           java.lang.String appRoleName)
                           throws PolicyObjectNotFoundException,
Adds this principal as member to this app role

Use this method when it is not possible to create a Principal representation of the principalEntry. Typically, this may arise if the Java class that implements the principalEntry is not in the current Class Path. For well known JpsPrincipal types, you must use the other version of this API that takes the Principal parameter.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "addPrincipalToAppRole"). This may result in an AccessControlException or SecurityException

principalEntry - - the principal to add
appRoleName - - the app role
PolicyObjectNotFoundException - - if this appRoleName itself does not exist
PolicyObjectAlreadyExistsException - - if this principal is already a member of this app role
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principal is null.

If either the Principal class name or the Principal name is null (or an empty String) in the PrincipalEntry, then the principalEntry is considered to be null.


void removePrincipalFromAppRole( principal,
                                java.lang.String appRoleName)
                                throws PolicyObjectNotFoundException,
Removes this principal from this appRoleName

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "removePrincipalFromAppRole"). This may result in an AccessControlException or SecurityException

principal - - the principal to be removed
appRoleName - - the app role name
PolicyObjectNotFoundException - - if this principal does not exist in this appRoleName
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principal is null.


void removePrincipalFromAppRole(PrincipalEntry principalEntry,
                                java.lang.String appRoleName)
                                throws PolicyObjectNotFoundException,
Removes this principal from this appRoleName

Use this method when it is not possible to create a Principal representation of the principalEntry. Typically, this may arise if the Java class that implements the principalEntry is not in the current Class Path. For well known JpsPrincipal types, you must use the other version of this API that takes the Principal parameter.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "removePrincipalFromAppRole"). This may result in an AccessControlException or SecurityException

principalEntry - - the principal to be removed
appRoleName - - the app role name
PolicyObjectNotFoundException - - if this principal does not exist in this appRoleName
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty or principalEntry is null.

If either the Principal class name or the Principal name is null (or an empty String) in the PrincipalEntry, then the principalEntry is considered to be null.


java.util.List<AppRoleEntry> getAllAppRoleEntries()
                                                  throws PolicyStoreException
Returns all app role entries
- the list of all app role entries
PolicyStoreException - - if there is an error during this operation


java.util.List<AppRoleEntry> getAllGrantedAppRoleEntries( principal)
                                                         throws PolicyStoreException
Returns all the granted app role entries for this principal where the principal is either a direct member or indirect member through other app roles.
principal - - the principal to find the granted app role for
- the list of granted app role entries for this principal
PolicyStoreException - - if there is an error during this operation


java.util.List<JpsApplicationRole> getGrantedAppRoles( principal)
                                                      throws PolicyStoreException
Returns all the granted app roles for this principal where the principal is a direct member of the App Role.
principal - - the principal to find the granted app role for
- the list of granted app roles for this principal or null if there are no granted roles
PolicyStoreException - - if there is an error during this operation


java.util.List<JpsApplicationRole> getAllGrantedAppRoles( principal)
                                                         throws PolicyStoreException
Returns all the granted app roles for this principal where the principal is either a direct member or indirect member through other app roles.
principal - - the principal to find the granted app role for
- the list of granted app roles for this principal
PolicyStoreException - - if there is an error during this operation


java.util.List<AppRoleEntry> searchAppRoles(java.lang.String appRoleName)
                                            throws PolicyStoreException
This method returns a list of application roles by an app role name.
appRoleName - This is the value for the above attribute.

The value can be a regular expression. The Regular Expression supports the '*' wildcard character. An example would be 'app*Role'.

the List of AppRoleEntries or null if no matching roles found
PolicyStoreException - if there is an underlying provider error.
java.lang.IllegalArgumentException - if the appRoleName is null or empty.


java.util.List<AppRoleEntry> searchAppRoles(java.lang.String roleAttrName,
                                            java.lang.String roleAttrNameVal,
                                            boolean inequality)
                                            throws PolicyStoreException
This method searches application roles by an attribute and its value.
roleAttrName - Role attribute name to search by. Attribute name is case-insensitive.
roleAttrNameVal - This is the value for the above attribute.

The value can be a regular expression. The wild card character '*' is supported. An example would be 'user*defined*value'.

Attribute values are case-sensitive.

Not all ApplicationRoleAttributes are supported. For example, search by following attributes is supported:

Otherwise, PolicyStoreException is thrown.
The following attributes are supported on LDAP only.
Please refer to AppRoleManager.getAppRoles( for DB support
inequality - boolean value.
  • If inequality is true, then the application roles where the roleAttrName whose value is not equal to the roleAttrNameVal are returned.
  • If inequality is false, then the application roles where the roleAttrName whose value is equal to the roleAttrNameVal are returned.
  • The default value is FALSE
the List of AppRoleEntries or null if no matching roles found
PolicyStoreException - if there is an underlying provider error.
java.lang.IllegalArgumentException - if the roleAttrName is null, or the roleAttrNameVal is not a valid regular expression.
See Also:
for a list of valid attributes.


java.util.List<> getAppRolesMembers(java.lang.String appRoleName)
                                                           throws PolicyObjectNotFoundException,
Returns the list of principals granted to this application role. This includes Application roles that are direct members of this role, but not Application Roles that are indirect members of this role.
appRoleName - - the application role name
List of principals granted to this App role. Empty list if none granted this role.
PolicyObjectNotFoundException - - if this appRoleName does not exist in policy store
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.


java.util.List<JpsApplicationRole> getAllAppRoles()
                                                  throws PolicyStoreException
Returns the list of all the application roles in this application context.
the list of app roles
PolicyStoreException - - if there is an error during this operation


void alterAppRole(java.lang.String appRoleName,
                  java.lang.String newDescription,
                  java.lang.String newDisplayName)
                  throws PolicyObjectNotFoundException,
Alters an application Role's display Name and description These paramters are not used to compare two application roles for similarity An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to Description or Display Name will replace previous Description/ Display Name with "null"

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "alterAppRole"). This may result in an AccessControlException or SecurityException

appRoleName - - the app role name
newDescription - - new description of the app role
newDisplayName - - new display name of the app role
PolicyObjectNotFoundException - - if this app role does not exist in policy store
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.


void alterAppRoleCategory(java.lang.String appRoleName,
                          java.lang.String newCategory)
                          throws PolicyObjectNotFoundException,
Alters an application Role's category An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to category will replace previous category with "null"

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's Stripe id", "alterAppRoleCategory"). This may result in an AccessControlException or SecurityException

appRoleName - - the app role name
newCategory - - new category of the app role
PolicyObjectNotFoundException - - if this app role does not exist in policy store
PolicyStoreException - - if there is an error during this operation
java.lang.NullPointerException - if the application name is empty.


java.lang.String getApplicationName()
Return the application Name
app Name


java.lang.String getApplicationUniqueName()
Return the application UniqueName
app uniqueName


java.lang.String getApplicationDisplayName()
Get the Application Display Name. Will throw PolicyStoreIncompatibleVersionException if PS3 schema is not supported.
application display name


java.lang.String getApplicationDescription()
Get the Application Description. Will throw PolicyStoreIncompatibleVersionException if PS3 schema is not supported.
application descrption


java.lang.String getName()
Get the name of this application.
application name


void setVersion(java.lang.String version)
Set the application version in memory.

Supply null to remove the version.

To persist the changes in the store, use PolicyStore.modifyApplicationPolicy(ApplicationPolicy) To prevent multiple threads from updating the version concurrently in the store for the same application, the method PolicyStore.modifyApplicationPolicy(ApplicationPolicy) should be called called immediately after this method.


java.lang.String getVersion()
Returns the application version. Will return null if the application version is not available
the application version. Will return null if the application version is not available


<T extends EntityManager> T getEntityManager(java.lang.Class<T> klass)
Get the entity manager.
klass - the interface class that extends an EntityManager
An instance of the requested EntityManager

Skip navigation links

Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services
11g Release 1 (11.1.1)


Copyright © 2013 Oracle. All rights reserved.